本文介绍了PyKCS11不可比较的列表的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 我的一个python脚本旨在获取特定的.so库中插槽/令牌的详细信息。输出如下所示: 库制造商ID:Safenet,Inc. 可用插槽:4 插槽否:0 slotDescription:ProtectServer K5E:00045 manufacturerID:SafeNet Inc. TokenInfo 标签:CKM 制造商ID:SafeNet Inc. 型号:K5E :PL25 打开的会话0x00000002 找到38个对象:[5021,5022,5014,5016,4,5,6,7,8,9,16,18,23,24, 26,27,29,30,32,33,35,36,38,39,5313,5314,4982,5325,5326,5328,5329,5331,5332,5335,5018,4962,5020,4963] 我可以打开会话并获取信息。我遇到可疑问题的地方是检索库中所述密钥的属性。 我创建了自己的模板,用于我的规范所需的所需属性,如下所示: p> all_attributes = PyKCS11.CKA.keys()#只使用整数值,而不是字符串,如'CKM_RSA_PKCS' all_attributes = [e for all in all_attributes if isinstance(e,int)] attributes = [ [CKA_ENCRYPT,PyKCS11.CKA_ENCRYPT], [CKA_CLASS,PyKCS11 .CKA_CLASS], [CKA_DECRYPT,PyKCS11.CKA_DECRYPT], [CKA_SIGN,PyKCS11.CKA_SIGN], [CKA_VERIFY,PyKCS11.CKA_VERIFY], [CKA_ID,PyKCS11.CKA_ID], [CKA_MODULUS,PyKCS11.CKA_MODULUS], [CKA_MODULUS,PyKCS11.CKA_MODULUS], [CKA_MODULUS_BITS,PyKCS11.CKA_MODULUS_BITS ], [CKA_PUBLIC_EXPONENT,PyKCS11.CKA_PUBLIC_EXP ONENT], [CKA_PRIVATE_EXPONENT,PyKCS11.CKA_PRIVATE_EXPONENT],] 我得到一个不可分类的类型:'list'TypeError当尝试转储属性在以下块: 打印倾销属性: for q,a in zip(all_attributes,attributes): if a == None:#undefined(CKR_ATTRIBUTE_TYPE_INVALID)属性 continue if q == PyKCS11.CKA_CLASS: print format_long%(PyKCS11.CKA [q],PyKCS11.CKO [a],a) elif q == PyKCS11.CKA_CERTIFICATE_TYPE: print format_long% (PyKCS11.CKA [q],PyKCS11.CKC [a],a) elif q == PyKCS11.CKA_KEY_TYPE: print format_long%(PyKCS11.CKA [q],PyKCS11.CKK [a] ,a) elif session.isBin(q): print format_binary%(PyKCS11.CKA [q],len(a))如果a: print dump(''。join(map(chr,a)),16), elif q == PyKCS11.CKA_SERIAL_NUMBER: print format_binary%(PyKCS11.CKA [ q],len(a))如果a:打印hexdump(a,16), else: print format_normal%(PyKCS11.CKA [q],a) 此行专门生成错误: 如果q == PyKCS11.CKA_CLASS: print format_long%(PyKCS11.CKA [q],PyKCS11.CKO [a],a) 我知道你不能使用列表作为dict中的关键字,因为dict键是不可变的。在这种情况下,如何使用元组?解决方案(这个答案是在你的其他问题的上下文中) / p> 要读取PKCS#11对象的属性 o ,可以使用以下代码: #列出您要阅读的属性 attributeIds = [ CKA_ENCRYPT, CKA_CLASS, CKA_DECRYPT , CKA_SIGN, CKA_VERIFY, CKA_ID, CKA_MODULUS, CKA_MODULUS_BITS, CKA_PUBLIC_EXPONENT, CKA_PRIVATE_EXPONENT ] #读取 attributeValues = session.getAttributeValue(o,attributeIds) #打印它们(变体1 - 更易读) for i in range 0,len(attributeIds)): attributeName = CKA [attributeIds [i]] print(Attribute%s:%s%(attributeName,attributeValues [i])) #打印他们(变式2 - 更多consise)为curAttrId,currAttrVale在zip(属性Ids,attributeValues): attributeName = CKA [curAttrId] print(Attribute%s:%s%(attributeName,currAttrVale)) 一些额外的(随机)笔记: Session.getAttributeValue()方法方法需要一个属性ID列表。您正在构建包含属性名称(字符串)和属性id(int)的列表 - 没有任何转换 - 这不能工作 对于RSA私钥, CKA_PRIVATE_EXPONENT 属性很敏感。您可能无法读取它,除非 CKA_SENSITIVE 属性设置为 False (参见例如这里) 确保只读具体的有效属性对象(基于类型,机制,敏感度...) 上面的代码段不使用 PyKCS11。前缀引用PyKCS11对象成员,因为它假定它们是从PyKCS11 import * 指令导入的引用(我不足以告诉你哪个方法是好的) 属性id 属性名映射基于事实,即 PKCS11.CKA 字典包含带有int值的字符串键和带有字符串键的int键(您可以自己转载此字典或查看源代码) 使用 print(o) 我建议您阅读 PKCS#11标准 (如果您引用了您的想法的起源) 祝你好运! A python script of mine is designed to get detailed information of slots/tokens in a particular .so library. The output looks like this:Library manufacturerID: Safenet, Inc. Available Slots: 4Slot no: 0slotDescription: ProtectServer K5E:00045manufacturerID: SafeNet Inc.TokenInfolabel: CKMmanufacturerID: SafeNet Inc.model: K5E:PL25Opened session 0x00000002Found 38 objects: [5021, 5022, 5014, 5016, 4, 5, 6, 7, 8, 9, 16, 18, 23, 24, 26, 27, 29, 30, 32, 33, 35, 36, 38, 39, 5313, 5314, 4982, 5325, 5326, 5328, 5329, 5331, 5332, 5335, 5018, 4962, 5020, 4963]I am able to open the session and get the information. Where I run into dubious problems is retrieving the attributes of said keys in the library.I created my own template for desired attributes needed for my specifications, the following: all_attributes = PyKCS11.CKA.keys() # only use the integer values and not the strings like 'CKM_RSA_PKCS' all_attributes = [e for e in all_attributes if isinstance(e, int)] attributes = [ ["CKA_ENCRYPT", PyKCS11.CKA_ENCRYPT], ["CKA_CLASS", PyKCS11.CKA_CLASS], ["CKA_DECRYPT", PyKCS11.CKA_DECRYPT], ["CKA_SIGN", PyKCS11.CKA_SIGN], ["CKA_VERIFY", PyKCS11.CKA_VERIFY], ["CKA_ID", PyKCS11.CKA_ID], ["CKA_MODULUS", PyKCS11.CKA_MODULUS], ["CKA_MODULUS", PyKCS11.CKA_MODULUS], ["CKA_MODULUS_BITS", PyKCS11.CKA_MODULUS_BITS], ["CKA_PUBLIC_EXPONENT", PyKCS11.CKA_PUBLIC_EXPONENT], ["CKA_PRIVATE_EXPONENT", PyKCS11.CKA_PRIVATE_EXPONENT], ]I'm getting an unhashable type: 'list' TypeError when trying to dump the attributes on the following block: print "Dumping attributes:" for q, a in zip(all_attributes, attributes): if a == None: # undefined (CKR_ATTRIBUTE_TYPE_INVALID) attribute continue if q == PyKCS11.CKA_CLASS: print format_long % (PyKCS11.CKA[q], PyKCS11.CKO[a], a) elif q == PyKCS11.CKA_CERTIFICATE_TYPE: print format_long % (PyKCS11.CKA[q], PyKCS11.CKC[a], a) elif q == PyKCS11.CKA_KEY_TYPE: print format_long % (PyKCS11.CKA[q], PyKCS11.CKK[a], a) elif session.isBin(q): print format_binary % (PyKCS11.CKA[q], len(a)) if a: print dump(''.join(map(chr, a)), 16), elif q == PyKCS11.CKA_SERIAL_NUMBER: print format_binary % (PyKCS11.CKA[q], len(a)) if a: print hexdump(a, 16), else: print format_normal % (PyKCS11.CKA[q], a)This line specifically is generating the error: if q == PyKCS11.CKA_CLASS: print format_long % (PyKCS11.CKA[q], PyKCS11.CKO[a], a)I understand that you can't use a list as the key in a dict, since dict keys need to be immutable. How would I use a tuple in this situation? 解决方案 (This answer was put together in the context of your other questions)To read attributes of a PKCS#11 object o you can use the following code:# List which attributes you want to readattributeIds = [ CKA_ENCRYPT, CKA_CLASS, CKA_DECRYPT, CKA_SIGN, CKA_VERIFY, CKA_ID, CKA_MODULUS, CKA_MODULUS_BITS, CKA_PUBLIC_EXPONENT, CKA_PRIVATE_EXPONENT]# Read themattributeValues = session.getAttributeValue(o, attributeIds)# Print them (variant 1 -- more readable)for i in range(0,len(attributeIds)): attributeName = CKA[attributeIds[i]] print("Attribute %s: %s" % (attributeName, attributeValues[i]))# Print them (variant 2 -- more consise)for curAttrId, currAttrVale in zip(attributeIds,attributeValues): attributeName = CKA[curAttrId] print("Attribute %s: %s" % (attributeName, currAttrVale))Some additional (random) notes:the Session.getAttributeValue() method method requires a list of attribute ids. You are constructing a list of "lists containing Attribute name (string) and Attribute id (int)" -- without any conversion -- this can't workthe CKA_PRIVATE_EXPONENT attribute is sensitive for RSA private keys. You probably won't be able to read it unless the CKA_SENSITIVE attribute is set to False (see e.g. here)be sure to read only valid attributes for specific object (based on type, mechanism, sensitivity...)the snippet above does not use the PyKCS11. prefix to reference PyKCS11 object members as it assumes they are imported with from PyKCS11 import * directive (I am not enough into python to tell you which way is the good one)the attribute id <-> attribute name mapping is based on fact, that the PKCS11.CKA dictionary contains both string keys with int values and int keys with string keys (you can dump this dictionary yourself or check the source code)it might be much easier to dump the attributes with print(o)I would recommend reading relevant parts of the PKCS#11 standard(you might get your answer faster if you referenced the origins of your thoughts)Good luck! 这篇关于PyKCS11不可比较的列表的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!
09-23 00:08