How to get password failure count of crypto token (Smartcard) using PKCS11Interop

荒凉一梦 提交于 2020-01-14 02:43:25

问题


I have .Net application to interact with the crypto token (Smartcard) using PKCS11Interop library where users can login to the token and generate keypair and sign.

If users enter the wrong password multiple time token will be locked, how can I get the remaining number of attempt to login to the token.

while searching on the internet I came across Net.Pkcs11Interop.HighLevelAPI.TokenInfo.TokenFlags which contains this information

CKF_USER_PIN_COUNT_LOW 0x00010000 True if an incorrect user login
PIN has been entered at least
once since the last successful
authentication.
CKF_USER_PIN_FINAL_TRY 0x00020000 True if supplying an incorrect
user PIN will cause it to
become locked.
CKF_USER_PIN_LOCKED 0x00040000 True if the user PIN has been locked. User login to the token
is not possible

but these are boolean values, I need the exact number of retry left.


回答1:


PKCS#11 API does not provide exact number of retries left. As you have correctly found out it does provide similar information via TokenFlags:

// Get token info
TokenInfo tokenInfo = slot.GetTokenInfo();

if (tokenInfo.TokenFlags.UserPinCountLow)
{
    // An incorrect user login PIN has been entered at least once since the last successful authentication
}

if (tokenInfo.TokenFlags.UserPinFinalTry)
{
    // Supplying an incorrect user PIN will make it to become locked
}

if (tokenInfo.TokenFlags.UserPinLocked)
{
    // User PIN has been locked. User login to the token is not possible.
}


来源:https://stackoverflow.com/questions/49234210/how-to-get-password-failure-count-of-crypto-token-smartcard-using-pkcs11intero

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!