DLL file not loading

[htaymour]

Hello Team, I'm trying to use the etoken 5110 for authentication using SSH but I'm not able to load the dll file correctly as showen in my logs below . Could you please advise which dll should I be pointing to and where should I add the path to it. Please note that Cryptoki2.ini file does not exist so I think it's looking using defaults.py Please advise how do I add this section to defaults.py

import logging logging.basicConfig(level=logging.DEBUG) from pycryptoki.default_templates import from pycryptoki.defines import from pycryptoki.key_generator import from pycryptoki.session_management import

c_initialize_ex() INFO:pycryptoki.session_management:Initializing Cryptoki Library WARNING:pycryptoki.cryptoki.helpers:No DLL Path or Chyrstoki.conf path set in defaults.py looking up DLL path in /etc/Chrystoki.conf DEBUG:pycryptoki.cryptoki.helpers:Searching /etc/Chrystoki.conf for Chrystoki DLL path... Traceback (most recent call last): File "", line 1, in File "C:\Users----\AppData\Local\Programs\Python\Python37\lib\site-packages\pycryptoki\exceptions.py", line 61, in luna_function_exception_handle return_tuple = luna_function(*args, **kwargs) File "C:\Users----\AppData\Local\Programs\Python\Python37\lib\site-packages\pycryptoki\session_management.py", line 83, in c_initialize ret = C_Initialize(init_struct_p) File "C:\Users----\AppData\Local\Programs\Python\Python37\lib\site-packages\pycryptoki\cryptoki\helpers.py", line 248, in luna_function late_binded_function = getattr(CryptokiDLLSingleton().get_dll(), function_name) File "C:\Users----\AppData\Local\Programs\Python\Python37\lib\site-packages\pycryptoki\cryptoki\helpers.py", line 189, in new dll_path = os.environ.get(CRYSTOKI_CONF_DLL, parse_chrystoki_conf()) File "C:\Users----\AppData\Local\Programs\Python\Python37\lib\site-packages\pycryptoki\cryptoki\helpers.py", line 84, in parse_chrystoki_conf dll_path = _search_for_dll_in_chrystoki_conf(conf_path) File "C:\Users----\AppData\Local\Programs\Python\Python37\lib\site-packages\pycryptoki\cryptoki\helpers.py", line 108, in _search_for_dll_in_chrystoki_conf dll_path = config.get("Chrystoki2", "LibNT") File "C:\Users----\AppData\Local\Programs\Python\Python37\lib\configparser.py", line 780, in get d = self._unify_values(section, vars) File "C:\Users----\AppData\Local\Programs\Python\Python37\lib\configparser.py", line 1146, in _unify_values raise NoSectionError(section) from None configparser.NoSectionError: No section: 'Chrystoki2'

[htaymour]

Can you please help me : I'm trying to use the e-token to access SSH remote server authenticating using my card certificate . I installed opensc and tried to access the usb card but with failure. Can you please indicate which DLL's to use to be able to access my token card. I have the safenet client tools installed and I have tried using all the dll under it's subfolder "C:\Program Files\SafeNet\Authentication\SAC\x64>" with no sucess.

PPS C:\Program Files\OpenSC Project\OpenSC\tools> .\pkcs11-tool.exe -L Available slots: Slot 0 (0x0): AKS ifdh 0 (token not recognized)

[astraw38]

Your first error looks like it doesn't have a config file -- a crystoki.ini. Do any other tools work (lunacm, vtl, etc)? If they do, then we can diagnose further, otherwise looks like a installation/config problem (and not specifically related to pycryptoki).

As far as Safenet Authentication Client - unsure, you'd have to check docs/support for that product, it's unrelated to this project unfortunately

[htaymour]

Hello @astraw38 , Thanks alot for your reply and concern and wishing you a great new year. For the first error (AttributeError: function 'C_Initialize' not found), it's still there and yes the safenet authentication tool from gemalto is working fine and authentiationg web sites. Also I have configured ssh access to use CAPI (etoken auth.) on secure CRT and I it's working as I have access to remote ssh server authenticating by the card token with no issue.

I want to use the same authentiation (token card) when using python to ssh to remote server using token authentiation. I use paramiko to gain access to the remote server via ssh. I try to import the certificate (.cer) and use it as ssh key but it looks like it needs to read it from the card and not exported on my local drive to work. Can you help me to build cryptoki.ini and which dll's to point to. Please indicate the path for the file locations.

[astraw38]

I believe there's some confusion about this project -- it's an interface for PKCS11, specifically for use for Thales Luna HSMs. If you're not using the LunaClient/Luna HSM, there would need to be significant forking & changes to support. You could theoretically try to use a PKCS11-compatible DLL/shared lib via the CRYSTOKI_CONF_DLL environment variable (set it directly to a path pointing to the p11 dll).

Beyond that, you'd still need to have an adapter or something for paramiko to use the keystore via pycryptoki/p11. I'd personally think using ssh-agent would be much easier, since there's support for that in paramiko, and I would assume you could hook up CAPI to ssh-agent as well.

[htaymour]

Hello @astraw38 , Yes you are totally correct. I found out that this authentication automation is already implmented with an ssh-agent putty-CAC which reads the token and automatically use it when needed from any application including python ssh connection or even command line direct ssh access. Thanks again :)