trueToken (c) Seculab.ru

DLL : version 1.16
Firmware : version 1.16
Date : 27 feb 2009
Author : Eugene Koinov, eugene@seculab.ru
Download : truetoken_116.zip
Language : English Russian

trueToken is the first free open source Token technology for dongles available worldwide

By dongle we mean small device connected to USB-port used for data storage and authentication purposes.

Now trueToken is published as compiled modules but we are working on source code publication in the nearest future.

Download trueToken package at: http://www.softwaresecurity.org/token/truetoken_116.zip

trueToken firmware is designed for Senselock EL dongle and turns this software protection device into full-featured PKCS#11 token. Currently we do not change any of Senselock EL PIN codes cause all data protection is implemented within Firmware and depends on User PIN. Without the PIN any users data cannot be deñrypted under any circumstances.

PKCS#11 is a Cryptographic Token Interface Standard by RSA Laboratories. More information about Cryptographic standards you can find at:
http://www.rsasecurity.com/rsalabs/PKCS
and particularly PKCS#11 at:
http://www.rsa.com/rsalabs/node.asp?id=2133

trueToken implementation is based on PKCS#11 v2.11 Standard.

Main trueToken features:

  • 1) Driverless operation in HID-mode;
  • 2) 32kb memory for data storage;
  • 3) internal PIN-dependant 3DES algo data encryption;
  • 4) asymmetric RSA-1024 data encryption/decryption;
  • 5) symmetric DES and 3DES data encryption/decryption;
  • 6) SHA-1 hashing function;
  • 7) sign and verification function using SHA1 + RSA algo;
  • 8) symmetric and asymmetric key generation;

trueToken package consists of :

  • 1. TokenDemo.EXE is the small utility that allows programming blank SenseLock dongles with trueToken firmware and use some basic PKCS#11 functions.
  • 2. SENSELOCK_TOKEN.DLL PKCS#11 interface library.
  • 3. SENSELOCK_TOKEN_DEBUG.DLL PKCS#11 interface library that writes PKCS.log within current active folder. I could be helpful while debugging your applications.

After initalization User PIN is set to "12345678", Administrators PIN to "123456781234567812345678". Lenght of User PIN is 8 symbols, Administrators PIN - 24 symbols.

trueToken based on Senselock EL 64k has 32k for users data, public and private key and can be used for following PKCS#11 Classes:

  • +CKO_DATA
  • +CKO_PUBLIC_KEY
  • +CKO_PRIVATE_KEY
  • +CKO_SECRET_KEY

trueToken PKCS#11 Mechanism implementation list

    CKM_RSA_PKCS_KEY_PAIR_GEN:
  • +Generate Key Pair
    CKM_RSA_PKCS:
  • +Encrypt
  • +Decrypt
  • +Sign
  • +Verify
  • -Wrap
  • -Unwrap
  • -Sign and Recovery
  • -Verify and Recovery
    CKM_SHA1_RSA_PKCS
  • +Sign
  • +Verify
    CKM_DES_KEY_GEN:
  • +Generate Key
    CKM_DES_ECB:
  • +Encrypt
  • +Decrypt
  • -Wrap
  • -Unwrap
    CKM_DES3_KEY_GEN:
  • +Generate Key
    CKM_DES3_ECB:
  • +Encrypt
  • +Decrypt
  • -Wrap
  • -Unwrap

trueToken PKCS#11 Function implementation list

  • +C_Initialize;
  • +C_Finalize;
  • +C_InitToken;
  • +C_GetInfo;
  • +C_GetFunctionList;
  • +C_GetSlotList;
  • +C_GetSlotInfo;
  • +C_GetTokenInfo;
  • +C_GetMechanismInfo;
  • +C_GetMechanismList;
  • -C_InitPIN;
  • +C_SetPIN;
  • +C_OpenSession;
  • +C_CloseSession;
  • +C_GetSessionInfo;
  • +C_Login;
  • +C_Logout;
  • +C_CreateObject;
  • +C_CopyObject;
  • +C_DestroyObject;
  • +C_GetObjectSize;
  • +C_GetAttributeValue;
  • +C_SetAttributeValue;
  • +C_FindObjectsInit;
  • +C_FindObjects;
  • +C_FindObjectsFinal;
  • +C_WaitForSlotEvent;
  • +C_SeedRandom;
  • +C_GenerateRandom;
  • +C_GenerateKey;
  • +C_GenerateKeyPair;
  • -C_WrapKey;
  • -C_UnwrapKey;
  • +C_Encrypt;
  • +C_EncryptInit;
  • +C_EncryptUpdate;
  • +C_EncryptFinal;
  • +C_Decrypt;
  • +C_DecryptInit;
  • +C_DecryptUpdate;
  • +C_DecryptFinal;
  • +C_Digest;
  • +C_DigestInit;
  • +C_DigestUpdate;
  • +C_DigestFinal;
  • +C_Sign;
  • +C_SignInit;
  • +C_SignUpdate;
  • +C_SignFinal;
  • +C_Verify;
  • +C_VerifyInit;
  • +C_VerifyUpdate;
  • +C_VerifyFinal;
  • -C_GetOperationState
  • -C_SetOperationState
  • -C_CopyObject
  • -C_DigestKey
  • -C_SignRecoverInit
  • -C_SignRecover
  • -C_VerifyRecoverInit
  • -C_VerifyRecover
  • -C_DigestEncryptUpdate
  • -C_DecryptDigestUpdate
  • -C_SignEncryptUpdate
  • -C_DecryptVerifyUpdate
  • -C_DeriveKey
  • -C_CancelFunction
  • -C_GetFunctionStatus

Special features:

  • 1) First RSA encryption/decryption call is slower than following calls using the same key. It is connected with caching function that holds the key in cache until next encryption/decryption call using different key.
  • 2) InitPIN function is not implemented. It is connected with internal data decryption using User PIN meantime InitPIN is executed in SO mode.
  • 3) C_GenerateKeyPain generates keys within software interface module and then passes them into the trueToken. It is connected with Senselock EL File OS features.

Following items will be released in the nearest future:

    Source Code will be available for downloading.
    Mechanism:
  • CKM_AES_KEY_GEN
  • CKM_AES_ECB
    Functions:
  • C_WrapKey
  • C_UnwrapKey
  • C_CopyObjects