简体繁体 English

如何为多个进程缓存eToken PIN

[英]How to cache eToken PIN for multiple processes

原文 2012-02-13 15:39:50 4 1 c#/ security/ x509certificate/ smartcard

I have a .NET (c#) application which uses the x509Certificate2 in the 'my' Certificate Store, originally coming from an eToken device. 我有一个.NET（c＃）应用程序，该应用程序在“我的”证书存储中使用x509Certificate2，该文件最初来自eToken设备。

When I use the certificate (to decrypt data or use it as a clientcert for web requests), it will ask for the device PIN once. 当我使用证书（解密数据或将其用作Web请求的客户端证书）时，它将要求输入设备PIN一次。 After that, it is cached, the user isn't bothered with the password request every xx minutes. 之后，它被缓存，用户不会每隔xx分钟打扰密码请求。

Now, I have multiple processes, that all use the certificate. 现在，我有多个进程，都使用证书。 Each of these processes will request the device PIN. 这些过程中的每一个都将要求设备PIN。 (the cache seems to be per process). （缓存似乎是每个进程的）。

Is there an easy way around this? 有一个简单的方法吗？ Can I 'cache' it somewhere, so that every process can access the token without requesting the PIN over and over again? 我可以将其“缓存”在某个地方，以便每个进程都可以访问令牌而无需一遍又一遍地请求PIN吗？

1 个解决方案

A word of caution: It is really bad security practice to do this kind of 'PIN' caching. 请注意：进行这种“ PIN”缓存确实是非常糟糕的安全实践。 Any credentials should be stored in memory only as briefly as possible in order to avoid attackers to gain information on the PIN by monitoring the system's memory. 任何凭证都应尽可能短暂地存储在内存中，以避免攻击者通过监视系统内存来获取有关PIN的信息。 Although in general this would require local access to the machine, this is still considered a very relevant threat, because most of the time, you don't want sysadmins to snoop into PINs either :) 尽管通常这需要本地访问计算机，但这仍然被认为是非常相关的威胁，因为在大多数情况下，您都不希望系统管理员也窥探到PIN ：)

That said, it's a real PITA for users having to enter the PIN every other second. 就是说，对于必须每隔一秒钟输入PIN的用户来说，这是一个真正的PITA。 As with so many things security, there is the tradeoff between security and usability. 与安全性这么多东西一样，安全性和可用性之间存在权衡。

Many smart card drivers do this form of caching themselves, as you noticed. 如您所注意到的，许多智能卡驱动程序会自己进行这种形式的缓存。 Often there are two certificates/keys on the card, one with non-repudiation key usage deemed for high security operations such as providing a signature on a document, the other one deemed an 'authentication certificate' that is used for ever-recurring chores such as authenticating with a service. 通常在卡上有两个证书/密钥，一个具有不可否认密钥用法，被认为是高安全性操作，例如在文档上提供签名，另一个被认为是用于不断重复的杂务的“认证证书”。通过服务进行身份验证。 Typically, you have to re-enter the PIN each time you access the non-repudiation key, whereas the driver often caches the PIN for the authentication key. 通常，每次访问不可否认密钥时都必须重新输入PIN，而驱动程序通常会为身份验证密钥缓存PIN。

So it really depends on your particular use case - if you consider the operation to be highly critical, I would advise against doing any caching whatsoever. 所以它真的取决于你的特定用例 - 如果你认为这个操作非常关键，我建议你不要做任何缓存。 Try to 'educate' users instead. 尝试“教育”用户。 It's for their own good, etc. etc. :) 这是为了自己的利益，等等。

Otherwise, if you consider the risk to be acceptable, you may use any form of interprocess communication that suits you best to share the PIN across processes. 否则，如果您认为风险可以接受，您可以使用任何形式的进程间通信，最适合您跨进程共享PIN。 A simple solution could be to create a 'PIN file' in a directory that only the application has read/write permissions on. 一个简单的解决方案可能是在只有应用程序具有读/写权限的目录中创建“PIN文件”。 Check for file existence whenever the PIN is needed (beware of race conditions!) - if the file is not present yet, ask for the PIN and write it to the file - otherwise simply read the PIN from the file. 只要需要PIN，就检查文件是否存在（要注意比赛条件！）-如果文件尚不存在，则要求输入PIN并将其写入文件-否则，只需从文件中读取PIN。 Make sure to overwrite the memory with zeroes that was used to convey the PIN. 确保使用用于传送PIN的零覆盖内存。