Leaderboard

Packages are an all or nothing thing. In your case the TIdentRec type used by host and package are not the same type, despite of the same name. The package and the host app each contain their own copy of the TestApi unit. To make this work you have to place this unit into its own run-time package, which is then named in the package list of the application and the requires clause of the dynamically loaded package. This way both use the same "instance" of the unit. If you load packages dynamically it is also more reliable to not unload them explicitely but leave that to the RTL package management when the application closes. This avoids some arcane problems with premature unit finalizations. In your case unloading the package seems to mess up the memory manager.

Sometimes my draw in OnPaint (WM_Paint) is very slow (kind of UI freezing). Now I would prefer to exit the paint handler earlier (based on time measurement (getTickCount)) and continue the draw in subsequent OnPaint events (like progressive drawing). Is that possible under Windows? And how can I trigger the paint events?

No, because the HSM in the token has a program that takes data from the application, signs it with the private key in the HSM and returns a digest to the application as part of the signing process. The whole point is the private key is not available outside the HSM so can not be copied. The HSM/token can be used remotely only if the data to be signed is passed to the PC/server with the HSM, and the digest returned to the originating PC. Angus

No, you only need to do that if the machine you are signing on is different to the one where the usb token is installed. pfx files are a thing of the past (except for self signed certificates), so forget about that bit. Do not expect the IDE to support code signing with tokens. You need to understand how to call signtool.exe You could perhaps setup a post buld event for your project to do the signing - but bear in mind signing takes time so only add it to the release config. Alternatively - (vendor plug) - use FinalBuilder to generate your release builds - in which case code signing is pretty easy.