发表新帖
发表新帖

PyKCS11 unhashable list

后端 未结
关注
1 849
抹茶落季
抹茶落季 2021-01-17 02:09

A python script of mine is designed to get detailed information of slots/tokens in a particular .so library. The output looks like this:

Library manufacturer
相关标签:
1条回答
  • 旧时难觅i
    2021-01-17 03:01

    (This answer was put together in the context of your other questions)

    To read attributes of a PKCS#11 object o you can use the following code:

    # List which attributes you want to read
attributeIds = [
    CKA_ENCRYPT,
    CKA_CLASS,
    CKA_DECRYPT,
    CKA_SIGN,
    CKA_VERIFY,
    CKA_ID,
    CKA_MODULUS,
    CKA_MODULUS_BITS,
    CKA_PUBLIC_EXPONENT,
    CKA_PRIVATE_EXPONENT
]

# Read them
attributeValues = session.getAttributeValue(o, attributeIds)

# Print them (variant 1 -- more readable)
for i in range(0,len(attributeIds)):
    attributeName = CKA[attributeIds[i]]
    print("Attribute %s: %s" % (attributeName, attributeValues[i]))

# Print them (variant 2 -- more consise)
for curAttrId, currAttrVale in zip(attributeIds,attributeValues):
    attributeName = CKA[curAttrId]
    print("Attribute %s: %s" % (attributeName, currAttrVale))

    Some additional (random) notes:

    • the Session.getAttributeValue() method method requires a list of attribute ids. You are constructing a list of "lists containing Attribute name (string) and Attribute id (int)" -- without any conversion -- this can't work

    • the CKA_PRIVATE_EXPONENT attribute is sensitive for RSA private keys. You probably won't be able to read it unless the CKA_SENSITIVE attribute is set to False (see e.g. here)

    • be sure to read only valid attributes for specific object (based on type, mechanism, sensitivity...)

    • the snippet above does not use the PyKCS11. prefix to reference PyKCS11 object members as it assumes they are imported with from PyKCS11 import * directive (I am not enough into python to tell you which way is the good one)

    • the attribute id <-> attribute name mapping is based on fact, that the PKCS11.CKA dictionary contains both string keys with int values and int keys with string keys (you can dump this dictionary yourself or check the source code)

    • it might be much easier to dump the attributes with print(o)

    • I would recommend reading relevant parts of the PKCS#11 standard

    • (you might get your answer faster if you referenced the origins of your thoughts)

    Good luck!

    0 讨论(0)
 看不清?
提交回复
热议问题