EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SBPKCS11Base - issue with get_Certificates with some tokens

Posted: 05/03/2016 13:05:26
by Stefano Massone (Standard support level)
Joined: 02/06/2015
Posts: 10


Hope you can give me some advices on how to further troubleshoot the following error:

SBPKCS11Base.EElPKCS11Error: PKCS#11 error CKR_GENERAL_ERROR in function C_GetAttributeValue
   at SBPKCS11Base.__Global.PKCS11CheckError(Int64 HLib, Int32 FunctionCode, UInt32 ResultCode)
   at SBPKCS11Base.TElPKCS11Utils.GetObjectAttribute(TElPKCS11Module Module, UInt32 hSession, UInt32 hObject, UInt32 Attribute)
   at SBPKCS11CertStorage.TElPKCS11CertStorage.UpdateCertificate(TElPKCS11StgCtx Ctx)
   at SBPKCS11CertStorage.TElPKCS11CertStorage.GetCertificates(Int32 Index)
   at SBPKCS11CertStorage.TElPKCS11CertStorage.get_Certificates(Int32 Index)
   at CardSignerManaged.ManagedClass.InitCertStorage(String currPKCS11, String ctxPinCode, IManagedCardSignerCallback getPINCode)

the error occurs in the following code at line:

tmpCert = certStorage.get_Certificates(i);

                activeSession.Login((int)SBPKCS11Base.Unit.utUser, ctxPinCode);

                TElX509Certificate tmpCert = null;

                for (int i = 0; i < certStorage.Count; i++)
                    tmpCert = certStorage.get_Certificates(i);

                    if (tmpCert.Extensions.KeyUsage.NonRepudiation)
                        activeCertificate = tmpCert;

                if (activeCertificate == null)
                    Log("KeyUsage.NonRepudiation not found in any of the card certificates ({0})", certStorage.Count, LogLevel.Error);
                    sessionOpen = true;
            catch (EElPKCS11Error pkcs11error)
                switch (pkcs11error.ErrorCode)
                    case 160: // - Wrong PIN
                        wrongPinEntered = true;
                        return beginTransaction(getPINCode); // - Recurse again, this will display the wrong pin message to user

                    case 164: // - PIN locked
                        Log("PIN locked: {0}", pkcs11error, LogLevel.Error);

                        Log("EElPKCS11Error: {0}", pkcs11error, LogLevel.Error);


This happens only with a few smart cards, with other it works just fine,

any help is greatly appreciated

thank you!
Posted: 05/03/2016 13:41:08
by Ken Ivanov (Team)

Hi Stefano,

Thank you for contacting us.

The exception you are getting means that the token or its driver doesn't give away one of the attributes requested by the components. The components need to know the values of those attributes to be able to manage the certificates properly.

First of all we need to establish the exact attribute that can't be retrieved. We will need to send some software to you that will help to detect it. I suggest that we continue the discussion in our Helpdesk, as the forum doesn't support binary attachments. I've created a support ticket (#29794) for you.




Topic viewed 1752 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!