cmu setattribute
This function sets any modifiable attributes for an object. An optional input filename can be used to specify a file from which the new attribute values are to be read.
Syntax
cmu setAttribute {-handle=<handle#> | -ouid=<OUID#>} [-inputFile=<filename>] [-label=<label>] [-application=<value>] [-value=<value>] [-issuer=<issuer>] [-serialNumber=<SN>] [-subject=<subject>] [-id=<hex_ID>] [-extractable=<0>] [-startDate=<YYYYMMDD>] [-endDate=<YYYYMMDD>] [-extractable=<0>] [-encrypt=<0/1>] [-decrypt=<0/1>] [-sign=<0/1>] [-verify=<0/1>] [-wrap=<0/1>] [-unwrap=<0/1>] [-derive=<0/1>] [-sensitive=<0/1>]
Argument(s) | Description |
---|---|
-application =<value> | Defines a new value for the application attribute of a data object on the HSM. |
-decrypt=<0/1> | Set to True or False (or 1 or 0). Note that an HSM is typically configured such that functional key attributes cannot be changed, so attempting to change this attribute will be rejected by the HSM. |
-derive=<0/1> | Set to True or False (or 1 or 0). Note that an HSM is typically configured such that functional key attributes cannot be changed, so attempting to change this attribute will be rejected by the HSM. |
-encrypt=<0/1> | Set to True or False (or 1 or 0). Note that an HSM is typically configured such that functional key attributes cannot be changed, so attempting to change this attribute will be rejected by the HSM. |
-endDate=<YYYYMMDD> | Defines a new endDate field for a key on the HSM. The format for the value is YYYYMMDD. |
-extractable=<0> | Defines a new extractable setting for a private key on the HSM. This setting can only be changed from True to False (or from 1 to 0). |
-handle=<handle#> | Defines the handle of the object. If this parameter is omitted and there is only one object on the partition, that object is automatically selected. If this parameter is omitted and there are multiple objects on the partition, the user is asked to select the object. This method of selection applies to Luna HSMs only. On a Luna Cloud HSM service slot, use -ouid. |
-id=<hex_ID> | Defines a new ID field for a key or certificate on the HSM. It must be set to a big-endian hexadecimal integer value. |
-inputFile=<filename> | Names a file from which to obtain additional attribute settings. The settings in this file shall be one per line and of the form: <attributeName>=<attributeValue> |
-issuer=<issuer> | Defines a new issuer attribute for a certificate on the HSM. It must be set to a big-endian hexadecimal integer value. Note that this field is informational, typically set to the DER encoding of the issuer field within the certificate, and changing it does not affect the actual issuer field within the certificate itself. |
-label=<label> | Defines a new label of an object on the HSM. If this parameter is omitted and there is only one object on the partition, that object is automatically selected. If this parameter is omitted and there are multiple objects on the partition, the user is asked to select the object. |
-ouid=<OUID#> | Defines the Object Unified Identifier (OUID) of the object. If this parameter is omitted and there is only one object on the partition, that object is automatically selected. If this parameter is omitted and there are multiple objects on the partition, the user is asked to select the object. This method of selection applies to Luna Cloud HSM services only. On a Luna HSM slot, use -handle. |
-sensitive=<0/1> | Set to True or False (or 1 or 0). Note that an HSM is typically configured such that functional key attributes cannot be changed, so attempting to change this attribute will be rejected by the HSM. |
-serialNumber=<SN> | Defines a new serial number attribute for a certificate on the HSM. It must be set to a big-endian hexadecimal integer value. Note that this field is informational, typically set to the DER encoding of the serial number of the certificate, and changing it does not affect the actual serial number field within the certificate itself. |
-sign=<0/1> | Set to True or False (or 1 or 0). Note that an HSM is typically configured such that functional key attributes cannot be changed, so attempting to change this attribute will be rejected by the HSM. |
-startDate=<YYYYMMDD> | Defines a new startDate field for a key on the HSM. The format for the value is YYYYMMDD. |
-subject=<subject> | Defines a new subject field for an object on the HSM. It must be set to a big-endian hexadecimal integer value. The subject field is typically set to the DER encoding of the subject distinguished name for the key or certificate. Note that the subject is not modifiable for certificate objects once they are created. |
-unwrap=<0/1> | Set to True or False (or 1 or 0). Note that an HSM is typically configured such that functional key attributes cannot be changed, so attempting to change this attribute will be rejected by the HSM. |
-value=<value> | Defines a new value attribute for an object on the HSM. It must be set to a big-endian hexadecimal integer value. Note that the value attribute can be changed only for data objects, not for certificates or keys. |
-verify=<0/1> | Set to True or False (or 1 or 0). Note that an HSM is typically configured such that functional key attributes cannot be changed, so attempting to change this attribute will be rejected by the HSM. |
-wrap=<0/1> | Set to True or False (or 1 or 0). Note that an HSM is typically configured such that functional key attributes cannot be changed, so attempting to change this attribute will be rejected by the HSM. |
See also Common CMU Options.
Example
The following example changes the key with handle 43 to be unextractable:
cmu setAttribute -handle=43 -extractable=False