Copy link
1. Introduction
This manual serves as a guide to successfully complete the Bit4id Kit installation process for the use of cryptographic cards and the procedure for accessing the management application. The Bit4id Kit consists of the following components:
- Bit4id Middleware: libraries that allow a any Operating System application to operate with cryptographic cards.
- Bit4id - PKI Manager: application for a card management, which allows you to perform operations such as a PIN change o PUK, PIN unlocking, obtaining information about the card, importing o exporting certificates…
This manual will guide you in a simple way through the installation process i using the Bit4id Kit.
1.1. A who is this document addressed to?
End users, who will use chip cards in Windows environments
2. Before you start
Make sure you have:
- A standard, PC/SC compatible card reader that is properly connected, installed, and configured. Follow the instructions provided by the reader manufacturer to verify installation and proper operation.
- The latest version of the Bit4id Kit . Link to <a href="https://cdn.bit4id.com/es/AOC/middleware/Bit4id_AOC_Middleware.exe" rel="noopener noreferrer" target="_blank">download the latest version
- To be able to perform the installation, it is essential to have Administrator permissions . If you do not have them, the installation will be denied.
3. Installation
If necessary, you will need to download and install the drivers so that your computer can recognize the reader you have purchased. To do this, go to the official website of the reader manufacturer.
Follow the instructions provided by the reader manufacturer to a verify its correct installation i operation.
If you purchase a bit4id reader, if your Windows version is equal to o higher a Windows 7, you do not need to install any drivers.
If your operating system does not recognize the reader, download the reader drivers (<a href="https://cdn.bit4id.com/es/AOC/drivers/Bit4id_drivers_Windows.zip">https://cdn.bit4id.com/es/AOC/drivers/Bit4id_drivers_Windows.zip ) .
3.1. PKI Manager Installation Wizard
- Addressa't a the folder where you downloaded the file i execute'l.
- Follow the steps of l'installer.
- Once the PKI Manager installation is complete, restart your computer.
Once the restart is complete, open the l'application.
This is how it looks without any devices connected:
- With the lapplication open, connect the a reader to a i USB port then insert the card. You can also do this process by connecting the a token to a USB port.
4. Unattended installation (for a advanced users)
WARNING: This procedure is only for a specific cases where you have been explicitly instructed to do so. Most users should not perform an unattended installation.
To perform an unattended installation, simply enter the linstaller command box, passing it as a parameter “/S”.
WARNING: a Due to the interaction limitations of an unattended installation, you must remove previous incompatible versions o before proceeding. You must also force a restart of the machine once the installation is complete.
5. Problems during installation
You may have previous versions of the l'card management application (Bit4id PKI Manager) installed on your computer, so you will be asked to remove previous versions before running the l'installer. Remove these versions i return a run the l'installer.
- To remove previous versions a Windows XP , go to the Start menu > Control Panel > Add o Remove Programs > Bit4id PKI Manager x.x.x.x (where x.x.x.x represents the installed version number)
- To remove previous versions a Windows Vista o 7 , go to the Start menu > Control Panel > Uninstall a program > Bit4id PKI Manager x.x.x.x (where x.x.x.x represents the installed version number)
- To remove previous versions a Windows 8 , go to the right-side menu > Settings > Control Panel > Uninstall a program > Bit4id PKI Manager x.x.x.x (where x.x.x.x represents the installed version number)
- To remove previous versions a Windows 10 go to the Start menu > Control Panel > Programs i Features > Bit4id - Universal MW x.x.x.x (where x.x.x.x represents the installed version number)
- To remove previous versions a Windows 11 go to the Start menu > Control Panel > Programs i Features > Bit4id - Universal MW x.x.x.x (where x.x.x.x represents the installed version number)
6.End of installation
Once the installation process is complete, a shortcut to the Bit4id PKI Manager (Card Management) application will be created on your desktop, which will allow you to perform any type of operation with it.
You can also access the Bit4id PKI Manager application through the Home section.
7. Access a l'application
L'Bit4id PKI Manager application is accessible from l'desktop by clicking on:
Likewise, you can access the a l Card Management application a through:
- a Windows 8 o 10 , go-to the Start menu > All apps > Bit4id PKI Manager
- a Windows 11 , go-to the Start menu > All apps > Bit4id PKI Manager
8. Functionalities
LThe Bit4id PKI Manager application has multiple functionalities accessible from the main screen.
IMPORTANT: Bit4id PKI Manager comes by default with the user version. To have all its features, you must switch to the administrator version using the command: Ctrl+A
PKI Manager admin version:
8.1. Functionality tables
Basic functionalities:
Basic functionality table
| Function | Description |
|---|---|
| Unlock PIN | Function to unlock the card PIN. |
| Change PIN | Function to change the card PIN. |
| Change PUK | Function to change the card PIN. |
| Login/Logout | Function for Login/Logout a the card. |
| Device information | Tab where we will find the description of the device connected to the i card. |
| Certificates | Tab where we will find the CA user certificates loaded on the card. |
To access a the extra features you must click a:
Extra features:
Extra features table
| Function | Description |
|---|---|
| Login/Logout | Start o Log out of card content. |
| Refresh content | Refresh the token/card content to see new certificates. |
| Change device name | Define the name under which the device appears. |
| Change PIN | Function to change the card PIN. |
| Unlock PIN | Function to unlock the card PIN using the card's PUK. |
| Change PUK | Function to change the card's PUK. |
| Import a certificate | Function to import a a card certificate. |
| Erase device | Function to delete ALL i certificates and keys from the card token. |
- Log in
To access a any functionality offered by the software, you must enter the card PIN.
- Change PIN
To change your PIN, enter your card PIN i enter your new PIN. The new PIN must be between 4 i and 16 alphanumeric digits.
- Unlock PIN
To unblock the PIN, enter the PUK of the card i enter the new PIN. The new PIN must be between 4 i and 16 alphanumeric digits.
- Change PUK
Enter the old PUK of the card i the new PUK. The new PUK must be between 4 i and 16 alphanumeric digits.
- Import
This option allows the import of certificates a the card. The formats accepted by a the import of certificates on the card .p12 o .pfx since these formats include the private key of the certificate, essential for performing cryptographic operations.
To start the import, first select the certificate from your location, as shown in the following image:
Once the certificate is selected, press “Open”:
The system will ask you for the password of the PFX file o P12 (certificate i private key thereof) that you want to import, i which contains its certificate i key pair. Insert-the i complete the import options according to your convenience, where:
– Import certificates without associated key pair: allows you to import the entire certification hierarchy included in the PFX file o P12. We recommend NOT CHECKING this option.
– Define PKCS#11 CKA_ID: identifier that certain applications use a l'when displaying the certificate. We recommend entering a useful identifying value, for example pedro_firma, pedro_acceso, pedro_cifrado, etc.
I the certificate import will be complete:
If you want to check that the certificate has been correctly saved, remember that you can review all the certificates stored on the a card through the l'View option of Bit4id PKI Manager.
- Certificate details (Certificates)
Once the card PIN is entered, you can view the certificates inside. A the pop-up window that displays l'application, you can view information about the previously selected certificate
- Card information (device information)
It offers detailed information about the card: model, serial number, manufacturer label.
It is possible that support (<a href="mailto:soporte@bit4id.com">soporte@bit4id.com ) asks you for this information to find out the type of card you are using.
9. Additional checks in case of malfunction
The results of the following checks are necessary for a the resolution of any type of incident. These results must be reported to the technical department in the event of any incident related to l'use of your stored certificates a the cards. This will reduce the resolution time of the same.
9.1. Checking the loading of certificates in the Windows store
Make sure you have:
- Card reader connected to the a machine
- Smart card inserted into the reader
- At least one certificate stored on the a card
This test aims to verify the correct loading of the card certificates into the Windows certificate store, which is essential for a l'use of our certificates in Microsoft applications.
That's why you have to open this warehouse:
- a Windows 8 o 10, go to the Start menu > Enter certmgr.msc
- a Windows 11, go-to the Start menu > Enter certmgr.msc
Once the window is executed, open the Personal folder i then the Certificates folder as i
as shown in the following image:
If you are shown information regarding your card's certificates, the check will have been completed satisfactorily.
If they are not imported automatically, you can force it as follows:
9.2. Checking the upload of certificates to the Firefox store
If you have a your machine has l Mozilla Firefox browser in any of its versions, also perform the following test:
- Open Mozilla Firefox, go to a
-> Options 
Preferences - A l'section of
Privacy i Security, search l'certificates section i click a View certificates…
- Enter your card PIN
- Once you have entered the PIN, go to the View Certificates tab as shown below.
If you are shown information regarding your card certificates, the verification will be required.
completed satisfactorily.
NOTE: a in addition to the results of the checks set out in this section, indicates to the
technical department the version of the Bit4id Kit. To find out the version of your kit follow the instructions
set out in the following Frequently Asked Questions section, specifically in the answer to the
Question How can I check that I have the latest versions of the Bit4id Kit?
10. Frequently asked questions
What can happen if, using Card Manager, I get the error message “C_OpenSession a due to l'error 0x1”?
Consult with the card provider (Certification Authority) about l the status of the card, indicating all the steps that a have been taken.
What can happen if, using Card Manager, I get the error message “C_Login a due to l'error 0x5”?
Your card PIN code may be in an inconsistent state. Try changing it. If the error persists, contact your card provider (Certificate Authority) about the status of your card, indicating all the steps you have taken.
What can happen if when trying to change the card PIN you get the error message “C_SetPIN a cause of l'error 0x6”?
Check that the new PIN is between 6 i and 8 alphanumeric digits.
Can I combine núonly i letters for the núonly PIN of the card?
Sí, there is no problem, as long as the new PIN is between 6 i 8 digits.
There is a maximum number of PIN entries in case you have any questions i don't remember my númere PIN? When can the card be blocked?
If you enter the PIN code incorrectly more than 3 times, it will be blocked. Follow the "Unblock PIN" steps above to unblock-it.
Is there a maximum number of PUK insertions to try to unblock the PIN? What happens if the card is blocked?
If you enter the PUK code incorrectly more than 3 times, it is blocked. For security reasons, the card is completely blocked.
How can I check that I have the latest versions of the Bit4id Kit?
- To check the installed version easily in Windows XP, go to the Start menu > Control Panel > Add o Remove Programs > Bit4id PKI Manager Admin x.x.x.x (where x.x.x.x represents the installed version number)
- A Windows Vista o 7, go to the Start menu > Control Panel > > Uninstall a program > Bit4id PKI Manager Admin x.x.x.x (where x.x.x.x represents the installed version number)
- A Windows 8 o 10, go to the right side menu > Settings > Control Panel > Uninstall a program > Bit4id PKI Manager Admin x.x.x.x (where x.x.x.x represents the installed version number)
- A Windows 11, go to the right side menu > Settings > Control Panel > Uninstall a program > Bit4id PKI Manager Admin x.x.x.x (where x.x.x.x represents the installed version number)
What can happen if when I run the Bit4id Kit installer I have a previous version installed on my computer?
It is always advisable to remove previous versions before installing. i However, l'installer is designed to automatically detect-and i remove previous versions. Follow the on-screen instructions carefully.
11. Glossary
Certification Authority: is l'trusted entitya, responsible for issuing i revoke electronic certificates, used a the electronic signature. L'Certification Authority, by itself o through the intervention of a Registration Authority, verifies the identity of the applicant for a certificate before its issuance o, in the case of certificates issued with the condition of revoked, eliminates the revocation of the certificates by checking this identity.
Expiration of the digital certificate: the digital certificate has a validity period that is stated on the certificate itself. It is generally 2 years, although by law a validity of up to a 5 years is allowed. Once the certificate has expired, the services offered by l'Administration that require an electronic signature cannot be used, i any electronic signature made a from that moment on will not be valid.
Digital certificate: document on computer media issued i signed by l'Certification Authority, which guarantees the identity of the owner.
Recognized certificate: certificate issued by a Certification Service Provider that meets the requirements established a the Law regarding a verification of the identity i other circumstances of the applicants and the reliability i guarantees of the certification services they provide, in accordance with the provisions of Chapter II of TTitle II of Law 59/2003, of 19 December, on electronic signatures.
Electronic signature: set of data, in electronic form, annexed a other electronic data o functionally associated with them, used as a means to formally identify l'author o the authors of the document that contains it. There are 3 types of electronic signature: simple, advanced i recognized electronic signature.
Simple electronic signature: set of data, in electronic form, annexes a other data.
Advanced electronic signature: electronic signature that allows the signatory to be identified i and any subsequent changes to the signed data to be detected, which is uniquely linked to the signatory and to the data a referred to i that has been created by means that the signatory can maintain under their exclusive control.
Recognized electronic signature: an advanced electronic signature based on a recognized i certificate generated by a secure signature creation device is considered a recognized electronic signature. The recognized electronic signature will have the same value with respect to data recorded electronically as a handwritten signature with respect to data recorded on paper.
Hash function: it is an operation that is performed on a data set of any size, so that the result obtained is another data set of fixed size, regardless of the original size, i which has the property of being uniquely associated a with the initial data, that is, it is impossible to find two different messages that generate the same result when applying the hash function.
Hash o fingerprint: fixed-size result obtained after applying a hash function a to a message i that meets the property of being uniquely associated a with the initial data.
Integrity: integrity is the quality possessed by a document o file that has not been altered i which a also allows verification that no manipulation has occurred in the original document.
Certificate Revocation Lists o Revoked Certificate Lists: list containing exclusively the lists of suspended revoked certificates o (not expired ones).
Non-repudiation: l'sender who electronically signs a document will not be able to deny that he sent the original message, since it is imputable to the a l'sender through the private key that only he knows i and is obliged to a keep. Non-repudiation also allows a to verify who participated in a transaction.
Non-repudiation o non-repudiation is a security service closely related to l'authentication i that allows to prove the participation of the parties in a communication. The essential difference with l'authentication is that the former occurs between the parties establishing the communication i the non-repudiation service occurs before a third party
Certification Service Provider o PSC: natural person o legal entity that issues electronic certificates o provides other services in relation to electronic signatures. See Certification Authority.
PIN: sequence of characters that allow access to certificates. NúPersonal Identification Number, sometimes called NIP.
PUK: sequence of characters that allow the change o unblocking of the PIN. Personal Unblocking Key.
Renewal: Renewal consists of a requesting a new certificate using a valid certificate that is a about to expire. In this way, before the expiration of a certificate you can request renewal i which implies that a new valid certificate is issued.
Revocation: definitive cancellation of a digital certificate a request of the subscriber, o on the initiative of the l'Certification Authority in case of doubt about the security of the keys. Revocation is an irreversible state. You can request the revocation of a certificate after a suspension situation o by the will of the authorized persons a requesting-it. Similarly, in the case of a suspended certificate, if the maximum suspension period has passed, if the certificate has not been enabled, it becomes a definitively revoked. When l'certification entity revokes o suspends a certificate, it must state a the Certificate Revocation Lists (CRL), to make this fact public. These lists are public and must always be available.
Smart card: any card with integrated circuits that allow the execution of certain programmed logic.