如何利用PKCS11Interop获取密码令牌(智能卡)的密码失败计数

Question

我有.Net应用程序可以使用PKCS11Interop库与密码令牌(Smartcard)进行交互，用户可以在这里登录到令牌并生成密钥和签名。

如果用户输入错误的密码，多个时间令牌将被锁定，我如何才能获得登录令牌的剩余次数。

在网上搜索时，我偶然发现了包含以下信息的Net.Pkcs11Interop.HighLevelAPI.TokenInfo.TokenFlags

CKF_USER_PIN_COUNT_LOW 0x00010000 True if an incorrect user login
PIN has been entered at least
once since the last successful
authentication.
CKF_USER_PIN_FINAL_TRY 0x00020000 True if supplying an incorrect
user PIN will cause it to
become locked.
CKF_USER_PIN_LOCKED 0x00040000 True if the user PIN has been locked. User login to the token
is not possible

但是这些是布尔值，我需要左重试的确切数量。

Answer 1

PKCS#11 API没有提供剩余重试的确切数量。正如您正确地发现的，它确实通过TokenFlags提供了类似的信息。

// Get token info
TokenInfo tokenInfo = slot.GetTokenInfo();

if (tokenInfo.TokenFlags.UserPinCountLow)
{
    // An incorrect user login PIN has been entered at least once since the last successful authentication
}

if (tokenInfo.TokenFlags.UserPinFinalTry)
{
    // Supplying an incorrect user PIN will make it to become locked
}

if (tokenInfo.TokenFlags.UserPinLocked)
{
    // User PIN has been locked. User login to the token is not possible.
}