How can I modify the VALUE attribute of an existing DATA type object stored on a Nitrokey HSM 2? Preferably via python-pkcs11 or pkcs11-tool
Best way I can find so far is to delete the object and then re-create it, but this adds massive overhead in the operations I’m trying to perform.
PKCS#11 does not require support for changing CKA_VALUE of an existing CKO_DATA object. Only changing CKA_LABEL needs to be supported.
Internally the SmartCard-HSM stores CKO_DATA objects in two EF, one for the PKCS#15 metadata and one for the CKA_VALUE. Deleting a CKO_DATA object affects these two EF only.
The length of CKA_VALUE is actually determined by the length of the EF storing the content. Changing CKA_VALUE with different length would require reallocation of the EF, which is the same overhead as deleting and recreating the EF. Only the case where the length of CKA_VALUE does not change would benefit from a reuse of the EF.
