如何在找到对象后更新特定属性。获取错误方法 C_SetAttributeValue 返回 CKR_ATTRIBUTE_READ_ONLY
How to Update particular Attribute after finding an object. getting error Method C_SetAttributeValue returned CKR_ATTRIBUTE_READ_ONLY
我正在尝试在找到对象后更新属性。尝试过不同的案例。
我的创作代码:
using (var pkcs11 = new Pkcs11(@"C:\SoftHSM2\lib\softhsm2.dll", AppType.SingleThreaded))
{
var slot = pkcs11.GetSlotList(SlotsType.WithTokenPresent)[0];
using (var session = slot.OpenSession(SessionType.ReadWrite))
{
session.Login(CKU.CKU_USER, "1111");
var objectAttributes = new List<ObjectAttribute>
{
new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_DATA),
new ObjectAttribute(CKA.CKA_TOKEN, true),
new ObjectAttribute(CKA.CKA_MODIFIABLE, true),
new ObjectAttribute(CKA.CKA_APPLICATION, txtTypeofData.Text),
new ObjectAttribute(CKA.CKA_LABEL,txtMsisdn.Text),
new ObjectAttribute(CKA.CKA_VALUE, "Data object content original " + DateTime.Now)
};
var result = session.CreateObject(objectAttributes);
session.Logout();
}
}
我的修改代码是:
using (Pkcs11 pkcs11 = new Pkcs11(@"C:\SoftHSM2\lib\softhsm2.dll", AppType.MultiThreaded))
{
var slot = pkcs11.GetSlotList(SlotsType.WithTokenPresent)[0];
using (Session session = slot.OpenSession(SessionType.ReadWrite))
{
session.Login(CKU.CKU_USER, "1111");
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_DATA));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_APPLICATION, txtTypeofData.Text));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, txtMsisdn.Text));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_MODIFIABLE, true));
var findA = session.FindAllObjects(objectAttributes);
if(findA != null && findA.Count > 0)
{
List<ObjectAttribute> objectAttributesNew = new List<ObjectAttribute>();
objectAttributesNew.Add(new ObjectAttribute(CKA.CKA_VALUE, "Data object content two changed " + DateTime.Now));
session.SetAttributeValue(findA[0], objectAttributesNew);
}
session.Logout();
}
}
检查 CKA_MODIFIABLE 是否设置为 TRUE,因为此属性指示数据对象是否为只读。 CKA_MODIFIABLE 默认为 TRUE,只能通过复制对象进行更改。
此外,请注意 PKCS#11 标准中的注释:
attributes which Cryptoki specifies are modifiable may actually not be
modifiable on some tokens. That is, if a Cryptoki attribute is described as being modifiable, that
really means only that it is modifiable insofar as the Cryptoki specification is concerned. A
particular token might not actually support modification of some such attributes.
因此,可能是令牌不允许您更改属性,这不是您的代码的问题。
您观察到的行为似乎特定于 SoftHSM 实现。您可以在其源代码中找到following comment:
// NOTE: There is no mention in the PKCS#11 v2.40 spec that for a Data
// Object the CKA_VALUE attribute may be modified after creation!
// Therefore we assume it is not allowed to change the CKA_VALUE
// attribute of a Data Object.
我正在尝试在找到对象后更新属性。尝试过不同的案例。
我的创作代码:
using (var pkcs11 = new Pkcs11(@"C:\SoftHSM2\lib\softhsm2.dll", AppType.SingleThreaded))
{
var slot = pkcs11.GetSlotList(SlotsType.WithTokenPresent)[0];
using (var session = slot.OpenSession(SessionType.ReadWrite))
{
session.Login(CKU.CKU_USER, "1111");
var objectAttributes = new List<ObjectAttribute>
{
new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_DATA),
new ObjectAttribute(CKA.CKA_TOKEN, true),
new ObjectAttribute(CKA.CKA_MODIFIABLE, true),
new ObjectAttribute(CKA.CKA_APPLICATION, txtTypeofData.Text),
new ObjectAttribute(CKA.CKA_LABEL,txtMsisdn.Text),
new ObjectAttribute(CKA.CKA_VALUE, "Data object content original " + DateTime.Now)
};
var result = session.CreateObject(objectAttributes);
session.Logout();
}
}
我的修改代码是:
using (Pkcs11 pkcs11 = new Pkcs11(@"C:\SoftHSM2\lib\softhsm2.dll", AppType.MultiThreaded))
{
var slot = pkcs11.GetSlotList(SlotsType.WithTokenPresent)[0];
using (Session session = slot.OpenSession(SessionType.ReadWrite))
{
session.Login(CKU.CKU_USER, "1111");
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_DATA));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_APPLICATION, txtTypeofData.Text));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, txtMsisdn.Text));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_MODIFIABLE, true));
var findA = session.FindAllObjects(objectAttributes);
if(findA != null && findA.Count > 0)
{
List<ObjectAttribute> objectAttributesNew = new List<ObjectAttribute>();
objectAttributesNew.Add(new ObjectAttribute(CKA.CKA_VALUE, "Data object content two changed " + DateTime.Now));
session.SetAttributeValue(findA[0], objectAttributesNew);
}
session.Logout();
}
}
检查 CKA_MODIFIABLE 是否设置为 TRUE,因为此属性指示数据对象是否为只读。 CKA_MODIFIABLE 默认为 TRUE,只能通过复制对象进行更改。
此外,请注意 PKCS#11 标准中的注释:
attributes which Cryptoki specifies are modifiable may actually not be modifiable on some tokens. That is, if a Cryptoki attribute is described as being modifiable, that really means only that it is modifiable insofar as the Cryptoki specification is concerned. A particular token might not actually support modification of some such attributes.
因此,可能是令牌不允许您更改属性,这不是您的代码的问题。
您观察到的行为似乎特定于 SoftHSM 实现。您可以在其源代码中找到following comment:
// NOTE: There is no mention in the PKCS#11 v2.40 spec that for a Data
// Object the CKA_VALUE attribute may be modified after creation!
// Therefore we assume it is not allowed to change the CKA_VALUE
// attribute of a Data Object.