EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PKCS#11 and ActivClient from ActivIdentity

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#10317
Posted: 06/08/2009 06:08:14
by Tomasz Sawicki (Standard support level)
Joined: 06/14/2007
Posts: 19

Hi,

I'm trying to login into PKCS#11 token using Smart Card with ATR: 3B 7B 18 00 00 00 31 C0 64 77 E3 03 00 82 90 00 (probably Oberthur 64k CosmopolIC v5.2/2.2) and ActivClient software (PKCS#11 library - acpkcs211.dll).
I'm using CertTokenDemo from PKIBlackbox samples and Session.Login function throws exception: "PKCS#11 error in function #18 (error code is 162)"
ActivClient logs (attached to this post) shows the same error: C_Login rc=CKR_PIN_LEN_RANGE[0xa2]

I was runing it with newest SecureBlackbox 6 and newest SecureBlackbox 7 - results are the same.

I can login and sign some data with no problem when using pkcs11-tool included in OpenSC.

Any help would be appreciated.

Tomasz Sawicki


[ Download ]
#10318
Posted: 06/08/2009 06:26:29
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

According to the PKCS#11 specification, the specified error code (CKR_PIN_LEN_RANGE) can only be returned for a calls that attempt to set (i.e., change) a PIN:
Quote
CKR_PIN_LEN_RANGE: The specified PIN is too long or too short. This return
code only applies to functions which attempt to set a PIN.


It is possible that your token expects that
a) the session should be opened in read-only mode,
b) security officer logon type should be used.

Please try to check both cases (by passing ReadOnly = true to OpenSession(), as well as UserType = utSecurityOfficer to Login()) and check if one of them helps.
#10319
Posted: 06/08/2009 07:02:08
by Tomasz Sawicki (Standard support level)
Joined: 06/14/2007
Posts: 19

Hi,

Thank you for very quick response.

I tried both cases and the result is the same as in the first post. I also typed wrong PIN and empty PIN - still the same error. This is very confusing.
#10320
Posted: 06/08/2009 07:26:40
by Ken Ivanov (EldoS Corp.)

I have a guess. Do you use Delphi 2009? If yes, please upgrade to the latest SecureBlackbox build (7.1.159), released yesterday. It fixes several minor Unicode-related issues that might lead to the error you are encountering.
#10321
Posted: 06/08/2009 07:32:18
by Tomasz Sawicki (Standard support level)
Joined: 06/14/2007
Posts: 19

Sorry I didn't mention that. I'm using .NET edition of SecureBlackbox - version 7.0.156 (downloaded today).
#10322
Posted: 06/08/2009 07:36:35
by Ken Ivanov (EldoS Corp.)

Can you please check if the same issue occurs with 7.1.159 build (it is available for download here)?
#10323
Posted: 06/08/2009 07:54:54
by Tomasz Sawicki (Standard support level)
Joined: 06/14/2007
Posts: 19

Unfortunately error is the same, only error message changed: PKCS#11 error CKR_PIN_LEN_RANGE in function C_Login
#10324
Posted: 06/08/2009 09:22:30
by Ken Ivanov (EldoS Corp.)

Let's continue the topic in the HelpDesk, as the forum does not support big file attachments. I have created a ticket for you.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 4711 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!