问题
I have .Net application to interact with the crypto token (Smartcard) using PKCS11Interop library where users can login to the token and generate keypair and sign.
If users enter the wrong password multiple time token will be locked, how can I get the remaining number of attempt to login to the token.
while searching on the internet I came across Net.Pkcs11Interop.HighLevelAPI.TokenInfo.TokenFlags which contains this information
CKF_USER_PIN_COUNT_LOW 0x00010000 True if an incorrect user login
PIN has been entered at least
once since the last successful
authentication.
CKF_USER_PIN_FINAL_TRY 0x00020000 True if supplying an incorrect
user PIN will cause it to
become locked.
CKF_USER_PIN_LOCKED 0x00040000 True if the user PIN has been locked. User login to the token
is not possible
but these are boolean values, I need the exact number of retry left.
回答1:
PKCS#11 API does not provide exact number of retries left. As you have correctly found out it does provide similar information via TokenFlags:
// Get token info
TokenInfo tokenInfo = slot.GetTokenInfo();
if (tokenInfo.TokenFlags.UserPinCountLow)
{
// An incorrect user login PIN has been entered at least once since the last successful authentication
}
if (tokenInfo.TokenFlags.UserPinFinalTry)
{
// Supplying an incorrect user PIN will make it to become locked
}
if (tokenInfo.TokenFlags.UserPinLocked)
{
// User PIN has been locked. User login to the token is not possible.
}
来源:https://stackoverflow.com/questions/49234210/how-to-get-password-failure-count-of-crypto-token-smartcard-using-pkcs11intero