我有.Net应用程序使用PKCS11Interop库与加密令牌(智能卡)进行交互,用户可以登录令牌并生成密钥对和签名。
如果用户输入了错误的密码,多个时间令牌将被锁定,如何获得登录令牌的剩余尝试次数。
在互联网上搜索时,我遇到了包含此信息的Net.Pkcs11Interop.HighLevelAPI.TokenInfo.TokenFlags
CKF_USER_PIN_COUNT_LOW 0x00010000 True if an incorrect user login
PIN has been entered at least
once since the last successful
authentication.
CKF_USER_PIN_FINAL_TRY 0x00020000 True if supplying an incorrect
user PIN will cause it to
become locked.
CKF_USER_PIN_LOCKED 0x00040000 True if the user PIN has been locked. User login to the token
is not possible
但是这些是布尔值,我需要确切的重试次数。
答案 0 :(得分:2)
PKCS#11 API未提供确切的重试次数。正如您所知,它确实通过TokenFlags提供了类似的信息:
// Get token info
TokenInfo tokenInfo = slot.GetTokenInfo();
if (tokenInfo.TokenFlags.UserPinCountLow)
{
// An incorrect user login PIN has been entered at least once since the last successful authentication
}
if (tokenInfo.TokenFlags.UserPinFinalTry)
{
// Supplying an incorrect user PIN will make it to become locked
}
if (tokenInfo.TokenFlags.UserPinLocked)
{
// User PIN has been locked. User login to the token is not possible.
}