Reputation: 1
Login to AWS HSM as crypto-user, Error: Pkcs11Error: CKR_PIN_INCORRECT while perfomrin: pkcs11.C_Login(session, pkcs11js.CKU_USER, "1234"); in Nodejs
I am using AWS HSM. Followed the AWS HSM Setup guide foor FIPS Mode HSM. Installed CloudHSM Command Line Interface (CLI), Created a user called crypto-user by By logging in to HHSM using CloudHSM CLI. Followed AWS HSM guide to setp up HSM on AWS. After that I installed cloudhsm-pkcs11_latest_u22.04_arm64.deb in the same EC2 instance where the CloudHSM CLI was installed. I gave the /opt/cloudhsm/lib/libcloudhsm_pkcs11.so in the correct location. The below code gives me an error:
const pkcs11js = require("pkcs11js");
let pkcs11 = new pkcs11js.PKCS11();
pkcs11.load("/opt/cloudhsm/lib/libcloudhsm_pkcs11.so");
pkcs11.C_Initialize();
let slot = pkcs11.C_GetSlotList(true)[0];
let session = pkcs11.C_OpenSession(slot,pkcs11js.CKF_RW_SESSION | pkcs11js.CKF_SERIAL_SESSION);
pkcs11.C_Login(session, pkcs11js.CKU_USER, "1234");
** Error: Pkcs11Error: CKR_PIN_INCORRECT** I have already created a password for the crypto user and the correct pin is "1234".
I could login using the clouhsm-cli successfully.
$/opt/cloudhsm/bin/cloudhsm-cli interactive
>login --username example_user --role crypto-user
Ref: https://docs.aws.amazon.com/cloudhsm/latest/userguide/cloudhsm_cli-getting-started.html
Information:
var info = pkcs11.C_GetSessionInfo(session);
console.log("slot: 0x" + slot.toString("hex"));
console.log("session slot ID: 0x" + info.slotID.toString("hex"));
console.log("session state:" + info.state);
console.log("session flags:" + info.flags);
console.log("session deviceError:" + info.deviceError);
Output: slot: 0x0100000000000020 session slot ID: 0x0100000000000020 session state:2 session flags:6 session deviceError:0 response undefined
let tokenInfo = pkcs11.C_GetTokenInfo(slot);
console.log(tokenInfo.flags, "tokenInfo.flags");
console.log(pkcs11js.CKF_USER_PIN_INITIALIZED, "pkcs11js.CKF_USER_PIN_INITIALIZED");
const isPinInitialized = (tokenInfo.flags & pkcs11js.CKF_USER_PIN_INITIALIZED) !== 0;
console.log("Is User PIN Initialized?", isPinInitialized);
console.log("Token Label:", tokenInfo.label.trim());
console.log("Token Locked:", tokenInfo.flags & pkcs11js.CKF_TOKEN_INITIALIZED ? "No" : "Yes");
console.log("Login Required:", tokenInfo.flags & pkcs11js.CKF_LOGIN_REQUIRED ? "Yes" : "No");
console.log("User PIN Initialized:", tokenInfo.flags & pkcs11js.CKF_USER_PIN_INITIALIZED ? "Yes" : "No");
console.log("User PIN Count:", tokenInfo.userPinCount); // Shows remaining PIN tries if available
Output: 1029 tokenInfo.flags 8 pkcs11js.CKF_USER_PIN_INITIALIZED Is User PIN Initialized? false Token Label: hsm1 Token Locked: No Login Required: Yes User PIN Initialized: No User PIN Count: undefined
Can someone help me why I am getting Pkcs11Error: CKR_PIN_INCORRECT even after entering correct pin?
Upvotes: 0
Views: 120
Answers (1)
Reputation: 1
Fixed the issue, the password/pin should be written in this format- username:password
Example if the crypto user's username is abcd and password 1234, then:
pkcs11.C_Login(session, pkcs11js.CKU_USER, "abcd:1234");
Upvotes: 0
Related Questions
- How to fix Error: listen EADDRINUSE while using NodeJS?
- Error: Cannot find module 'aws-sdk' in NodeJS AWS Lambda Function
- Passport.js - Error: failed to serialize user into session
- AWS Elastic BeanStalk nodejs Deployment error
- CloudHSM login/logout error
- HSM: Error while opening connection to the HSM
- signtool fails to sign a binary with a key from a AWS CloudHSM
- Error while downloading multiple files from AWS S3 using Nodejs
- nodejs SSL handshake error on aws