Troubleshooting Pkcs11Interop with PKCS11-LOGGER

Pkcs11Interop is managed library written in C# that brings full power of PKCS#11 API to the .NET environment. It loads unmanaged PKCS#11 library provided by the cryptographic device vendor and makes its functions accessible to .NET application.

Following figure presents the typical usage of Pkcs11Interop library in .NET application:

Pkcs11interop without PKCS11-LOGGER

Next code sample shows how to load PKCS#11 library via Pkcs11Interop in .NET application:

Due to the complexity of PKCS#11 API it is not rare that user needs to troubleshoot communication problems between application and PKCS#11 library. That is the moment when PKCS11-LOGGER may come handy.

Logger takes place between the application and the original PKCS#11 library. Application calls PKCS#11 function provided by logger, logger calls the same function provided by the original PKCS#11 library and while logging everything it returns the result to the application.

Following figure presents the typical usage of Pkcs11Interop library with PKCS11-LOGGER proxy in .NET application:

Pkcs11interop with PKCS11-LOGGER

Next code sample shows how to load PKCS#11 library via PKCS11-LOGGER and Pkcs11Interop in .NET application:

Analysis of the logged information should be performed by a person familiar with PKCS#11 specifications.

Here’s the short sample of the content extracted from the beginning of the log file:

Warning: Log files produced by PKCS11-LOGGER may contain sensitive information and should not be shared publicly.

Published by

Jaroslav IMRICH

I am former system administrator, now software engineer, open source developer enjoying writing software in C and C# languages, self-proclaimed PKCS#11 guru and guitar addict.