2
    static Module pkcs11Module = Module.getInstance(@"C:\Program Files (x86)\SafeNet\Protect Toolkit 5\Protect Toolkit C SDK\bin\sw\cryptoki.dll");
    public HsmManager()
    {
        try
        {              
            pkcs11Module.initialize(null);
            Slot[] terminals = pkcs11Module.getSlotList(true);
            Slot s;
            Token token = terminals[0].Token;
            Session session = token.openSession(false, false, null, null);
            char[] pass = new char[] { '1', '2', '3', '4' };
            session.login(true, pass);}}

I do the sealing process with the hsm device in c # with the pkcs11 library (without using any other library). The error message is Message ="CKR_USER_PIN_NOT_INITIALIZED " What's wrong? Thanks

TEngineer
  • 95
  • 1
  • 18
  • Do you want to use real HSM device (PCI/Net provided) or software-only provider? Your code is connecting to software-only Cryptoki provider which might not be what you want...Good luck! – vlp Mar 10 '18 at 16:41
  • session.login (iaik.pkcs.pkcs11.Session.UserType_Fields.SO, pass) the problem was solved in this way, thank you – TEngineer Mar 12 '18 at 05:44

1 Answers1

1

I don't know nothing about cryptoki, but I'll try to answer:

Take a look at PKCS#11 standard.

CKR_USER_PIN_NOT_INITIALIZED: This value can only be returned by C_Login. It indicates that the normal user’s PIN has not yet been initialized with C_InitPIN.

In other words, your token has no PIN.

Try to initialize the PIN or try sending a null PIN in login call (maybe "there is some way for a user to be authenticated to the token without having the application send a PIN through the Cryptoki library")

Egl
  • 774
  • 7
  • 20
  • 1
    Unfortunately, I tried to enter the pin field blank, but I get the same error. For the pin start: session.initp the (pass); I tried this, but this time it gave the error message "CKR_SESSION_READ_ONLY". Thank you for the help... – TEngineer Mar 02 '18 at 11:56
  • 1
    To initialize the PIN, you need to Login as a Security Officer. Take a look at PKCS#11 standard, for instance "6.7.1 Read-only session states" and "6.7.2 Read/write session states". – Egl Mar 02 '18 at 13:15
  • 1
    The Cryptoki token browser seems to have the pins assigned to it, and it can be done without error when it is entered, but when I try to enter it from the code it gives an error. I tried to log in as Code SO (Security Officer). Still, he keeps making mistakes. – TEngineer Mar 02 '18 at 19:41