python-PyKCS11不可哈希列表
作者:互联网
我的python脚本旨在获取特定.so库中的插槽/令牌的详细信息.输出看起来像这样:
Library manufacturerID: Safenet, Inc.
Available Slots: 4
Slot no: 0
slotDescription: ProtectServer K5E:00045
manufacturerID: SafeNet Inc.
TokenInfo
label: CKM
manufacturerID: SafeNet Inc.
model: K5E:PL25
Opened session 0x00000002
Found 38 objects: [5021, 5022, 5014, 5016, 4, 5, 6, 7, 8, 9, 16, 18, 23, 24, 26, 27, 29, 30, 32, 33, 35, 36, 38, 39, 5313, 5314, 4982, 5325, 5326, 5328, 5329, 5331, 5332, 5335, 5018, 4962, 5020, 4963]
我可以打开会话并获取信息.我遇到可疑问题的地方是在库中检索所述键的属性.
我为规范所需的所需属性创建了自己的模板,如下所示:
all_attributes = PyKCS11.CKA.keys()
# only use the integer values and not the strings like 'CKM_RSA_PKCS'
all_attributes = [e for e in all_attributes if isinstance(e, int)]
attributes = [
["CKA_ENCRYPT", PyKCS11.CKA_ENCRYPT],
["CKA_CLASS", PyKCS11.CKA_CLASS],
["CKA_DECRYPT", PyKCS11.CKA_DECRYPT],
["CKA_SIGN", PyKCS11.CKA_SIGN],
["CKA_VERIFY", PyKCS11.CKA_VERIFY],
["CKA_ID", PyKCS11.CKA_ID],
["CKA_MODULUS", PyKCS11.CKA_MODULUS],
["CKA_MODULUS", PyKCS11.CKA_MODULUS],
["CKA_MODULUS_BITS", PyKCS11.CKA_MODULUS_BITS],
["CKA_PUBLIC_EXPONENT", PyKCS11.CKA_PUBLIC_EXPONENT],
["CKA_PRIVATE_EXPONENT", PyKCS11.CKA_PRIVATE_EXPONENT],
]
尝试在以下块上转储属性时,我得到了无法散列的类型:“ list” TypeError:
print "Dumping attributes:"
for q, a in zip(all_attributes, attributes):
if a == None:
# undefined (CKR_ATTRIBUTE_TYPE_INVALID) attribute
continue
if q == PyKCS11.CKA_CLASS:
print format_long % (PyKCS11.CKA[q], PyKCS11.CKO[a], a)
elif q == PyKCS11.CKA_CERTIFICATE_TYPE:
print format_long % (PyKCS11.CKA[q], PyKCS11.CKC[a], a)
elif q == PyKCS11.CKA_KEY_TYPE:
print format_long % (PyKCS11.CKA[q], PyKCS11.CKK[a], a)
elif session.isBin(q):
print format_binary % (PyKCS11.CKA[q], len(a))
if a:
print dump(''.join(map(chr, a)), 16),
elif q == PyKCS11.CKA_SERIAL_NUMBER:
print format_binary % (PyKCS11.CKA[q], len(a))
if a:
print hexdump(a, 16),
else:
print format_normal % (PyKCS11.CKA[q], a)
此行专门产生错误:
if q == PyKCS11.CKA_CLASS:
print format_long % (PyKCS11.CKA[q], PyKCS11.CKO[a], a)
我了解您不能将列表用作字典中的键,因为字典键必须是不可变的.在这种情况下,我将如何使用元组?
解决方法:
(此答案是在您其他问题的范围内得出的)
要读取PKCS#11对象的属性,可以使用以下代码:
# List which attributes you want to read
attributeIds = [
CKA_ENCRYPT,
CKA_CLASS,
CKA_DECRYPT,
CKA_SIGN,
CKA_VERIFY,
CKA_ID,
CKA_MODULUS,
CKA_MODULUS_BITS,
CKA_PUBLIC_EXPONENT,
CKA_PRIVATE_EXPONENT
]
# Read them
attributeValues = session.getAttributeValue(o, attributeIds)
# Print them (variant 1 -- more readable)
for i in range(0,len(attributeIds)):
attributeName = CKA[attributeIds[i]]
print("Attribute %s: %s" % (attributeName, attributeValues[i]))
# Print them (variant 2 -- more consise)
for curAttrId, currAttrVale in zip(attributeIds,attributeValues):
attributeName = CKA[curAttrId]
print("Attribute %s: %s" % (attributeName, currAttrVale))
其他一些(随机)注意事项:
> Session.getAttributeValue() method方法需要属性ID的列表.您正在构建“包含属性名称(字符串)和属性ID(整数)的列表”的列表-未经任何转换-这是行不通的
> CKA_PRIVATE_EXPONENT属性对RSA私钥敏感.除非将CKA_SENSITIVE属性设置为False,否则您可能无法读取它(例如参见here)
>确保仅读取特定对象的有效属性(基于类型,机制,灵敏度…)
>上面的代码片段不使用PyKCS11.引用PyKCS11对象成员的前缀,因为它假定它们是从PyKCS11 import *指令中导入的(我不足以在python中告诉您哪种方法是好方法)
>属性ID<->属性名称映射基于以下事实,即PKCS11.CKA字典同时包含具有int值的字符串键和具有int值的int键(您可以自己转储此词典或检查source code)
>使用print(o)转储属性可能会容易得多
>我建议您阅读PKCS#11 standard的相关部分
>(如果您引用the origins of your thoughts,则可能会更快得到答案)
祝好运!
标签:pkcs11,python,list,dictionary,typeerror 来源: https://codeday.me/bug/20191010/1884287.html