如何使用密码键盘在 Ncryptoki 中输入密码

How to use the PINpad to enter the Password in Ncryptoki

我目前正在使用 Ncryptoki C# 示例项目来测试 HSM 是否正常工作。我已经设置并初始化了插槽和令牌。当我 运行 示例代码时,它总是告诉我错误的 PIN。我使用密码键盘输入密码“1111”,如有帮助将不胜感激。

using System;
using System.Collections.Generic;
using System.Collections;
using System.Text;
using Cryptware.NCryptoki;

namespace USCToolkit.NCryptokiTest
{
    class Program
    {
       static void Main(string[] args)
       {
        // Creates a Cryptoki object related to the specific PKCS#11 native library 
        //Cryptoki cryptoki = new Cryptoki("smaoscki.dll");
        Cryptoki cryptoki = new Cryptoki(@"C:\Program Files\SafeNet\LunaClient\cryptoki.dll");

        cryptoki.Initialize();

        // Prints all information relating to the native library
        CryptokiInfo info = cryptoki.Info;
        Console.WriteLine(info.Version);    
        Console.WriteLine(info.ManufacturerID);
        Console.WriteLine(info.LibDescription);

        // Reads the set of slots containing a token
        SlotList slots = cryptoki.Slots;
        if(slots.Count == 0)
        {
           Console.WriteLine("No slot available");
           return;
        }

        // Gets the first slot available
        Slot slot = slots[0];

        // Prints all information relating to the slot
        SlotInfo sinfo = slot.Info;
        Console.WriteLine(sinfo.Description);
        Console.WriteLine(sinfo.ManufacturerID);
        ///
        Console.WriteLine("flags: "+sinfo.Flags);

        if (!slot.IsTokenPresent)
        {
            Console.WriteLine("No token inserted in the slot: " + slots[0].Info.Description);
            return;
        }

        // Gets the first token available
        Token token = slot.Token;


        // Prints all information relating to the token
        TokenInfo tinfo = token.Info;
        Console.WriteLine(tinfo.Label);
        Console.WriteLine(tinfo.ManufacturerID);
        Console.WriteLine(tinfo.Model);
        Console.WriteLine(tinfo.SerialNumber);
        Console.WriteLine(tinfo.HardwareVersion);





        // Opens a read/write serial session
        Session session = 
            token.OpenSession(Session.CKF_SERIAL_SESSION | Session.CKF_RW_SESSION,
                              null,
                              null);

        /////
        //PIN pin = new PIN();
        /////
        // Executes the login passing the user PIN
        int nRes = session.Login(Session.CKU_USER,"1111");
        if (nRes != 0)
        {
            Console.WriteLine("Wrong PIN");
            return;
        }

        Console.WriteLine("Logged in:" + session.IsLoggedIn);

        // Searchs for an RSA private key object
        // Sets the template with its attributes
        CryptokiCollection template = new CryptokiCollection();
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_RSA));
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));

        // Launchs the search specifying the template just created
        CryptokiCollection objects = session.Objects.Find(template, 10);

        foreach (Object obj in objects)
        {
            Console.WriteLine(((PrivateKey)obj).Label);
        }

        for (int i = 0; i < objects.Count; i++)
        {
            Console.WriteLine(((PrivateKey)objects[i]).Label);
        }

        RSAPrivateKey privateKey;
        RSAPublicKey publicKey;

        // If the private key is not found generates the key pair
        if(objects.Count == 0)
        {
            CryptokiCollection templatePub = new CryptokiCollection();
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 1024));

            CryptokiCollection templatePri = new CryptokiCollection();
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));

            //Generate the key pair
            Key[] keys = session.GenerateKeyPair(Mechanism.RSA_PKCS_KEY_PAIR_GEN, templatePub, templatePri);
            privateKey = (RSAPrivateKey)keys[1];
            publicKey = (RSAPublicKey)keys[0];
        }
        else //If the private key is found gets the corresponding public key
        {
            privateKey = (RSAPrivateKey)objects[objects.Count - 1];
            Console.WriteLine(privateKey.Label);

            // search for the related public key
            template = new CryptokiCollection();
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_RSA));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));

            // Launchs the search specifying the template just created  
            objects = session.Objects.Find(template, 1);                 
            publicKey = (RSAPublicKey)objects[0];
            Console.WriteLine(publicKey.Label);

            // prepares for the signature
            string helloworld = "Hello World";
            byte[] text = Encoding.ASCII.GetBytes(helloworld);

            // launches the digital signature operation with a RSA_PKCS mechanism
            nRes = session.SignInit(Mechanism.SHA1_RSA_PKCS, privateKey);

            // computes the signature
            byte[] signature = session.Sign(text);

            // launches the digital signature verification with a RSA_PKCS mechanism                
            nRes = session.VerifyInit(Mechanism.SHA1_RSA_PKCS, publicKey);

            // verifies the signature
            nRes = session.Verify(text, signature);

            // results if nRes == 0 means that the verification is OK
            Console.Write("Verified " + (nRes == 0));
        }

        // Logouts and closes the session
        session.Logout();
        session.Close();
        cryptoki.Finalize(IntPtr.Zero);
    }


}
}

我猜你的问题是由于 Login 方法的 return 值验证不充分造成的:

int nRes = session.Login(Session.CKU_USER,"1111");
if (nRes != 0)
{
    Console.WriteLine("Wrong PIN");
    return;
}

仅当值为 0 但基础 PKCS#11 函数 C_Login returns not only CKR_OK but also CKR_USER_ALREADY_LOGGED_IN 和一堆其他代码不一定表示错误时,您的代码才会继续。

我终于明白我的问题了。我在 LunaG5 上工作,当初始化令牌(黑键)时,将创建一个秘密文本字符串。格式类似于:Asdf-s4SD-DF7d4-wd3S。安装 KSP 时也会使用此字符串。密码“1111”仅在密码键盘上使用,但应用程序中必须使用密码字符串来验证您使用的是哪个令牌。

int nRes = session.Login(Session.CKU_USER,"Asdfs4SDDF7d4wd3S");
if (nRes != 0)
{
    Console.WriteLine("Wrong PIN");
    return;
}

对于秘密字符串的创建,搜索:创建旧式 PED 验证的应用程序分区