Wunder Sign Documentation

Last updated December 9, 2025

Introduction

Wunder Sign is a desktop application for Windows and macOS that enables secure digital signing of patent documents using SmartCards. This documentation is intended for IT administrators and technical staff at law firms and IP departments.

Good to know

Wunder Sign streamlines the patent signing workflow by providing a native desktop application that integrates directly with SmartCard readers and certificate management systems.

Key Features

Native SmartCard integration (PKCS#11)
Support for D-Trust and LuxTrust qualified certificates
Batch PDF signing with progress tracking
UPC Opt-Out form generation and submission
Session-based workflow management
Automatic updates via enterprise-ready update server

System Requirements

Platform	Minimum Version	Architecture
Windows	Windows 10 (1903+)	x64
macOS	macOS 11 Big Sur	Intel / Apple Silicon (arm64)

Hardware Requirements

USB SmartCard reader
Qualified signature card (D-Trust or LuxTrust)
4GB RAM minimum (8GB recommended)
500MB available disk space

Installation

Download the latest version from the product page or use the direct download links below.

Windows Installation

Download Wunder.Sign-x.x.x.exe from the download page
Run the installer with administrator privileges
Follow the installation wizard
Launch Wunder Sign from the Start Menu

Silent Installation (Enterprise)

For automated deployment via SCCM, Intune, or GPO:

bash

Wunder.Sign-1.23.0.exe /S /D=C:\Program Files\Wunder Sign

Parameters:

/S - Silent mode (no UI)
/D=<path> - Installation directory (must be last parameter)

macOS Installation

Download Wunder.Sign-x.x.x-arm64.dmg (Apple Silicon) or Wunder.Sign-x.x.x.dmg (Intel)
Open the DMG file
Drag Wunder Sign to your Applications folder
Launch from Applications or Spotlight

Tip

On first launch, macOS may ask you to confirm opening an app from an identified developer. Click "Open" to proceed.

SmartCard Configuration

Wunder Sign supports SmartCard readers and certificates via the PKCS#11 standard.

Supported Certificates

Wunder Sign currently supports the following qualified signature certificates:

Provider	Card Types	Key Type	Notes
D-Trust	D-Trust Card 5.1, 5.4	ECC (ECDSA)	Requires CAN, dual-PIN authentication
D-Trust	Older D-Trust cards	RSA	Single PIN authentication
LuxTrust	LuxTrust qualified cards	RSA	Requires SafeNet/ClassicClient middleware

Warning

D-Trust Card 5.1 and 5.4 use elliptic curve cryptography (ECC/ECDSA) and require specific middleware. Older RSA-based cards may use different authentication methods.

D-Trust Card Authentication

D-Trust cards (especially version 5.1 and 5.4) use a multi-step authentication process:

CAN (Card Access Number)

The CAN is a 6-digit number printed on the physical card. It is used to establish a secure PACE (Password Authenticated Connection Establishment) channel between the card and reader. The CAN is handled automatically by the cryptovision scInterface middleware popup when the card is inserted.

PIN Types for D-Trust Cards

PIN Type	Purpose	When Required
Card PIN (AUT-PIN)	General card access	Opening a session
Signature PIN	Unlocking the signature key	Each signing operation

Good to know

For D-Trust 5.x cards, you may need to enter both the Card PIN and the Signature PIN. Some cards support using the same PIN for both.

LuxTrust Card Authentication

LuxTrust cards use standard single-PIN authentication but require the SafeNet/ClassicClient middleware to be installed.

PKCS#11 Middleware Installation

Warning

D-Trust Minimum Version Requirement: Wunder Sign requires sc/interface version 8.2.8 or later for D-Trust cards. Earlier versions are not compatible and will not work correctly. Please ensure you have the latest version installed before using D-Trust cards with Wunder Sign.

Windows

D-Trust Cards:

Download and install the D-Trust PKI Client (sc/interface 8.2.8 or later) from D-Trust
The PKCS#11 library will be installed to:

- C:\Windows\System32\cvP11.dll (cryptovision) - C:\Windows\System32\DTRUST_PKI_PKCS11.dll

LuxTrust Cards:

Download and install the LuxTrust SmartCard Middleware
The PKCS#11 library will be installed to:

- C:\Program Files\LuxTrust\SmartCardMiddleware\ltpkcs11.dll - C:\Program Files (x86)\LuxTrust\SmartCardMiddleware\ltpkcs11.dll

macOS

D-Trust Cards:

Download and install the cryptovision sc/interface (8.2.8 or later) from D-Trust
The PKCS#11 library will be installed to:

- /Library/cv cryptovision/libcvP11.dylib

LuxTrust Cards:

Install the SafeNet/ClassicClient package
The PKCS#11 library will be installed to:

- /usr/local/lib/ClassicClient/libgclib.dylib - /usr/local/lib/pkcs11/libgclib.dylib

Tip

Wunder Sign auto-detects PKCS#11 libraries at the standard installation paths listed above.

PKCS#11 Library Paths Reference

Platform	Provider	Library Path
Windows	D-Trust (cryptovision)	`C:\Windows\System32\cvP11.dll`
Windows	D-Trust (legacy)	`C:\Windows\System32\DTRUST_PKI_PKCS11.dll`
Windows	LuxTrust	`C:\Program Files\LuxTrust\SmartCardMiddleware\ltpkcs11.dll`
macOS	D-Trust (cryptovision)	`/Library/cv cryptovision/libcvP11.dylib`
macOS	LuxTrust/SafeNet	`/usr/local/lib/ClassicClient/libgclib.dylib`

Middleware Configuration

Wunder Sign supports selecting the middleware type in Settings:

Mode	Description
Auto	Automatically detect and load the first available driver
D-Trust	Only load D-Trust/cryptovision drivers
LuxTrust	Only load LuxTrust/SafeNet drivers

Warning

Ensure the PKCS#11 library matches your certificate provider. Using an incorrect library will result in certificate detection failures or CKR_TOKEN_NOT_RECOGNIZED errors.

CSV File Format

Wunder Sign uses CSV (Comma-Separated Values) files to batch-process multiple patents for opt-out filings. This section explains how to prepare your CSV file correctly.

Quick Start

Download the CSV template from within Wunder Sign (File → Open CSV Template) or create a file with the following structure:

csv

Reference number,Internal reference,Patent Status,Applicant Name,Applicant Address,Applicant Email,Designated States
EP1234567,P-001,Granted,Example AG,Sample str. 42,info@example.com,"DE, FR, IT"
EP7654321,P-002,pending,Another Corp,Main Road 123,contact@another.com,"AL, AT, BE, BG"

Column Reference

Column Name	Required	Description
Reference number	Yes	The European patent/application number (e.g., EP1234567)
Internal reference	No	Your internal case reference for tracking (e.g., P-001, Client-2024-001)
Patent Status	Yes	Determines which PDF section is filled (see below)
Applicant Name	Yes	Full name of the applicant or proprietor
Applicant Address	Yes	Complete postal address of the applicant
Applicant Email	No	Email address of the applicant
Designated States	Yes	Comma-separated list of EPC country codes
Opt-Out Case Number	No	Only for withdrawal sessions - the existing opt-out case number to withdraw

Good to know

Column names are case-insensitive. "Reference number", "reference number", and "Reference Number" are all accepted.

Patent Status Field

The Patent Status field is critical as it determines which section of the opt-out document gets filled:

Patent Status Value	PDF Section Filled	When to Use
`pending`	PATENT APPLICATION DETAILS	Patent application is still pending (not yet granted)
`Pending`	PATENT APPLICATION DETAILS	Same as above (case variation)
`filed`	PATENT APPLICATION DETAILS	Patent application has been filed
`Filed`	PATENT APPLICATION DETAILS	Same as above (case variation)
`Application`	PATENT APPLICATION DETAILS	Alternative value for pending applications
`granted`	EUROPEAN PATENT DETAILS	Patent has been granted
`Granted`	EUROPEAN PATENT DETAILS	Same as above (case variation)
Any other value	EUROPEAN PATENT DETAILS	Defaults to granted patent behavior

Warning

Important: If you use pending or filed, only the "PATENT APPLICATION DETAILS" section will be filled in the generated PDF. The "EUROPEAN PATENT DETAILS" section will remain empty. For granted patents, it's the opposite.

Visual Difference in Generated PDFs

When Patent Status = pending / filed / Application:

The PATENT APPLICATION DETAILS section shows:

- Publication number of the patent application - Designated countries/All EPC states - Applicant name, address, and email

The EUROPEAN PATENT DETAILS section remains empty

When Patent Status = granted / Granted (or any other value):

The PATENT APPLICATION DETAILS section remains empty

The EUROPEAN PATENT DETAILS section shows:

- Publication number of the European Patent - Country abbreviations for granted states - Proprietor name (Applicant), address, and email

Designated States Format

The Designated States field should contain a comma-separated list of two-letter EPC country codes.

Valid Examples:

DE, FR, IT
"AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LI, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR"
DE,FR,IT

Supported EPC States: AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LI, LT, LU, LV, MC, ME, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR

Tip

If the list contains commas, wrap the entire field in double quotes to ensure proper CSV parsing.

Reference Number Format

The Reference number must be a valid European patent or application number.

Valid Formats:

EP1234567 - Standard format (recommended)
EP 1234567 - With space
1234567 - Number only (EP prefix will be assumed)

Good to know

Wunder Sign validates that the reference number follows the EP format (EP followed by 7 digits).

Complete CSV Example

Here's a complete example showing different patent statuses:

csv

Reference number,Internal reference,Patent Status,Applicant Name,Applicant Address,Applicant Email,Designated States
EP1111111,REF-001,granted,Acme Corporation,"123 Example Street, 10115 Berlin, Germany",patents@acme-example.test,"AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LI, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR"
EP2222222,REF-002,pending,Globex Industries,"456 Innovation Avenue, 75001 Paris, France",legal@globex-example.test,"DE, FR, IT, ES"
EP3333333,REF-003,Granted,Initech GmbH,"789 Tech Park, 1010 Vienna, Austria",ip@initech-example.test,"GB, DE, FR, NL, BE"
EP4444444,REF-004,filed,Umbrella Labs AG,"101 Research Road, 8001 Zürich, Switzerland",contact@umbrella-example.test,"CH, DE, AT"

CSV for Withdrawal Sessions

When creating a withdrawal (opt-in) session, include the Opt-Out Case Number column with the existing case number you want to withdraw:

csv

Reference number,Internal reference,Patent Status,Applicant Name,Applicant Address,Applicant Email,Designated States,Opt-Out Case Number
EP1234567,P-001,Granted,Example AG,Sample str. 42,info@example.com,"DE, FR, IT",590000/2024

Common Mistakes to Avoid

Mistake	Problem	Solution
Missing Reference number	Row will be skipped	Ensure every row has a valid EP number
Wrong Patent Status	Wrong PDF section filled	Use `pending` for applications, `granted` for granted patents
Unquoted commas in addresses	CSV parsing breaks	Wrap fields containing commas in double quotes
Special characters	Encoding issues	Save CSV as UTF-8 encoding
Empty rows	May cause errors	Remove empty rows from the CSV
Inconsistent column names	Fields not recognized	Use exact column names from template

Preparing CSV from Excel

When exporting from Microsoft Excel:

Select File → Save As
Choose CSV UTF-8 (Comma delimited) (*.csv) as the format
Click Save

Warning

Do not use "CSV (Comma delimited)" without UTF-8 - this may cause encoding issues with special characters (umlauts, accents, etc.).

Preparing CSV from Google Sheets

Select File → Download → Comma Separated Values (.csv)
The file will be downloaded in UTF-8 encoding automatically

UPC Integration

Wunder Sign integrates with the Unified Patent Court (UPC) Case Management System for automated opt-out filings.

UPC Portal Requirements

To use the UPC integration, you need:

UPC Portal Account: Register at the UPC CMS Portal
API Credentials: Username and password for the A2A (Application-to-Application) API
Network Access: Outbound HTTPS access to UPC endpoints

UPC Environments

Environment	Domain	Purpose
Production	`cms.unifiedpatentcourt.org`	Live filings
Sandbox	`sandbox15.frontoffice.apps-staging.epo.org`	Testing and development

UPC Filing Workflow

Generate Opt-Out PDF: Wunder Sign generates the opt-out form with patent and proprietor details
Sign with SmartCard: The PDF is digitally signed using your qualified certificate
Submit to UPC: The signed document is submitted via the UPC A2A API
Track Status: Monitor submission status (ACCEPTED → PROCESSING → PROCESSED)
Download Receipt: Retrieve the official UPC receipt once processed

UPC Document Requirements

Format: PDF (application/pdf)
Signature: Qualified electronic signature (QES) with valid certificate
Language: English (en), German (de), or French (fr)
Patent Number Format: EP followed by 7 digits (e.g., EP1234567)

Network Configuration

Wunder Sign requires network access to communicate with the Wunder API, UPC services, and receive updates.

Required Endpoints

Endpoint	Port	Purpose
api.wunder-ip.com	443	API communication
wunder-ip.com	443	Update server
cms.unifiedpatentcourt.org	443	UPC production API
sandbox15.frontoffice.apps-staging.epo.org	443	UPC sandbox API
github.com	443	Release assets

Firewall Rules

For enterprise firewall configurations, allow outbound HTTPS (443) to the endpoints listed above.

Signature Details

Wunder Sign creates PDF signatures according to industry standards.

Signature Format

Property	Value
Filter	Adobe.PPKLite
SubFilter	adbe.pkcs7.detached
Hash Algorithm	SHA-256
Signature Type	PKCS#7/CMS SignedData

Supported Key Types

Key Type	Algorithm	Mechanism
RSA	RSA with SHA-256	SHA256_RSA_PKCS
ECC	ECDSA with SHA-256	ECDSA_SHA256

Good to know

D-Trust Card 5.x uses ECDSA (Elliptic Curve Digital Signature Algorithm), while older cards and LuxTrust typically use RSA.

Auto-Update API

Wunder Sign includes an enterprise-ready auto-update system compatible with electron-updater.

Update Server Endpoints

Platform	Manifest URL
Windows	https://wunder-ip.com/api/update/latest.yml
macOS	https://wunder-ip.com/api/update/latest-mac.yml

YAML Manifest Format

The update manifests follow the electron-builder format:

yaml

version: 1.23.0
files:
  - url: Wunder.Sign-1.23.0.exe
    sha512: <base64-encoded-sha512>
    size: 98765432
path: Wunder.Sign-1.23.0.exe
sha512: <base64-encoded-sha512>
releaseDate: '2024-12-09T10:30:00.000Z'

Self-Hosted Update Server

For air-gapped environments, you can host your own update server:

Mirror the release assets to your internal server
Configure the YAML manifests with your server URLs
Update the electron-updater config in your deployment:

json

{
  "publish": {
    "provider": "generic",
    "url": "https://your-internal-server.com/updates"
  }
}

Enterprise Deployment (baramundi, SCCM, Intune)

This section provides comprehensive guidance for deploying Wunder Sign via enterprise management tools such as baramundi, Microsoft SCCM, Intune, and similar platforms.

Good to know

Current Version: 2.0.0 | MSI installer recommended for enterprise deployments

Quick Reference

Action	Command
Silent Install (MSI)	`msiexec /i "Wunder Sign-2.0.0.msi" /qn ALLUSERS=1`
Silent Uninstall (MSI)	`msiexec /x "Wunder Sign-2.0.0.msi" /qn`
Disable Auto-Updates	`reg add "HKLM\SOFTWARE\WunderIP\Wunder Sign" /v DisableAutoUpdate /t REG_DWORD /d 1 /f`

Download Links

Download the latest version from the WunderIP release server:

MSI Installer (Recommended): Wunder Sign-{version}.msi
EXE Installer: Wunder Sign Setup {version}.exe

Contact WunderIP for access to the download portal.

MSI Installation (Recommended for Enterprise)

The MSI installer is optimized for enterprise deployment tools.

Basic Silent Install

bash

msiexec /i "Wunder Sign-2.0.0.msi" /qn ALLUSERS=1

Silent Install with Logging

bash

msiexec /i "Wunder Sign-2.0.0.msi" /qn ALLUSERS=1 /L*v "C:\Logs\wundersign-install.log"

Install Parameters

Parameter	Description
`/i`	Install
`/qn`	Quiet mode, no user interface
`/qb`	Basic UI (progress bar only)
`/qr`	Reduced UI
`ALLUSERS=1`	Install for all users (Program Files)
`ALLUSERS=""`	Install for current user only (not recommended)
`/L*v <path>`	Verbose logging to specified file
`/norestart`	Suppress restart (if required)

Installation Path: C:\Program Files\Wunder Sign\

EXE Installer (NSIS)

For manual installations or when MSI is not suitable.

Silent Install

bash

"Wunder Sign Setup 2.0.0.exe" /S /AllUsers

Install to Custom Directory

bash

"Wunder Sign Setup 2.0.0.exe" /S /AllUsers /D=D:\Apps\WunderSign

Warning

The /D= parameter must be the last parameter.

Uninstallation

MSI Uninstall

By MSI File:

bash

msiexec /x "Wunder Sign-2.0.0.msi" /qn

By Product Code:

bash

msiexec /x {PRODUCT-GUID} /qn

To find the Product Code:

powershell

Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like "*Wunder Sign*" } | Select-Object Name, IdentifyingNumber

With Logging:

bash

msiexec /x "Wunder Sign-2.0.0.msi" /qn /L*v "C:\Logs\wundersign-uninstall.log"

EXE Uninstall

bash

"C:\Program Files\Wunder Sign\Uninstall Wunder Sign.exe" /S

Complete Removal (Including User Data)

After uninstallation, remove user data and settings:

powershell

# Remove application data for all users
Get-ChildItem "C:\Users\*\AppData\Roaming\Wunder Sign" -ErrorAction SilentlyContinue | Remove-Item -Recurse -Force

# Remove registry settings
reg delete "HKLM\SOFTWARE\WunderIP\Wunder Sign" /f 2>nul

Update Management

Option 1: IT-Managed Updates (Recommended)

Disable auto-updates and deploy new versions via your management tool:

Disable Auto-Updates (during initial deployment or via GPO):

``bash reg add "HKLM\SOFTWARE\WunderIP\Wunder Sign" /v DisableAutoUpdate /t REG_DWORD /d 1 /f ``

Deploy Updates using the standard MSI install command. The installer handles upgrades automatically.

Subscribe to Release Notifications: Contact WunderIP to receive email notifications for new releases.

Option 2: Automatic Updates

By default, Wunder Sign checks for updates on startup and installs them automatically. This is suitable for smaller deployments without centralized management.

Upgrade Process

MSI upgrades are handled automatically:

bash

msiexec /i "Wunder Sign-2.1.0.msi" /qn ALLUSERS=1

The installer will:

Detect the existing installation
Preserve user settings
Upgrade to the new version

Registry Configuration

Pre-configure Wunder Sign settings via Windows Registry. These settings can be deployed via Group Policy, baramundi Registry Jobs, or login scripts.

Registry Path

HKEY_LOCAL_MACHINE\SOFTWARE\WunderIP\Wunder Sign

Available Settings

Value Name	Type	Description	Example
`DisableAutoUpdate`	REG_DWORD	Disable automatic updates	`1` (disabled) or `0` (enabled)
`DefaultLanguage`	REG_SZ	Default UI language	`de`, `en`, or `fr`
`ApiEndpoint`	REG_SZ	Custom API endpoint	`https://api.custom.com`

Configuration Commands

Disable Auto-Updates:

bash

reg add "HKLM\SOFTWARE\WunderIP\Wunder Sign" /v DisableAutoUpdate /t REG_DWORD /d 1 /f

Set Default Language to German:

bash

reg add "HKLM\SOFTWARE\WunderIP\Wunder Sign" /v DefaultLanguage /t REG_SZ /d "de" /f

Remove All Custom Settings:

bash

reg delete "HKLM\SOFTWARE\WunderIP\Wunder Sign" /f

Environment Variable Alternative

Auto-updates can also be disabled via environment variable:

bash

setx WUNDER_SIGN_DISABLE_UPDATE 1 /M

Smartcard Driver Deployment

Wunder Sign requires smartcard drivers to be installed before the application.

LuxTrust Cards

Download LuxTrust Middleware from the LuxTrust portal
Install silently:

``bash msiexec /i "LuxTrust_Middleware.msi" /qn ``

Expected driver path: C:\Program Files\LuxTrust\LuxTrust Middleware\pkcs11\p11Lux64.dll

D-Trust Cards

Warning

Minimum Version: sc/interface 8.2.8 or later is required. Earlier versions are not compatible with Wunder Sign.

Download D-Trust Card Assistant 5 / sc/interface (8.2.8+) from D-Trust
Install silently (refer to D-Trust documentation)
Expected driver path: C:\Program Files\D-Trust GmbH\D-TRUST Card Assistant 5\bin\dkck201564.dll

Deployment Order

Deploy smartcard driver
Deploy Wunder Sign
(Optional) Deploy registry configuration

baramundi Job Examples

Job: Install Wunder Sign

Job Type: Software Installation

Setting	Value
Name	Install Wunder Sign 2.0.0
Command	`msiexec /i "\\server\share\Wunder Sign-2.0.0.msi" /qn ALLUSERS=1 /L*v "C:\Logs\wundersign.log"`
Run as	SYSTEM
Timeout	300 seconds
Success Codes	0, 3010

Job: Uninstall Wunder Sign

Job Type: Software Uninstallation

Setting	Value
Name	Uninstall Wunder Sign
Command	`msiexec /x "Wunder Sign-2.0.0.msi" /qn`
Run as	SYSTEM
Timeout	180 seconds

Job: Configure Auto-Update Disable

Job Type: Registry

Setting	Value
Name	Disable Wunder Sign Auto-Updates
Key	`HKLM\SOFTWARE\WunderIP\Wunder Sign`
Value	`DisableAutoUpdate`
Type	REG_DWORD
Data	`1`

Complete Deployment Sequence

Job 1: Install LuxTrust/D-Trust Middleware
Job 2: Install Wunder Sign
Job 3: Configure Registry Settings (disable auto-update, set language)

Installation Troubleshooting

Common MSI Error Codes

Code	Meaning	Solution
1603	Fatal error	Check disk space, permissions
1618	Another installation in progress	Wait or restart Windows Installer
1638	Another version already installed	Uninstall first
3010	Restart required	Schedule restart

Verify Smartcard Driver Installation

powershell

# LuxTrust
Test-Path "C:\Program Files\LuxTrust\LuxTrust Middleware\pkcs11\p11Lux64.dll"

# D-Trust
Test-Path "C:\Program Files\D-Trust GmbH\D-TRUST Card Assistant 5\bin\dkck201564.dll"

Check Smartcard Service

bash

sc query SCardSvr

Log Files for Enterprise Deployment

Location	Content
`%APPDATA%\Wunder Sign\logs\`	Application runtime logs
`C:\Logs\wundersign-install.log`	Installation log (if specified)
Windows Event Viewer	System-level errors

Collecting Logs for Support

powershell

# Create support bundle
$supportDir = "C:\Temp\WunderSign-Support"
New-Item -ItemType Directory -Path $supportDir -Force

# Copy application logs
Copy-Item "$env:APPDATA\Wunder Sign\logs\*" $supportDir -ErrorAction SilentlyContinue

# Get system info
systeminfo > "$supportDir\systeminfo.txt"

# Get installed software
Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like "*Wunder*" -or $_.Name -like "*LuxTrust*" -or $_.Name -like "*D-Trust*" } | Out-File "$supportDir\software.txt"

# Create ZIP
Compress-Archive -Path $supportDir -DestinationPath "C:\Temp\WunderSign-Support.zip"

Troubleshooting

Common issues and their solutions.

SmartCard Not Detected

Symptoms: "No SmartCard reader found" or "No certificate detected"

Solutions:

Ensure the reader is properly connected (try different USB port)
Check Device Manager (Windows) or System Information (macOS) for the reader
Verify the correct PKCS#11 middleware is installed for your card type
Check the middleware type in Settings matches your card

PKCS#11 Error Codes: | Code | Name | Cause | | --- | --- | --- | | 6 | CKR_FUNCTION_FAILED | Card not ready or communication issue | | 48 | CKR_DEVICE_ERROR | Hardware communication problem | | 224 | CKR_TOKEN_NOT_RECOGNIZED | Wrong driver for this card type |

Certificate PIN Errors

Symptoms: "Invalid PIN" or "PIN blocked"

Solutions:

Verify you're entering the correct PIN
For D-Trust 5.x cards: ensure you're using the right PIN type (Card PIN vs Signature PIN)
Check remaining PIN attempts (usually 3 before lockout)
If blocked, contact your certificate provider for PUK unlock

PIN Error Codes: | Code | Name | Solution | | --- | --- | --- | | 160 | CKR_PIN_INCORRECT | Wrong PIN entered | | 161 | CKR_PIN_LOCKED | PIN blocked, requires PUK | | 162 | CKR_PIN_INVALID | PIN format invalid | | 165 | CKR_PIN_LEN_RANGE | PIN length outside valid range |

D-Trust CAN Issues

Symptoms: scInterface popup appears repeatedly or CAN errors

Solutions:

Verify the 6-digit CAN printed on your physical card
Ensure the cryptovision sc/interface middleware is installed
The CAN popup is normal for D-Trust 5.x cards on first use per session
If CAN is rejected, check you're reading the correct number from the card

Log Locations

Application logs are stored at:

# Windows
%APPDATA%\Wunder Sign\logs\

# macOS
~/Library/Logs/Wunder Sign/

Security Considerations

Certificate Security

Private keys never leave the SmartCard
All cryptographic operations are performed on the card hardware
PIN is transmitted securely via PKCS#11

Excluded Virtual Cards

Wunder Sign automatically filters out virtual/software SmartCards to ensure only hardware-based signatures are used:

DATEV virtual cards
Windows Virtual Smart Card
Microsoft virtual readers

Support

For technical support, contact us at hello@wunder-ip.com or visit the Contact page.

Useful Links

Product Page - Download latest version
Contact - Get in touch with our team
Trust Center - Security and compliance information