PyKCS11不可比较的列表 [英] PyKCS11 unhashable list
问题描述
库制造商ID:Safenet,Inc.
可用插槽:4
插槽否:0
slotDescription:ProtectServer K5E:00045
manufacturerID:SafeNet Inc.
TokenInfo
标签:CKM
制造商ID:SafeNet Inc.
型号:K5E :PL25
打开的会话0x00000002
找到38个对象:[5021,5022,5014,5016,4,5,6,7,8,9,16,18,23,24, 26,27,29,30,32,33,35,36,38,39,5313,5314,4982,5325,5326,5328,5329,5331,5332,5335,5018,4962,5020,4963]
我可以打开会话并获取信息。我遇到可疑问题的地方是检索库中所述密钥的属性。
我创建了自己的模板,用于我的规范所需的所需属性,如下所示: p>
all_attributes = PyKCS11.CKA.keys()
#只使用整数值,而不是字符串,如'CKM_RSA_PKCS'
all_attributes = [e for all in all_attributes if isinstance(e,int)]
attributes = [
[CKA_ENCRYPT,PyKCS11.CKA_ENCRYPT],
[CKA_CLASS,PyKCS11 .CKA_CLASS],
[CKA_DECRYPT,PyKCS11.CKA_DECRYPT],
[CKA_SIGN,PyKCS11.CKA_SIGN],
[CKA_VERIFY,PyKCS11.CKA_VERIFY],
[CKA_ID,PyKCS11.CKA_ID],
[CKA_MODULUS,PyKCS11.CKA_MODULUS],
[CKA_MODULUS,PyKCS11.CKA_MODULUS],
[CKA_MODULUS_BITS,PyKCS11.CKA_MODULUS_BITS ],
[CKA_PUBLIC_EXPONENT,PyKCS11.CKA_PUBLIC_EXP ONENT],
[CKA_PRIVATE_EXPONENT,PyKCS11.CKA_PRIVATE_EXPONENT],
]
我得到一个不可分类的类型:'list'TypeError当尝试转储属性在以下块:
打印倾销属性:
for q,a in zip(all_attributes,attributes):
if a == None:
#undefined(CKR_ATTRIBUTE_TYPE_INVALID)属性
continue
if q == PyKCS11.CKA_CLASS:
print format_long%(PyKCS11.CKA [q],PyKCS11.CKO [a],a)
elif q == PyKCS11.CKA_CERTIFICATE_TYPE:
print format_long% (PyKCS11.CKA [q],PyKCS11.CKC [a],a)
elif q == PyKCS11.CKA_KEY_TYPE:
print format_long%(PyKCS11.CKA [q],PyKCS11.CKK [a] ,a)
elif session.isBin(q):
print format_binary%(PyKCS11.CKA [q],len(a))
如果a:
print dump(''。join(map(chr,a)),16),
elif q == PyKCS11.CKA_SERIAL_NUMBER:
print format_binary%(PyKCS11.CKA [ q],len(a))
如果a:
打印hexdump(a,16),
else:
print format_normal%(PyKCS11.CKA [q],a)
此行专门生成错误:
如果q == PyKCS11.CKA_CLASS:
print format_long%(PyKCS11.CKA [q],PyKCS11.CKO [a],a)
我知道你不能使用列表作为dict中的关键字,因为dict键是不可变的。在这种情况下,如何使用元组?
(这个答案是在你的其他问题的上下文中) / p>
要读取PKCS#11对象的属性 o ,可以使用以下代码:
#列出您要阅读的属性
attributeIds = [
CKA_ENCRYPT,
CKA_CLASS,
CKA_DECRYPT ,
CKA_SIGN,
CKA_VERIFY,
CKA_ID,
CKA_MODULUS,
CKA_MODULUS_BITS,
CKA_PUBLIC_EXPONENT,
CKA_PRIVATE_EXPONENT
]
#读取
attributeValues = session.getAttributeValue(o,attributeIds)
#打印它们(变体1 - 更易读)
for i in range 0,len(attributeIds)):
attributeName = CKA [attributeIds [i]]
print(Attribute%s:%s%(attributeName,attributeValues [i]))
#打印他们(变式2 - 更多consise)
为curAttrId,currAttrVale在zip(属性Ids,attributeValues):
attributeName = CKA [curAttrId]
print(Attribute%s:%s%(attributeName,currAttrVale))
一些额外的(随机)笔记:
-
Session.getAttributeValue()方法方法需要一个属性ID列表。您正在构建包含属性名称(字符串)和属性id(int)的列表 - 没有任何转换 - 这不能工作
-
对于RSA私钥,
CKA_PRIVATE_EXPONENT属性很敏感。您可能无法读取它,除非CKA_SENSITIVE属性设置为False(参见例如这里) -
确保只读具体的有效属性对象(基于类型,机制,敏感度...)
-
上面的代码段不使用
PyKCS11。前缀引用PyKCS11对象成员,因为它假定它们是从PyKCS11 import * 指令导入的引用(我不足以告诉你哪个方法是好的) -
属性id < - >属性名映射基于事实,即
PKCS11.CKA字典包含带有int值的字符串键和带有字符串键的int键(您可以自己转载此字典或查看源代码) -
使用<$ c $转储属性可能要容易得多c> print(o)
-
我建议您阅读 PKCS#11标准
-
(如果您引用了您的想法的起源)
祝你好运!
A python script of mine is designed to get detailed information of slots/tokens in a particular .so library. The output looks like this:
Library manufacturerID: Safenet, Inc.
Available Slots: 4
Slot no: 0
slotDescription: ProtectServer K5E:00045
manufacturerID: SafeNet Inc.
TokenInfo
label: CKM
manufacturerID: SafeNet Inc.
model: K5E:PL25
Opened session 0x00000002
Found 38 objects: [5021, 5022, 5014, 5016, 4, 5, 6, 7, 8, 9, 16, 18, 23, 24, 26, 27, 29, 30, 32, 33, 35, 36, 38, 39, 5313, 5314, 4982, 5325, 5326, 5328, 5329, 5331, 5332, 5335, 5018, 4962, 5020, 4963]
I am able to open the session and get the information. Where I run into dubious problems is retrieving the attributes of said keys in the library.
I created my own template for desired attributes needed for my specifications, the following:
all_attributes = PyKCS11.CKA.keys()
# only use the integer values and not the strings like 'CKM_RSA_PKCS'
all_attributes = [e for e in all_attributes if isinstance(e, int)]
attributes = [
["CKA_ENCRYPT", PyKCS11.CKA_ENCRYPT],
["CKA_CLASS", PyKCS11.CKA_CLASS],
["CKA_DECRYPT", PyKCS11.CKA_DECRYPT],
["CKA_SIGN", PyKCS11.CKA_SIGN],
["CKA_VERIFY", PyKCS11.CKA_VERIFY],
["CKA_ID", PyKCS11.CKA_ID],
["CKA_MODULUS", PyKCS11.CKA_MODULUS],
["CKA_MODULUS", PyKCS11.CKA_MODULUS],
["CKA_MODULUS_BITS", PyKCS11.CKA_MODULUS_BITS],
["CKA_PUBLIC_EXPONENT", PyKCS11.CKA_PUBLIC_EXPONENT],
["CKA_PRIVATE_EXPONENT", PyKCS11.CKA_PRIVATE_EXPONENT],
]
I'm getting an unhashable type: 'list' TypeError when trying to dump the attributes on the following block:
print "Dumping attributes:"
for q, a in zip(all_attributes, attributes):
if a == None:
# undefined (CKR_ATTRIBUTE_TYPE_INVALID) attribute
continue
if q == PyKCS11.CKA_CLASS:
print format_long % (PyKCS11.CKA[q], PyKCS11.CKO[a], a)
elif q == PyKCS11.CKA_CERTIFICATE_TYPE:
print format_long % (PyKCS11.CKA[q], PyKCS11.CKC[a], a)
elif q == PyKCS11.CKA_KEY_TYPE:
print format_long % (PyKCS11.CKA[q], PyKCS11.CKK[a], a)
elif session.isBin(q):
print format_binary % (PyKCS11.CKA[q], len(a))
if a:
print dump(''.join(map(chr, a)), 16),
elif q == PyKCS11.CKA_SERIAL_NUMBER:
print format_binary % (PyKCS11.CKA[q], len(a))
if a:
print hexdump(a, 16),
else:
print format_normal % (PyKCS11.CKA[q], a)
This line specifically is generating the error:
if q == PyKCS11.CKA_CLASS:
print format_long % (PyKCS11.CKA[q], PyKCS11.CKO[a], a)
I understand that you can't use a list as the key in a dict, since dict keys need to be immutable. How would I use a tuple in this situation?
(This answer was put together in the context of your other questions)
To read attributes of a PKCS#11 object o you can use the following code:
# List which attributes you want to read
attributeIds = [
CKA_ENCRYPT,
CKA_CLASS,
CKA_DECRYPT,
CKA_SIGN,
CKA_VERIFY,
CKA_ID,
CKA_MODULUS,
CKA_MODULUS_BITS,
CKA_PUBLIC_EXPONENT,
CKA_PRIVATE_EXPONENT
]
# Read them
attributeValues = session.getAttributeValue(o, attributeIds)
# Print them (variant 1 -- more readable)
for i in range(0,len(attributeIds)):
attributeName = CKA[attributeIds[i]]
print("Attribute %s: %s" % (attributeName, attributeValues[i]))
# Print them (variant 2 -- more consise)
for curAttrId, currAttrVale in zip(attributeIds,attributeValues):
attributeName = CKA[curAttrId]
print("Attribute %s: %s" % (attributeName, currAttrVale))
Some additional (random) notes:
the Session.getAttributeValue() method method requires a list of attribute ids. You are constructing a list of "lists containing Attribute name (string) and Attribute id (int)" -- without any conversion -- this can't work
the
CKA_PRIVATE_EXPONENTattribute is sensitive for RSA private keys. You probably won't be able to read it unless theCKA_SENSITIVEattribute is set toFalse(see e.g. here)be sure to read only valid attributes for specific object (based on type, mechanism, sensitivity...)
the snippet above does not use the
PyKCS11.prefix to reference PyKCS11 object members as it assumes they are imported withfrom PyKCS11 import *directive (I am not enough into python to tell you which way is the good one)the attribute id <-> attribute name mapping is based on fact, that the
PKCS11.CKAdictionary contains both string keys with int values and int keys with string keys (you can dump this dictionary yourself or check the source code)it might be much easier to dump the attributes with
print(o)I would recommend reading relevant parts of the PKCS#11 standard
(you might get your answer faster if you referenced the origins of your thoughts)
Good luck!
这篇关于PyKCS11不可比较的列表的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
