EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CKR_PIN_INCORRECT when trying to sign a file .NET

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
Posted: 03/10/2015 04:12:19
by Ivan Hristov (Standard support level)
Joined: 10/26/2012
Posts: 16

Hi all!
Recently i get this exception when trying to sign a file:"PKCS#11 error CKR_PIN_INCORRECT in function C_Login".
I am sure the given PIN is correct because the signing with the provider`s software passes succesfully with the same PIN.

Also i saw in my "Windows Event log" some logged error, here it is in XML view:

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<Provider Name="Microsoft-Windows-Smartcard-Server" Guid="{4FCBF664-A33A-4652-B436-9D558983D955}" EventSourceName="SCardSvr" />
<EventID Qualifiers="0">610</EventID>
<TimeCreated SystemTime="2015-03-10T08:25:18.000Z" />
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Security />

- <EventData>
<Data Name="Message">Incorrect function.</Data>
<Data Name="Reader">ACS CCID USB Reader 0</Data>
<Data Name="IOCTL">0x313520</Data>

- here is the whole method where the exception is thrown in(in bold is the exact row):

public static void Init_PKCS11CertStorage(TElPKCS11CertStorage inPKCS11CertStorage, string inDLLFileName, string inPin)
inPKCS11CertStorage.CRL = null;
inPKCS11CertStorage.CryptoProvider = null;
inPKCS11CertStorage.CryptoProviderManager = null;
inPKCS11CertStorage.DLLName = inDLLFileName;
inPKCS11CertStorage.ImportOrder = SBPKCS11CertStorage.TSBPKCS11CertStorageImportOrder.csioAuto;
inPKCS11CertStorage.MonitorSlotEvents = false;
inPKCS11CertStorage.Options = ((short)(1));
inPKCS11CertStorage.PKCS11Options = 10;
inPKCS11CertStorage.SlotEventMonitoringDelay = 1000;
inPKCS11CertStorage.SlotEventMonitoringMode = SBPKCS11Base.TSBPKCS11SlotEventMonitoringMode.semNoMonitoring;
inPKCS11CertStorage.SynchronizeGUI = true;
inPKCS11CertStorage.Tag = null;
inPKCS11CertStorage.TokenAccessMode = SBPKCS11Base.TSBPKCS11TokenAccessMode.tamCompatible;
inPKCS11CertStorage.TrySingleThreadedMode = true;
for (int i = 0; i < inPKCS11CertStorage.Module.SlotCount; i++)
TElPKCS11SlotInfo SlotInfo = inPKCS11CertStorage.Module.get_Slot(i);
if (SlotInfo.TokenPresent)
var _slot = inPKCS11CertStorage.Module.get_Slot(i);
TElPKCS11SessionInfo _session = inPKCS11CertStorage.OpenSession(i, _slot.ReadOnly);
_session.Login((int)SBPKCS11Base.Unit.utUser, inPin);

here are some details about the exception:
at SBPKCS11Base.__Global.PKCS11CheckError(Int64 HLib, Int32 FunctionCode, UInt32 ResultCode)
at SBPKCS11Base.TElPKCS11SessionInfo.Login(Int32 UserType, String PIN)
at UCM_Signer_BLL.WinCertHelper.Init_PKCS11CertStorage(TElPKCS11CertStorage inPKCS11CertStorage, String inDLLFileName, String inPin) in C:\Projects\Imeon\UCM_Signer\UCM_Signer_BLL\WinCertHelper.cs:line 86

-errorcode: 160
-message: PKCS#11 error CKR_PIN_INCORRECT in function C_Login

I am sure the PIN is correct. It had worked before about an year, the source code has not been modified, the path to DLL is correct.

Version i use: SecureBlackbox (.NET edition) for .NET Framework (4.5, 4.0, 3.5, 2.0), Windows RT (.NET 4.5/WinRT), Silverlight (5 and 4), Mono 2.0, .NET CF (3.5, 2.0), Windows Phone 7.5, Mono for Android - Version 10.0.233. Released on 2013-03-15.
Posted: 03/10/2015 04:27:01
by Ken Ivanov (EldoS Corp.)

Hi Ivan,

First of all, please re-check that the correct slot and token are accessed. Other software or a driver update might have installed their own slots, so the slot corresponding to you token might could have shifted and is not the first slot with a token any more.

If the slot is correct, could you think of what might have changed in the environment that might have caused the failure? Have you upgraded the driver software recently? The SBB? Did any other local circumstances change?




Topic viewed 736 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!