如何使用 PKCS11Interop 获取加密令牌(智能卡)的密码失败计数
How to get password failure count of crypto token (Smartcard) using PKCS11Interop
我有 .Net 应用程序使用 PKCS11Interop 库与加密令牌(智能卡)交互,用户可以在其中登录令牌并生成密钥对并签名。
如果用户密码多次输入错误,token会被锁定,如何获取token的剩余尝试登录次数
在互联网上搜索时,我遇到了 Net.Pkcs11Interop.HighLevelAPI.TokenInfo.TokenFlags,其中包含此信息
CKF_USER_PIN_COUNT_LOW 0x00010000 True if an incorrect user login
PIN has been entered at least
once since the last successful
authentication.
CKF_USER_PIN_FINAL_TRY 0x00020000 True if supplying an incorrect
user PIN will cause it to
become locked.
CKF_USER_PIN_LOCKED 0x00040000 True if the user PIN has been locked. User login to the token
is not possible
但这些是布尔值,我需要剩余的确切重试次数。
PKCS#11 API 没有提供准确的剩余重试次数。正如您正确发现的那样,它确实通过 TokenFlags:
提供了类似的信息
// Get token info
TokenInfo tokenInfo = slot.GetTokenInfo();
if (tokenInfo.TokenFlags.UserPinCountLow)
{
// An incorrect user login PIN has been entered at least once since the last successful authentication
}
if (tokenInfo.TokenFlags.UserPinFinalTry)
{
// Supplying an incorrect user PIN will make it to become locked
}
if (tokenInfo.TokenFlags.UserPinLocked)
{
// User PIN has been locked. User login to the token is not possible.
}
我有 .Net 应用程序使用 PKCS11Interop 库与加密令牌(智能卡)交互,用户可以在其中登录令牌并生成密钥对并签名。
如果用户密码多次输入错误,token会被锁定,如何获取token的剩余尝试登录次数
在互联网上搜索时,我遇到了 Net.Pkcs11Interop.HighLevelAPI.TokenInfo.TokenFlags,其中包含此信息
CKF_USER_PIN_COUNT_LOW 0x00010000 True if an incorrect user login
PIN has been entered at least
once since the last successful
authentication.
CKF_USER_PIN_FINAL_TRY 0x00020000 True if supplying an incorrect
user PIN will cause it to
become locked.
CKF_USER_PIN_LOCKED 0x00040000 True if the user PIN has been locked. User login to the token
is not possible
但这些是布尔值,我需要剩余的确切重试次数。
PKCS#11 API 没有提供准确的剩余重试次数。正如您正确发现的那样,它确实通过 TokenFlags:
// Get token info
TokenInfo tokenInfo = slot.GetTokenInfo();
if (tokenInfo.TokenFlags.UserPinCountLow)
{
// An incorrect user login PIN has been entered at least once since the last successful authentication
}
if (tokenInfo.TokenFlags.UserPinFinalTry)
{
// Supplying an incorrect user PIN will make it to become locked
}
if (tokenInfo.TokenFlags.UserPinLocked)
{
// User PIN has been locked. User login to the token is not possible.
}