I wouldn’t use PKCS#11 interfaces at all here. I am not sure if any of the PKCS#11 drivers we can use for SmartCard-HSM/Nitrokey HSM can modify those attributes. From a quick look at the code sc-hsm-embedded driver allows only to set CKA_ID and CKA_LABEL via PKCS#11.
I think there are at least two ways to fix it:
- Directly modify PKCS#15 file objects (maybe
getandputoperations fromopensc-explorercan do it) - Take a backup of the key using SmartCard Shell to the
*.wkyfile and modify the file itself, as it was done in the thread mentioned above. Then just restore the key from a modified backup.