Comments (10)
nkostoulas
commented on June 3, 2024
Actually it seems that get_objects(), when specifying label and class, will return an iterator containing multiple entries for the same key. For the same reason, using get_key() raises MultipleObjectsReturned.
from python-pkcs11.
danni
commented on June 3, 2024
This is a strange one. get_objects is a fairly thin wrapper around C_FindObjects. What PKCS#11 library are you using?
If you call get_objects with no filters, what do you get? Does this match pkcs11-tool --list-objects?
Are you using any multi-threading? python-pkcs11 includes locking to prevent using the same Python session twice, but it trusts the PKCS#11 library to keep sessions separate and thread-safe on its side. It doesn't link PKCS#11 to Python's threading semantics, as this doesn't seem widely supported, but due to the GIL nearly all calls from Python into C are defacto threadsafe.
from python-pkcs11.
nkostoulas
commented on June 3, 2024
- get_objects() returns all keys
- get_objects() with Attribute.CLASS: ObjectClass.PUBLIC_KEY/PRIVATE_KEY works fine
- get_objects() with Attribute.KEY_TYPE: KeyType.EC and/or Attribute.LABEL: 'LABEL' works fine
Somehow get_objects() with the combination of Attribute.CLASS: ObjectClass.PUBLIC_KEY/PRIVATE_KEY and Attribute.LABEL: 'LABEL' keeps returning the same key with the generator never ending (need to kill it to stop). Surely must be an issue with the pkcs11 provider (I'm using an HSM provider's custom/private pkcs11 library).
No threading involved.
I tried using pkcs11-tool but it doesn't seem to be included with the pkcs11 distribution. Is it only through OpenSC I can get it now?
from python-pkcs11.
danni
commented on June 3, 2024
It's maintained by OpenSC yes. There's another one, p11tool if you have that.
You could try adding KEY_TYPE and OBJECT_CLASS together? You could also limit it down to some small list and filter manually :-/
It's not unusual for vendor PKCS#11 libraries to have bugs. Which vendor is it? Many vendors expose environment variables to help debug what's going on.
from python-pkcs11.
nkostoulas
commented on June 3, 2024
Yeah I was doing that before. Now I supply the LABEL as well to avoid filtering. It's not really a problem since the generator returns the key I want, though it returns it 325 times instead of one, and I can just get the first item and proceed. It's just weird because instead of returning it once it returns it that many times and makes get_key() unavailable due to MultipleObjectsReturned. Vendor is securosys. I guess I'll try ping them as well. Thanks!
from python-pkcs11.
danni
commented on June 3, 2024
You could also next() on the generator and ignore the fact there's more data.
from python-pkcs11.
nkostoulas
commented on June 3, 2024
Yep π
from python-pkcs11.
danni
commented on June 3, 2024
Did we conclude whether this error is in the PKCS#11 lib or python-pkcs#11?
from python-pkcs11.
nkostoulas
commented on June 3, 2024
I've been told it's an issue with the library for EC keys only. Still waiting to learn the exact reason.
from python-pkcs11.
danni
commented on June 3, 2024
Okay thanks. Closing as a vendor bug.
from python-pkcs11.
Related Issues (20)
- Broken by unpinned Cython 0.29.31: CYTHON_ATOMICS error: lvalue required as left operand of assignment HOT 10
- OverflowError: Python int too large to convert to C ssize_t
- lack of support for generation of `CKK_GENERIC_SECRET` key type.
- Errors in _pkcs11.pyx file: change operand "is" by "=="
- Error received when installing: 'TypeError: can only concatenate tuple (not "list") to tuple' is back HOT 2
- Small Typo in _pkcs11.pyx HOT 5
- How to import X.509v3 digital certificate inside the token or hsm
- 0.7.0: issue with testingπ€ HOT 6
- Can't extract public key from Nitrokey HSM after creation HOT 3
- test opensession softhsmv2 HOT 1
- BUG: sign DATA over 512 bytes doesn't work HOT 3
- Typo in "Applied" docs - Generating Keys
- Python3.6 and earlier do not have annotations HOT 3
- Question regarding get_keys()
- New realese with support for python >= 3.10 on Windows HOT 4
- Cannot install python-pkcs11 using python 3.12 HOT 2
- New release needed HOT 6
- Unable to use 64-bit PKCS#11 libraries (drivers) HOT 2
- segfaulting only on github action
- get_objects() fails with missing enum value HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-pkcs11.