cmu setattribute

This function sets any modifiable attributes for an object. An optional input filename can be used to specify a file from which the new attribute values are to be read.   

Syntax

cmu setAttribute <parameters>

Required Parameters

Parameter Description
-handle=<handle#>

This is a mandatory parameter that defines the handle to the object on the HSM. If this parameter is omitted and there is only one object on the HSM, that object is automatically selected. If this parameter is omitted and there are multiple objects on the HSM, the user is asked to select the object

Optional Parameters

Parameter Description
-inputFile

 This optional parameter names a file from which to obtain additional attribute settings. The settings in this file shall be one per line and of the form:

attributeName=attributeValue.

-label

 This optional parameter defines a new value for the label of an object on the HSM.

-application

 This optional parameter defines a new value for the application attribute of a data object on the HSM.

-value

 This optional parameter defines a new value attribute for an object on the HSM. It must be set to a big-endian hexadecimal integer value. Note that the value attribute can be changed only for data objects, not for certificates or keys.

-issuer

 This optional parameter defines a new issuer attribute for a certificate on the HSM. It must be set to a big-endian hexadecimal integer value. Note that this field is informational, typically set to the DER encoding of the issuer field within the certificate, and changing it does not affect the actual issuer field within the certificate itself.

-serialNumber

 This optional parameter defines a new serial number attribute for a certificate on the HSM. It must be set to a big-endian hexadecimal integer value. Note that this field is informational, typically set to the DER encoding of the serial number of the certificate, and changing it does not affect the actual serial number field within the certificate itself.

-subject

 This optional parameter defines a new subject field for an object on the HSM. It must be set to a big-endian hexadecimal integer value. The subject field is typically set to the DER encoding of the subject distinguished name for the key or certificate. Note that the subject is not modifiable for certificate objects once they are created.

-id

 This optional parameter defines a new ID field for a key or certificate on the HSM. It must be set to a big-endian hexadecimal integer value.

-extractable

 This optional parameter defines a new extractable setting for a private key on the HSM. This setting can only be changed from True to False (or from 1 to 0).

-encrypt

 Set to True or False (or 1 or 0). Note that an HSM is typically configured such that functional key attributes cannot be changed, so attempting to change this attribute will be rejected by the HSM.

-decrypt

 Set to True or False (or 1 or 0). Note that an HSM is typically configured such that functional key attributes cannot be changed, so attempting to change this attribute will be rejected by the HSM.

-sign

 Set to True or False (or 1 or 0). Note that an HSM is typically configured such that functional key attributes cannot be changed, so attempting to change this attribute will be rejected by the HSM.

-verify

 Set to True or False (or 1 or 0). Note that an HSM is typically configured such that functional key attributes cannot be changed, so attempting to change this attribute will be rejected by the HSM.

-wrap

 Set to True or False (or 1 or 0). Note that an HSM is typically configured such that functional key attributes cannot be changed, so attempting to change this attribute will be rejected by the HSM.

-unwrap

 Set to True or False (or 1 or 0). Note that an HSM is typically configured such that functional key attributes cannot be changed, so attempting to change this attribute will be rejected by the HSM.

-derive

 Set to True or False (or 1 or 0). Note that an HSM is typically configured such that functional key attributes cannot be changed, so attempting to change this attribute will be rejected by the HSM.

-startDate

 This optional parameter defines a new startDate field for a key on the HSM. The format for the value is YYYYMMDD.

-endDate

 This optional parameter defines a new endDate field for a key on the HSM. The format for the value is YYYYMMDD.

-sensitive

Set to True or False (or 1 or 0). Note that an HSM is typically configured such that functional key attributes cannot be changed, so attempting to change this attribute will be rejected by the HSM.   

Example

The following example changes the key with handle 43 to be unextractable:

cmu setAttribute -handle=43 -extractable=False