如何使用PINpad输入密码

Question

我目前正在使用Ncryptoki C#示例项目来测试HSM是否正常工作。我已经设置并初始化了时隙和令牌。当我运行示例代码时，它总是告诉我错误的PIN。我使用PINpad输入密码"1111"，任何帮助都会很感激。

using System;
using System.Collections.Generic;
using System.Collections;
using System.Text;
using Cryptware.NCryptoki;

namespace USCToolkit.NCryptokiTest
{
    class Program
    {
       static void Main(string[] args)
       {
        // Creates a Cryptoki object related to the specific PKCS#11 native library 
        //Cryptoki cryptoki = new Cryptoki("smaoscki.dll");
        Cryptoki cryptoki = new Cryptoki(@"C:\Program Files\SafeNet\LunaClient\cryptoki.dll");

        cryptoki.Initialize();

        // Prints all information relating to the native library
        CryptokiInfo info = cryptoki.Info;
        Console.WriteLine(info.Version);    
        Console.WriteLine(info.ManufacturerID);
        Console.WriteLine(info.LibDescription);

        // Reads the set of slots containing a token
        SlotList slots = cryptoki.Slots;
        if(slots.Count == 0)
        {
           Console.WriteLine("No slot available");
           return;
        }

        // Gets the first slot available
        Slot slot = slots[0];

        // Prints all information relating to the slot
        SlotInfo sinfo = slot.Info;
        Console.WriteLine(sinfo.Description);
        Console.WriteLine(sinfo.ManufacturerID);
        ///
        Console.WriteLine("flags: "+sinfo.Flags);

        if (!slot.IsTokenPresent)
        {
            Console.WriteLine("No token inserted in the slot: " + slots[0].Info.Description);
            return;
        }

        // Gets the first token available
        Token token = slot.Token;


        // Prints all information relating to the token
        TokenInfo tinfo = token.Info;
        Console.WriteLine(tinfo.Label);
        Console.WriteLine(tinfo.ManufacturerID);
        Console.WriteLine(tinfo.Model);
        Console.WriteLine(tinfo.SerialNumber);
        Console.WriteLine(tinfo.HardwareVersion);





        // Opens a read/write serial session
        Session session = 
            token.OpenSession(Session.CKF_SERIAL_SESSION | Session.CKF_RW_SESSION,
                              null,
                              null);

        /////
        //PIN pin = new PIN();
        /////
        // Executes the login passing the user PIN
        int nRes = session.Login(Session.CKU_USER,"1111");
        if (nRes != 0)
        {
            Console.WriteLine("Wrong PIN");
            return;
        }

        Console.WriteLine("Logged in:" + session.IsLoggedIn);

        // Searchs for an RSA private key object
        // Sets the template with its attributes
        CryptokiCollection template = new CryptokiCollection();
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_RSA));
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));

        // Launchs the search specifying the template just created
        CryptokiCollection objects = session.Objects.Find(template, 10);

        foreach (Object obj in objects)
        {
            Console.WriteLine(((PrivateKey)obj).Label);
        }

        for (int i = 0; i < objects.Count; i++)
        {
            Console.WriteLine(((PrivateKey)objects[i]).Label);
        }

        RSAPrivateKey privateKey;
        RSAPublicKey publicKey;

        // If the private key is not found generates the key pair
        if(objects.Count == 0)
        {
            CryptokiCollection templatePub = new CryptokiCollection();
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 1024));

            CryptokiCollection templatePri = new CryptokiCollection();
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));

            //Generate the key pair
            Key[] keys = session.GenerateKeyPair(Mechanism.RSA_PKCS_KEY_PAIR_GEN, templatePub, templatePri);
            privateKey = (RSAPrivateKey)keys[1];
            publicKey = (RSAPublicKey)keys[0];
        }
        else //If the private key is found gets the corresponding public key
        {
            privateKey = (RSAPrivateKey)objects[objects.Count - 1];
            Console.WriteLine(privateKey.Label);

            // search for the related public key
            template = new CryptokiCollection();
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_RSA));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));

            // Launchs the search specifying the template just created  
            objects = session.Objects.Find(template, 1);                 
            publicKey = (RSAPublicKey)objects[0];
            Console.WriteLine(publicKey.Label);

            // prepares for the signature
            string helloworld = "Hello World";
            byte[] text = Encoding.ASCII.GetBytes(helloworld);

            // launches the digital signature operation with a RSA_PKCS mechanism
            nRes = session.SignInit(Mechanism.SHA1_RSA_PKCS, privateKey);

            // computes the signature
            byte[] signature = session.Sign(text);

            // launches the digital signature verification with a RSA_PKCS mechanism                
            nRes = session.VerifyInit(Mechanism.SHA1_RSA_PKCS, publicKey);

            // verifies the signature
            nRes = session.Verify(text, signature);

            // results if nRes == 0 means that the verification is OK
            Console.Write("Verified " + (nRes == 0));
        }

        // Logouts and closes the session
        session.Logout();
        session.Close();
        cryptoki.Finalize(IntPtr.Zero);
    }


}
}

Answer 1

最后，我想出了我的问题。我正在处理LunaG5，当初始化令牌(黑键)时，将创建一个秘密文本字符串。类似于Asdf-s4SD-DF7d4-wd3S的格式。此字符串在安装KSP时也会使用。密码"1111“仅在PINpad上使用，但应用程序中必须使用秘密字符串来验证您使用的令牌。

int nRes = session.Login(Session.CKU_USER,"Asdfs4SDDF7d4wd3S");
if (nRes != 0)
{
    Console.WriteLine("Wrong PIN");
    return;
}

对于秘密字符串创建，搜索:创建一个继承风格PED认证的应用程序分区

Answer 2

我想您的问题是由于Login方法的返回值验证不足造成的：

int nRes = session.Login(Session.CKU_USER,"1111");
if (nRes != 0)
{
    Console.WriteLine("Wrong PIN");
    return;
}

只有当值为0时，您的代码才会继续，但是基础PKCS#11函数C_Login不仅返回CKR_OK，还返回CKR_USER_ALREADY_LOGGED_IN和其他不一定表示错误的代码。