EldoS | Feel safer!

Software components for data protection, secure storage and transfer

strange behaviour of elpkcs11certstorage.tokenpresent

Posted: 07/12/2011 05:18:36
by S. Mojtaba Jafariqamsari (Basic support level)
Joined: 07/12/2011
Posts: 2


I have developed a PKCS module. when I test it with your C# samples, I see a strange behavior for elpkcs11certstorage.tokenpresent.

When hardware token is available, everything works fine. But when hardware module is not available, my PKCS module doesn't set CKF_TOKEN_PRESENT flags in processing C_GetSlotInfo request. But elpkcs11certstorage.tokenpresent is true in C# application, then nothing works correctly. it seems that CKF_TOKEN_PRESENT flag is ineffective on value of elpkcs11certstorage.tokenpresent.

Would you mind telling me how elpkcs11certstorage.tokenpresent is set?

Posted: 07/12/2011 05:33:33
by Ken Ivanov (Team)

Thank you for contacting us.

The TokenPresent property is set according to the result of the C_GetTokenInfo() method. It is likely that your module returns successful result from this method even though the token is not available in the slot.
Posted: 07/12/2011 07:08:42
by S. Mojtaba Jafariqamsari (Basic support level)
Joined: 07/12/2011
Posts: 2

As I know in PKCS#11, C_GetSlotInfo retrieves the slot information in second parameter:
CK_SLOT_INFO struct has a flag field which can set to CKF_TOKEN_PRESENT if a token is present in the slot.
typedef struct CK_SLOT_INFO {
CK_UTF8CHAR slotDescription[64];
CK_UTF8CHAR manufacturerID[32];
CK_FLAGS flags;
CK_VERSION hardwareVersion;
CK_VERSION firmwareVersion;
But GetTokenInfo retrieves information about a particular token in second parameter: CK_TOKEN_INFO_PTR; this struct has no any filed for report token presence.

Also, my GetTokenInfo returns CKR_DEVICE_REMOVED if there is no token in the slot.

Would you mind telling me witch idea is correct? Using C_GetTokenInfo or C_GetSlotInfo to set TokenPresent?
Posted: 07/12/2011 08:52:33
by Ken Ivanov (Team)

According to our experience, a number of firmware vendors do not get use of CKF_TOKEN_PRESENT flag in C_GetSlotInfo() function; this way, we cannot use it as a reliable source of information. Conversely, the C_GetTokenInfo()-based approach proved to work fine with absolutely most of the tokens and drivers. Our code considers the token to be present in the slot if it gets successful (CKR_OK) response from C_GetTokenInfo().



Topic viewed 931 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!