cmu getattribute
This function outputs any viewable attributes for an object. An optional output filename can be used to direct the output to a file.
Syntax
cmu getAttribute {-handle=<handle#> | -ouid=<OUID#>} [-attributes=<attribute(s)>] [-outputFile=<filename>]
| Argument(s) | Description | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| -attributes=<attribute(s)> |
Lists the attributes to be displayed for the object as a comma-separated list. Multiple instances of this option can also be used to define multiple attributes. If this parameter is omitted, all viewable attributes are displayed.
TIP If the object is not secret, its value can be displayed. If the object is secret, then the output of "value" is simply meaningless place-holder data. |
|||||||||||||||||||||||||||||||||
| -handle=<handle#> |
The object handle. If this parameter is omitted and there is only one object on the partition, that object is automatically selected. If this parameter is omitted and there are multiple objects on the partition, you are prompted to select the object. This method of selection applies to application partitions on Luna HSMs only. On a Luna Cloud HSM service slot, use -ouid. On a Luna keyring, this command-line option returns no information; you must select the object handle from the list when prompted. |
|||||||||||||||||||||||||||||||||
| -ouid=<OUID#> | The Object Unified Identifier (OUID). If this parameter is omitted and there is only one object on the partition, that object is automatically selected. If this parameter is omitted and there are multiple objects on the partition, the user is prompted to select the object. This method of selection |
|||||||||||||||||||||||||||||||||
| -outputFile=<filename> | Defines the filename to which the attribute set is written. If this parameter is omitted, the attribute set is written to the display. |
Common CMU Options
Some options are commonly available to all cmu commands. They are described below.
| Argument(s) | Description |
|---|---|
| -cu | Specifies that you wish to perform the command as the partition's Crypto User. If the CU is not authorized to perform the operation, the command fails. If a role is not specified, the Crypto Officer role is used by default. |
| -lco | Specifies that you wish to perform the command as the partition's Limited Crypto Officer. If the LCO is not authorized to perform the operation, the command fails. If a role is not specified, the Crypto Officer role is used by default. |
|
-password=<password> -pin=<password> |
The password for the role accessing the current slot, with the current command. If this is not specified, it is prompted. |
| -ped=<PED_ID> | Specifies the PED ID for the registered Remote PED that will handle authentication for the current slot, with the current command. You must specify this parameter to use Remote PED authentication. |
| -slot=<slot#> | The slot to be acted upon, by the current command. If this is not specified, it is prompted. |
| -so | Specifies that you wish to perform the command as Partition Security Officer for that slot. If a role is not specified, the Crypto Officer role is used by default. |
Example
The following command outputs all of the viewable attributes for the object with handle 46:
cmu getAttribute -handle=46
The following command outputs the label, public exponent and modulus of key 9 to file keydata.txt:
cmu getAttribute -handle=9 -attribute=label,publicExponent,modulus -outputFile=keydata.txt
