Using an A3 Certificate with Chilkat

What is an A3 Certificate?

An A3 Certificate is a digital certificate that is stored on a hardware security device, such as:

  • Smart Cards
  • USB Tokens
  • HSM (Hardware Security Modules)

Unlike A1 certificates, which are stored on local machines (software-based), A3 certificates require physical access to the device to perform cryptographic operations like signing or encryption. This makes them more secure against unauthorized access.

How to Use an A3 Certificate in an application with Chilkat

There are several approaches to using an A3 Certificate in an application using Chilkat:

Cert.LoadFromSmartcard

Call Cert.LoadFromSmartcard to enable Chilkat to automatically detect connected devices and select the most appropriate method for accessing the chosen certificate on the selected device. Depending on the operating system and device vendor, Chilkat may internally opt to use PKCS11 with a vendor-specific PKCS11 driver, macOS's Keychain Services, ScMinidriver on Windows, or Microsoft CNG/CryptoAPI on Windows. You can provide a certificate selection criteria string to LoadFromSmartcard, allowing Chilkat to choose a certificate that matches criteria like Common Name or Serial Number. If the criteria string is empty, Chilkat will load the first certificate with a corresponding private key stored on the device.

CertStore.OpenSmartcard

Call CertStore.OpenSmartcard to detect connected devices and enable the application to use CertStore methods for searching or iterating through certificates on all open devices. Chilkat will automatically select the most suitable method for accessing each device, such as PKC11, macOS KeyChain Services, ScMinidriver, or MS CNG/CryptoAPI.

Chilkat Pkcs11

Use the Chilkat Pkcs11 class for direct interaction with your device. This lower-level API provides greater control and flexibility for devices that support PKCS11, especially if other methods have failed. Chilkat PKCS11 is compatible with Windows, macOS, and Linux. If your device is incompatible with Cert.LoadFromSmartcard or CertStore.OpenSmartcard, contact Chilkat for assistance.

Chilkat ScMinidriver

To interact directly with a device on Windows, use the Chilkat ScMinidriver class if you have the vendor's ScMinidriver device driver.