Autofirma uses the JMulticard library by default to make use of the DNIe. Card drivers installed on the system will only be used if the user deactivates the use of JMulticard from the desktop interface or if an error occurs while loading the library, such as when you do not cancel any of your dialogs. In those cases, the CSP or PKCS#11 controller of the card will be used according to the selected certificate store.

The DNIe and the controllers that support it are developed in accordance with various safety regulations, including the European standard EN14890. This standard defines the need for the PIN of the DNIe to be presented to each of the signing operations.

By default, Autofirma will request the PIN of your DNIe for each signing operation, but, when the DNIe driver, the operation and the user allow it, you can keep the secure channel open with a card to perform several signing operations without having to reinsert the PIN. This is what happens when JMulticard is used and the "Remember password during session" option is marked in a massive operation from the desktop. In the case of signatures from the web browser, the web application requesting the signature must have expressly requested that the same certificate be reused for all signatures for this option to take effect.

Note that counter-signing a document with multiple signatures may involve multiple signing operations, even if only a single electronic signature is generated. Thus, these types of signatures may require the user to insert several times the PIN of their DNIe if the user has not selected the option to allow remembering their password.

Autofirma asks for the card’s PIN before listing the certificates from the store and asking the user to indicate which certificate they want to use to sign. This behavior emulates that of the PKCS#11 controllers of the cards where the PIN is needed to list the certificates contained by the card and follows the logic that if a user has inserted the DNIe into the reader it is because he wants to use it. When the user inserts the PIN, their certificates are listed and the secure channel with the card is opened and, at the time of signing, this secure channel is used to perform the signing operation. The secure channel is then closed.

Signing operations performed subsequently from the same Autofirma instance, will request the PIN of the card only at the time of signing, at which time the secure channel with the card will be reopened.

If the store were reloaded via the appropriate option in the certificate selection dialog, the controller would restart and re-request the card PIN to list the certificates.

Autofirma generally uses the JMulticard library to make use of the DNIe. It is this library that detects that a DNIe is inserted into a reader and displays the PIN insertion dialog. In case the user cancels this dialog, the use of JMulticard is skipped and the list of available certificates is requested from the key store. In the case of the Windows store, if the DNIe driver is installed on the system, the store itself will return the DNIe certificates to us as part of the system certificates. That’s why they continue to appear in the certificate selection dialog.

The certificate of signature of the DNIe is an optional certificate that will never be included in the DNIe of minors and could also not be included when the user has not explicitly expressed his desire to have it at the time of issuing the DNIe at the police station.

If you find that Autofirma or any other software allows you to see the authentication certificate of your DNIe and not the signature certificate, go to the police station to express your problem.