Login as Crypto User? - Githubissues

ThalesGroup / pycryptoki

Python interface to SafeNet's PKCS11 library implementation

Apache License 2.0

58 stars 22 forks source link

Login as Crypto User? #13

Closed bjarnemagnussen closed 5 years ago

bjarnemagnussen commented 5 years ago

When opening a session using login_ex() I can provide a user_type.

But it seems pycryptoki only supports the Partition SO (user_type set to 0), or Crypto Officer (user_type set to 1). Is there for security reasons any way I can login with the Crypto User, which has only limited rights?

bjarnemagnussen commented 5 years ago

Oh nevermind! I just found out that for some reason the user_id for the Crypto User is 0x80000001 (https://github.com/chevah/safenet-p11sample/blob/80441f34deada8d6785369d68b71ec0deca81ca9/include/cryptoki_v2.h#L117), or as integer: 2147483649.

Hence using

login_ex(
    auth_session, 3, "crypto_user_pin", user_type=2147483649
)

allows to login as the Crypto User.