EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PKCS#11 and ActivClient from ActivIdentity

Posted: 06/08/2009 06:08:14
by Tomasz Sawicki (Standard support level)
Joined: 06/14/2007
Posts: 19


I'm trying to login into PKCS#11 token using Smart Card with ATR: 3B 7B 18 00 00 00 31 C0 64 77 E3 03 00 82 90 00 (probably Oberthur 64k CosmopolIC v5.2/2.2) and ActivClient software (PKCS#11 library - acpkcs211.dll).
I'm using CertTokenDemo from PKIBlackbox samples and Session.Login function throws exception: "PKCS#11 error in function #18 (error code is 162)"
ActivClient logs (attached to this post) shows the same error: C_Login rc=CKR_PIN_LEN_RANGE[0xa2]

I was runing it with newest SecureBlackbox 6 and newest SecureBlackbox 7 - results are the same.

I can login and sign some data with no problem when using pkcs11-tool included in OpenSC.

Any help would be appreciated.

Tomasz Sawicki

[ Download ]
Posted: 06/08/2009 06:26:29
by Ken Ivanov (Team)

Thank you for contacting us.

According to the PKCS#11 specification, the specified error code (CKR_PIN_LEN_RANGE) can only be returned for a calls that attempt to set (i.e., change) a PIN:
CKR_PIN_LEN_RANGE: The specified PIN is too long or too short. This return
code only applies to functions which attempt to set a PIN.

It is possible that your token expects that
a) the session should be opened in read-only mode,
b) security officer logon type should be used.

Please try to check both cases (by passing ReadOnly = true to OpenSession(), as well as UserType = utSecurityOfficer to Login()) and check if one of them helps.
Posted: 06/08/2009 07:02:08
by Tomasz Sawicki (Standard support level)
Joined: 06/14/2007
Posts: 19


Thank you for very quick response.

I tried both cases and the result is the same as in the first post. I also typed wrong PIN and empty PIN - still the same error. This is very confusing.
Posted: 06/08/2009 07:26:40
by Ken Ivanov (Team)

I have a guess. Do you use Delphi 2009? If yes, please upgrade to the latest SecureBlackbox build (7.1.159), released yesterday. It fixes several minor Unicode-related issues that might lead to the error you are encountering.
Posted: 06/08/2009 07:32:18
by Tomasz Sawicki (Standard support level)
Joined: 06/14/2007
Posts: 19

Sorry I didn't mention that. I'm using .NET edition of SecureBlackbox - version 7.0.156 (downloaded today).
Posted: 06/08/2009 07:36:35
by Ken Ivanov (Team)

Can you please check if the same issue occurs with 7.1.159 build (it is available for download here)?
Posted: 06/08/2009 07:54:54
by Tomasz Sawicki (Standard support level)
Joined: 06/14/2007
Posts: 19

Unfortunately error is the same, only error message changed: PKCS#11 error CKR_PIN_LEN_RANGE in function C_Login
Posted: 06/08/2009 09:22:30
by Ken Ivanov (Team)

Let's continue the topic in the HelpDesk, as the forum does not support big file attachments. I have created a ticket for you.



Topic viewed 5061 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!