我目前正在使用Ncryptoki C#示例项目测试HSM是否有效。我已经设置并初始化了插槽和令牌。当我运行示例代码时,它总是告诉我错误的PIN。我使用PINpad输入密码“1111”,任何帮助都会非常感激。
using System;
using System.Collections.Generic;
using System.Collections;
using System.Text;
using Cryptware.NCryptoki;
namespace USCToolkit.NCryptokiTest
{
class Program
{
static void Main(string[] args)
{
// Creates a Cryptoki object related to the specific PKCS#11 native library
//Cryptoki cryptoki = new Cryptoki("smaoscki.dll");
Cryptoki cryptoki = new Cryptoki(@"C:\Program Files\SafeNet\LunaClient\cryptoki.dll");
cryptoki.Initialize();
// Prints all information relating to the native library
CryptokiInfo info = cryptoki.Info;
Console.WriteLine(info.Version);
Console.WriteLine(info.ManufacturerID);
Console.WriteLine(info.LibDescription);
// Reads the set of slots containing a token
SlotList slots = cryptoki.Slots;
if(slots.Count == 0)
{
Console.WriteLine("No slot available");
return;
}
// Gets the first slot available
Slot slot = slots[0];
// Prints all information relating to the slot
SlotInfo sinfo = slot.Info;
Console.WriteLine(sinfo.Description);
Console.WriteLine(sinfo.ManufacturerID);
///
Console.WriteLine("flags: "+sinfo.Flags);
if (!slot.IsTokenPresent)
{
Console.WriteLine("No token inserted in the slot: " + slots[0].Info.Description);
return;
}
// Gets the first token available
Token token = slot.Token;
// Prints all information relating to the token
TokenInfo tinfo = token.Info;
Console.WriteLine(tinfo.Label);
Console.WriteLine(tinfo.ManufacturerID);
Console.WriteLine(tinfo.Model);
Console.WriteLine(tinfo.SerialNumber);
Console.WriteLine(tinfo.HardwareVersion);
// Opens a read/write serial session
Session session =
token.OpenSession(Session.CKF_SERIAL_SESSION | Session.CKF_RW_SESSION,
null,
null);
/////
//PIN pin = new PIN();
/////
// Executes the login passing the user PIN
int nRes = session.Login(Session.CKU_USER,"1111");
if (nRes != 0)
{
Console.WriteLine("Wrong PIN");
return;
}
Console.WriteLine("Logged in:" + session.IsLoggedIn);
// Searchs for an RSA private key object
// Sets the template with its attributes
CryptokiCollection template = new CryptokiCollection();
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_RSA));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));
// Launchs the search specifying the template just created
CryptokiCollection objects = session.Objects.Find(template, 10);
foreach (Object obj in objects)
{
Console.WriteLine(((PrivateKey)obj).Label);
}
for (int i = 0; i < objects.Count; i++)
{
Console.WriteLine(((PrivateKey)objects[i]).Label);
}
RSAPrivateKey privateKey;
RSAPublicKey publicKey;
// If the private key is not found generates the key pair
if(objects.Count == 0)
{
CryptokiCollection templatePub = new CryptokiCollection();
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 1024));
CryptokiCollection templatePri = new CryptokiCollection();
templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));
templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));
//Generate the key pair
Key[] keys = session.GenerateKeyPair(Mechanism.RSA_PKCS_KEY_PAIR_GEN, templatePub, templatePri);
privateKey = (RSAPrivateKey)keys[1];
publicKey = (RSAPublicKey)keys[0];
}
else //If the private key is found gets the corresponding public key
{
privateKey = (RSAPrivateKey)objects[objects.Count - 1];
Console.WriteLine(privateKey.Label);
// search for the related public key
template = new CryptokiCollection();
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_RSA));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));
// Launchs the search specifying the template just created
objects = session.Objects.Find(template, 1);
publicKey = (RSAPublicKey)objects[0];
Console.WriteLine(publicKey.Label);
// prepares for the signature
string helloworld = "Hello World";
byte[] text = Encoding.ASCII.GetBytes(helloworld);
// launches the digital signature operation with a RSA_PKCS mechanism
nRes = session.SignInit(Mechanism.SHA1_RSA_PKCS, privateKey);
// computes the signature
byte[] signature = session.Sign(text);
// launches the digital signature verification with a RSA_PKCS mechanism
nRes = session.VerifyInit(Mechanism.SHA1_RSA_PKCS, publicKey);
// verifies the signature
nRes = session.Verify(text, signature);
// results if nRes == 0 means that the verification is OK
Console.Write("Verified " + (nRes == 0));
}
// Logouts and closes the session
session.Logout();
session.Close();
cryptoki.Finalize(IntPtr.Zero);
}
}
}
答案 0 :(得分:2)
最后,我想出了我的问题。我正在研究LunaG5,当初始化令牌(黑键)时,会创建一个秘密文本字符串。格式类似:Asdf-s4SD-DF7d4-wd3S。安装KSP时也会使用此字符串。密码&#34; 1111&#34;仅用于PINpad,但必须在应用程序中使用密码字符串来验证您使用的是哪个令牌。
toPMML对于秘密字符串创建,搜索:创建传统样式PED认证的应用程序分区
答案 1 :(得分:0)
我猜您的问题是由Login方法的返回值验证不充分引起的:
int nRes = session.Login(Session.CKU_USER,"1111");
if (nRes != 0)
{
Console.WriteLine("Wrong PIN");
return;
}
只有当值为0时,您的代码才会继续,但基础PKCS#11函数C_Login不仅会返回CKR_OK,还会返回CKR_USER_ALREADY_LOGGED_IN以及其他一些不一定表示错误的代码。