我有一个python脚本，它基本上反映了Attribute Dump实现的功能。在我的2号插槽中，我有一张读卡器可以识别的智能卡。该卡包含一个RSA密钥对和一个x509证书，可以使用openssl显示。设备读取器没有问题，因为会话已打开，显示了正确的供应商信息以及找到的[1]对象。在尝试使用SHA1对消息进行签名时，尝试获取所有可用属性时，我收到一个CKR_ATTRIBUTE_TYPE_INVALID异常。我不确定坏的属性类型发生在哪里，我试图找到罪魁祸首已经有一段时间了，但是没有成功。在

print "Found %d objects: %s" % (len(objects), [x.value() for x in objects])

#-----------------------------CUTOFF FOR BAD ATTRIBUTE TYPE----------------------------
    all_attributes = PyKCS11.CKA.keys()
    # only use the integer values and not the strings like 'CKM_RSA_PKCS'
    all_attributes = [e for e in all_attributes if isinstance(e, int)]
    attributes = [
            ["CKA_ENCRYPT", PyKCS11.CKA_ENCRYPT],
            ["CKA_CLASS", PyKCS11.CKA_CLASS],
            ["CKA_DECRYPT", PyKCS11.CKA_DECRYPT],
            ["CKA_SIGN", PyKCS11.CKA_SIGN],
            ["CKA_VERIFY", PyKCS11.CKA_VERIFY],
            ["CKA_ID", PyKCS11.CKA_ID],
            ["CKA_MODULUS", PyKCS11.CKA_MODULUS],
            ["CKA_MODULUS", PyKCS11.CKA_MODULUS],
            ["CKA_MODULUS_BITS", PyKCS11.CKA_MODULUS_BITS],
            ["CKA_PUBLIC_EXPONENT", PyKCS11.CKA_PUBLIC_EXPONENT],
            ["CKA_PRIVATE_EXPONENT", PyKCS11.CKA_PRIVATE_EXPONENT],
            ]
    for o in objects:
        print
        print (red + "==================== Object: %d ====================" + normal) % o.value()
        attributes = session.getAttributeValue(o, all_attributes)
        attrDict = dict(zip(all_attributes, attributes))
        if attrDict[PyKCS11.CKA_CLASS] == PyKCS11.CKO_PRIVATE \
           and attrDict[PyKCS11.CKA_KEY_TYPE] == PyKCS11.CKK_RSA:
            m = attrDict[PyKCS11.CKA_MODULUS]
            e = attrDict[PyKCS11.CKA_PUBLIC_EXPONENT]
            if m and e:
                mx = eval('0x%s' % ''.join(chr(c) for c in m).encode('hex'))
                ex = eval('0x%s' % ''.join(chr(c) for c in e).encode('hex'))
            if sign:
                try:
                    toSign = "12345678901234567890"  # 20 bytes, SHA1 digest
                    print "* Signing with object 0x%08X following data: %s" % (o.value(), toSign)
                    signature = session.sign(o, toSign)
                    s = ''.join(chr(c) for c in signature).encode('hex')
                    sx = eval('0x%s' % s)
                    print "Signature:"
                    print hexdump(''.join(map(chr, signature)), 16)
                    if m and e:
                        print "Verifying using following public key:"
                        print "Modulus:"
                        print hexdump(''.join(map(chr, m)), 16)
                        print "Exponent:"
                        print hexdump(''.join(map(chr, e)), 16)
                        decrypted = pow(sx, ex, mx)  # RSA
                        print "Decrypted:"
                        d = hexx(decrypted).decode('hex')
                        print hexdump(d, 16)
                        if toSign == d[-20:]:
                            print "*** signature VERIFIED!\n"
                        else:
                            print "*** signature NOT VERIFIED; decrypted value:"
                            print hex(decrypted), "\n"
                    else:
                        print "Unable to verify signature: MODULUS/PUBLIC_EXP not found"
                except:
                    print "Sign failed, exception:", str(sys.exc_info()[1])
            if decrypt:
                if m and e:
                    try:
                        toEncrypt = "12345678901234567890"
                        # note: PKCS1 BT2 padding should be random data,
                        # but this is just a test and we use 0xFF...
                        padded = "\x00\x02%s\x00%s" % ("\xFF" * (128 - (len(toEncrypt)) - 3), toEncrypt)
                        print "* Decrypting with 0x%08X following data: %s" % (o.value(), toEncrypt)
                        print "padded:\n", dump(padded, 16)
                        encrypted = pow(eval('0x%sL' % padded.encode('hex')), ex, mx)  # RSA
                        encrypted1 = hexx(encrypted).decode('hex')
                        print "encrypted:\n", dump(encrypted1, 16)
                        decrypted = session.decrypt(o, encrypted1)
                        decrypted1 = ''.join(chr(i) for i in decrypted)
                        print "decrypted:\n", dump(decrypted1, 16)
                        if decrypted1 == toEncrypt:
                            print "decryption SUCCESSFULL!\n"
                        else:
                            print "decryption FAILED!\n"
                    except:
                        print "Decrypt failed, exception:", str(sys.exc_info()[1])
                else:
                    print "ERROR: Private key don't have MODULUS/PUBLIC_EXP"

        print "Dumping attributes:"
        for q, a in zip(all_attributes, attributes):
            if a == None:
                # undefined (CKR_ATTRIBUTE_TYPE_INVALID) attribute
                continue
            if q == PyKCS11.CKA_CLASS:
                print format_long % (PyKCS11.CKA[q], PyKCS11.CKO[a], a)
            elif q == PyKCS11.CKA_CERTIFICATE_TYPE:
                print format_long % (PyKCS11.CKA[q], PyKCS11.CKC[a], a)
            elif q == PyKCS11.CKA_KEY_TYPE:
                print format_long % (PyKCS11.CKA[q], PyKCS11.CKK[a], a)
            elif session.isBin(q):
                print format_binary % (PyKCS11.CKA[q], len(a))
                if a:
                    print dump(''.join(map(chr, a)), 16),
            elif q == PyKCS11.CKA_SERIAL_NUMBER:
                print format_binary % (PyKCS11.CKA[q], len(a))
                if a:
                    print hexdump(a, 16),
            else:
                print format_normal % (PyKCS11.CKA[q], a)

属性列表中的错误条目类型在上面的代码中。我不知道是什么原因导致了它的失败。在学习了低级API之后，我把自己弄糊涂了。在

构建自己的属性列表是最好的方法吗？在