I'm currently using Ncryptoki C# sample project to test the HSM if it's working. I already setup and initialized the slot and token. When I run the sample code, it always tell me wrong PIN. I use the PINpad to enter the password "1111", any help would be really appreciate.
using System;
using System.Collections.Generic;
using System.Collections;
using System.Text;
using Cryptware.NCryptoki;
namespace USCToolkit.NCryptokiTest
{
class Program
{
static void Main(string[] args)
{
// Creates a Cryptoki object related to the specific PKCS#11 native library
//Cryptoki cryptoki = new Cryptoki("smaoscki.dll");
Cryptoki cryptoki = new Cryptoki(@"C:\Program Files\SafeNet\LunaClient\cryptoki.dll");
cryptoki.Initialize();
// Prints all information relating to the native library
CryptokiInfo info = cryptoki.Info;
Console.WriteLine(info.Version);
Console.WriteLine(info.ManufacturerID);
Console.WriteLine(info.LibDescription);
// Reads the set of slots containing a token
SlotList slots = cryptoki.Slots;
if(slots.Count == 0)
{
Console.WriteLine("No slot available");
return;
}
// Gets the first slot available
Slot slot = slots[0];
// Prints all information relating to the slot
SlotInfo sinfo = slot.Info;
Console.WriteLine(sinfo.Description);
Console.WriteLine(sinfo.ManufacturerID);
///
Console.WriteLine("flags: "+sinfo.Flags);
if (!slot.IsTokenPresent)
{
Console.WriteLine("No token inserted in the slot: " + slots[0].Info.Description);
return;
}
// Gets the first token available
Token token = slot.Token;
// Prints all information relating to the token
TokenInfo tinfo = token.Info;
Console.WriteLine(tinfo.Label);
Console.WriteLine(tinfo.ManufacturerID);
Console.WriteLine(tinfo.Model);
Console.WriteLine(tinfo.SerialNumber);
Console.WriteLine(tinfo.HardwareVersion);
// Opens a read/write serial session
Session session =
token.OpenSession(Session.CKF_SERIAL_SESSION | Session.CKF_RW_SESSION,
null,
null);
/////
//PIN pin = new PIN();
/////
// Executes the login passing the user PIN
int nRes = session.Login(Session.CKU_USER,"1111");
if (nRes != 0)
{
Console.WriteLine("Wrong PIN");
return;
}
Console.WriteLine("Logged in:" + session.IsLoggedIn);
// Searchs for an RSA private key object
// Sets the template with its attributes
CryptokiCollection template = new CryptokiCollection();
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_RSA));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));
// Launchs the search specifying the template just created
CryptokiCollection objects = session.Objects.Find(template, 10);
foreach (Object obj in objects)
{
Console.WriteLine(((PrivateKey)obj).Label);
}
for (int i = 0; i < objects.Count; i++)
{
Console.WriteLine(((PrivateKey)objects[i]).Label);
}
RSAPrivateKey privateKey;
RSAPublicKey publicKey;
// If the private key is not found generates the key pair
if(objects.Count == 0)
{
CryptokiCollection templatePub = new CryptokiCollection();
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 1024));
CryptokiCollection templatePri = new CryptokiCollection();
templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));
templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));
//Generate the key pair
Key[] keys = session.GenerateKeyPair(Mechanism.RSA_PKCS_KEY_PAIR_GEN, templatePub, templatePri);
privateKey = (RSAPrivateKey)keys[1];
publicKey = (RSAPublicKey)keys[0];
}
else //If the private key is found gets the corresponding public key
{
privateKey = (RSAPrivateKey)objects[objects.Count - 1];
Console.WriteLine(privateKey.Label);
// search for the related public key
template = new CryptokiCollection();
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_RSA));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));
// Launchs the search specifying the template just created
objects = session.Objects.Find(template, 1);
publicKey = (RSAPublicKey)objects[0];
Console.WriteLine(publicKey.Label);
// prepares for the signature
string helloworld = "Hello World";
byte[] text = Encoding.ASCII.GetBytes(helloworld);
// launches the digital signature operation with a RSA_PKCS mechanism
nRes = session.SignInit(Mechanism.SHA1_RSA_PKCS, privateKey);
// computes the signature
byte[] signature = session.Sign(text);
// launches the digital signature verification with a RSA_PKCS mechanism
nRes = session.VerifyInit(Mechanism.SHA1_RSA_PKCS, publicKey);
// verifies the signature
nRes = session.Verify(text, signature);
// results if nRes == 0 means that the verification is OK
Console.Write("Verified " + (nRes == 0));
}
// Logouts and closes the session
session.Logout();
session.Close();
cryptoki.Finalize(IntPtr.Zero);
}
}
}
Finally, I figure out my question. I am working on LunaG5, and when initialize the token(black key), there is a secret text string will be created. The format similar like: Asdf-s4SD-DF7d4-wd3S. This string also used when you install the KSP. The password "1111" is only used on PINpad, but the secret string must be used in the Application to verify which token you used.
int nRes = session.Login(Session.CKU_USER,"Asdfs4SDDF7d4wd3S");
if (nRes != 0)
{
Console.WriteLine("Wrong PIN");
return;
}
For secret string create, search: Creating a Legacy style PED-authenticated Application Partition