Pypkcs11¶

Overview¶

Pypkcs11 is an open-source Python wrapper around PKCS#11 C library. Using python’s ctypes library, we can simplify memory management, and provide easy, pythonic access to a PKCS11 shared library.

The primary function of pypkcs11 is to simplify PKCS11 calls. Rather than needing to calculate data sizes, buffers, or other low-level memory manipulation, you simply need to pass in data.

It’s highly recommended that you have the PKCS11 documentation handy, as pypkcs11 uses that as the underlying C interface. Session management, object management, and other concepts are unchanged from PKCS11.

from pypkcs11.default_templates import *
from pypkcs11.defines import *
from pypkcs11.key_generator import *
from pypkcs11.session_management import *


c_initialize()
 # NOTE: Return value checks are omitted for brevity
ret, auth_session = c_open_session(0)   # slot # in this example is 0
login(auth_session, 0, 'userpin')  # 0 is still the slot number, ‘userpin’ should be replaced by your password (None if PED or no challenge)

# Get some default templates
# They are simple python dictionaries, and can be modified to suit needs.
ret, pub_template, priv_template = get_default_key_pair_template(CKM_RSA_PKCS_KEY_PAIR_GEN)

# Modifying template would look like:
pub_template[CKA_LABEL] = b"RSA PKCS Pub Key"
pub_template[CKA_MODULUS_BITS] = 2048   # 2048 key size

ret, pubkey, privkey = c_generate_key_pair(auth_session, CKM_RSA_PKCS_KEY_PAIR_GEN, pub_template, priv_template)
print("Generated Private key at %s and Public key at %s" % (privkey, pubkey))

c_logout(auth_session)
c_close_session(auth_session)
c_finalize()

Getting Started¶

Pypkcs11 can be installed on any machine that has Python installed. Python versions >= 2.7 are supported.:

'PKCS11_LIB' environment variable should contain name of your PKCS#11 library.

Simple Example¶

This example will print out information about the given token slot.

from pypkcs11.session_management import (c_initialize,
                                           c_get_info,
                                           get_firmware_version,
                                           c_get_token_info,
                                           c_finalize)


c_initialize()
print("C_GetInfo: ")
print("\n".join("\t{}: {}".format(x, y) for x, y in c_get_info().items()))
token_info = c_get_token_info(0)
print("C_GetTokenInfo:")
print("\n".join("\t{}: {}".format(x, y) for x, y in token_info.items()))
print("Firmware version: {}".format(get_firmware_version(0)))

c_finalize()

Examples¶

Generating an RSA Key Pair¶

This example creates a 1024b RSA Key Pair.

from pypkcs11.session_management import (c_initialize_ex, c_finalize_ex,
                                           c_open_session_ex, c_close_session_ex,
                                           login_ex)
from pypkcs11.defines import CKM_RSA_PKCS_KEY_PAIR_GEN
from pypkcs11.key_generator import c_generate_key_pair_ex

 # NOTE: Return value checks are omitted for brevity
c_initialize()
ret, session = c_open_session(0)      # 0 -> slot number
login(session, 0, 'userpin')     # 0 -> Slot number, 'userpin' -> token password

# Templates are dictionaries in pypkcs11
pub_template = {CKA_TOKEN: True,
                CKA_PRIVATE: True,
                CKA_MODIFIABLE: True,
                CKA_ENCRYPT: True,
                CKA_VERIFY: True,
                CKA_WRAP: True,
                CKA_MODULUS_BITS: 1024,  # long 0 - MAX_RSA_KEY_NBITS
                CKA_PUBLIC_EXPONENT: 3,  # byte
                CKA_LABEL: b"RSA Public Key"}
priv_template = {CKA_TOKEN: True,
                 CKA_PRIVATE: True,
                 CKA_SENSITIVE: True,
                 CKA_MODIFIABLE: True,
                 CKA_EXTRACTABLE: True,
                 CKA_DECRYPT: True,
                 CKA_SIGN: True,
                 CKA_UNWRAP: True,
                 CKA_LABEL: b"RSA Private Key"}

ret, pub_key, priv_key = c_generate_key_pair(session,
                                         mechanism=CKM_RSA_PKCS_KEY_PAIR_GEN,
                                         pbkey_template=pub_template,
                                         prkey_template=priv_template)

c_close_session(session)
c_finalize()

Encrypting data with AES-256-GCM¶

This example generates a 32-byte AES key, then encrypts some data with that key using the AES-GCM mechanism.

from pypkcs11.session_management import (c_initialize, c_finalize,
                                           c_open_session, c_close_session,
                                           login)
from pypkcs11.defines import (CKM_AES_KEY_GEN,
                                CKA_LABEL,
                                CKA_ENCRYPT,
                                CKA_DECRYPT,
                                CKA_TOKEN,
                                CKA_CLASS,
                                CKA_KEY_TYPE,
                                CKK_AES,
                                CKO_SECRET_KEY,
                                CKA_SENSITIVE,
                                CKA_WRAP,
                                CKA_UNWRAP,
                                CKA_DERIVE,
                                CKA_VALUE_LEN,
                                CKA_EXTRACTABLE,
                                CKA_PRIVATE,
                                CKM_AES_GCM)
from pypkcs11.key_generator import c_generate_key
from pypkcs11.encryption import c_encrypt
from pypkcs11.conversions import to_bytestring, from_hex
from pypkcs11.mechanism import Mechanism

 # NOTE: Return value checks are omitted for brevity
c_initialize()
ret, session = c_open_session(0)      # 0 = slot number
login(session, 0, 'userpin')        # 'userpin' = token password


template = {CKA_LABEL: b"Sample AES Key",
            CKA_ENCRYPT: True,
            CKA_DECRYPT: True,
            CKA_TOKEN: False,
            CKA_CLASS: CKO_SECRET_KEY,
            CKA_KEY_TYPE: CKK_AES,
            CKA_SENSITIVE: True,
            CKA_PRIVATE: True,
            CKA_WRAP: True,
            CKA_UNWRAP: True,
            CKA_DERIVE: True,
            CKA_VALUE_LEN: 32,
            CKA_EXTRACTABLE: True,}
ret, aes_key = c_generate_key(session, CKM_AES_KEY_GEN, template)

# Data is in hex format here
raw_data = "d0d77c63ab61e75a5fd4719fa77cc2de1d817efedcbd43e7663736007672e8c7"

# Convert to raw bytes before passing into c_encrypt:
data_to_encrypt = to_bytestring(from_hex(raw_data))


# Note: static IV is provided for simplicity; use random IVs instead
mechanism = Mechanism(mech_type=CKM_AES_GCM,
                      params={"iv": list(range(16)), 'AAD': b'deadbeef', 'ulTagBits': 32})

ret, static_iv_encrypted_data = c_encrypt(session, aes_key, data_to_encrypt, mechanism)

c_close_session(session)
c_finalize()

Finding a key and decrypting Data¶

This example follows from the previous one, except instead of generating a key, we’ll find one that was already used.

from pypkcs11.session_management import (c_initialize_ex, c_finalize_ex,
                                           c_open_session_ex, c_close_session_ex,
                                           login_ex)
from pypkcs11.object_attr_lookup import c_find_objects_ex
from pypkcs11.defines import (CKM_AES_KEY_GEN,
                                CKA_LABEL,
                                CKA_ENCRYPT,
                                CKA_DECRYPT,
                                CKA_TOKEN,
                                CKA_CLASS,
                                CKA_KEY_TYPE,
                                CKK_AES,
                                CKO_SECRET_KEY,
                                CKA_SENSITIVE,
                                CKA_WRAP,
                                CKA_UNWRAP,
                                CKA_DERIVE,
                                CKA_VALUE_LEN,
                                CKA_EXTRACTABLE,
                                CKA_PRIVATE,
                                CKM_AES_GCM)
from pypkcs11.encryption import c_decrypt
from pypkcs11.conversions import to_bytestring, from_hex
from pypkcs11.mechanism import Mechanism

c_initialize()
ret, session = c_open_session(0)      # 0 = slot number
login(session, 0, 'userpin')        # 'userpin' = token password

template = {CKA_LABEL: b"Sample AES key"}

keys = c_find_objects(session, template, 1)
aes_key = keys.pop(0) # Use the first key found.

# Data is in hex format here
raw_data = "95e28bc6da451f3064d688dd283c5c43a5dd374cb21064df836e2970e1024c2448f129062aacbae3e45abd098b893346"

# Convert to raw bytes before passing into c_decrypt:
data_to_decrypt = to_bytestring(from_hex(raw_data))


# Note: static IV is provided for simplicity; use random IVs instead
mechanism = Mechanism(mech_type=CKM_AES_GCM,
                      params={"iv": list(range(16)), 'AAD': b'deadbeef', 'ulTagBits': 32})
ret, original_data = c_decrypt(session, aes_key, data_to_decrypt, mechanism)

c_close_session(session)
c_finalize()

Frequent Issues ¶

Contents

Frequent Issues
- Wrong data type
- PKCS11 Calling Conventions

Wrong data type ¶

Any cryptographic function working on data (ex. c_encrypt, c_unwrap) will expect a bytestring. A string object in Python2 is by default a bytestring, but in Python3 is a unicode string.

For example:

c_encrypt(session, key, "this is some test data", mechanism)

Will work in Python 2, but NOT Python 3. Instead, use the pypkcs11.conversions module to ensure that any data you pass into the cryptoki library is of the correct form.

Another ‘gotcha’ is that hex data represented as a string that is then used in an encrypt call would result in 2x the length of expected data:

from pypkcs11.conversions import to_bytestring, from_hex
hex_data = "deadbeef"
assert len(hex_data) == 8
raw_data = list(from_hex(hex_data))
assert len(raw_data) == 4
print (raw_data)
# Prints: [222, 173, 190, 239]

Another example:

from pypkcs11.conversions import to_bytestring, from_hex
some_hex_data = "06abde23df89"
data_to_encrypt = to_bytestring(from_hex(some_hex_data))
c_encrypt(session, key, data_to_encrypt, mechanism)

Note

See this article for more details about the differences between unicode and bytestrings in: python: http://lucumr.pocoo.org/2014/1/5/unicode-in-2-and-3/

PKCS11 Calling Conventions ¶

The PKCS11 library has two main methods for returning data to the caller:

Allocate a large enough buffer for the resulting data and make the PKCS11 call with that buffer.

Call the function with a NULL pointer for the buffer. The PKCS11 library will then place the required buffer size in *pulBufLen.

Pypkcs11 will let you perform either method for any function that returns data in a variable-length buffer with the output_buffer keyword argument. This argument takes either an integer, or a list of integers. The integer specifies the size of the buffer to use for the returned output. This means if you use a very small integer, you could get back CKR_BUFFER_TOO_SMALL (and you could also allocate a buffer that is incredibly large – limited by the memory of your system).

By default, pypkcs11 will use method #2 (querying the library for buffer size):

data = b"deadbeef"
c_decrypt(session, key, data, mechanism)

Will result in the raw underlying PKCS11 calls:

DEBUG: Cryptoki call: C_DecryptInit(8, <pypkcs11.cryptoki.CK_MECHANISM object at 0x7f693480c598>, c_ulong(26))
DEBUG: Cryptoki call: C_Decrypt(8, <pypkcs11.cryptoki.LP_c_ubyte object at 0x7f69347df598>, c_ulong(2056), None, <pypkcs11.cryptoki.LP_c_ulong object at 0x7f69347dfbf8>)
DEBUG: Allocating <class 'ctypes.c_ubyte'> buffer of size: 2048
DEBUG: Cryptoki call: C_Decrypt(8, <pypkcs11.cryptoki.LP_c_ubyte object at 0x7f69347df598>, c_ulong(2056), <pypkcs11.cryptoki.LP_c_ubyte object at 0x7f693498c9d8>, <pypkcs11.cryptoki.LP_c_ulong object at 0x7f693498c840>)

Note

None in python is the equivalent to NULL in C.

An example using a pre-allocated buffer:

data = b"deadbeef"
c_decrypt(session, key, data, mechanism, output_buffer=0xffff)

And the resulting PKCS11 calls:

DEBUG: Cryptoki call: C_DecryptInit(8, <pypkcs11.cryptoki.CK_MECHANISM object at 0x7f693480c598>, c_ulong(26))
DEBUG: Allocating <class 'ctypes.c_ubyte'> buffer of size: 2048
DEBUG: Cryptoki call: C_Decrypt(8, <pypkcs11.cryptoki.LP_c_ubyte object at 0x7f69347df598>, c_ulong(2056), <pypkcs11.cryptoki.LP_c_ubyte object at 0x7f693498c9d8>, <pypkcs11.cryptoki.LP_c_ulong object at 0x7f693498c840>)

For multi-part operations, output_buffer should be a list of integers of equal size to the number of parts in the operation:

data = [b"a" * 8, b"b" * 8, b"c" * 8, b"d" * 8]
output_buffer = [0xffff] * len(data)  # Equivalent to: [0xffff, 0xffff, 0xffff, 0xffff]
c_encrypt(session, key, data, mechanism, output_buffer=output_buffer)

For a multi-part operation that returns data in the C_*Final function, the output buffer will be equivalent to the largest buffer size specified in the output_buffer list.

API Reference¶

There are some general guidelines to using pypkcs11:

If you want to perform a PKCS11 operation as a multi-part operation, provide the input data as a list or a tuple.

Data should always be passed into c_ functions as raw byte data (bytestrings). Conversions are available to convert hex data or binary data to bytes at pypkcs11.conversions

Returned encrypted/decrypted data is always raw bytestrings.

Session/Token Management¶

Modules for Token and session creation and management.

Session Management¶

Methods responsible for managing a user’s session and login/c_logout

pypkcs11.session_management.c_close_all_sessions(slot)¶

Closes all the sessions on a given slot

Parameters:	slot – The slot to close all sessions on
Returns:	retcode
Return type:	int

pypkcs11.session_management.c_close_session(h_session)¶

Closes a session

Parameters:	h_session (int) – Session handle
Returns:	retcode
Return type:	int

pypkcs11.session_management.c_finalize()¶

Finalizes PKCS11 usage.

Returns:	retcode

pypkcs11.session_management.c_get_info()¶

Get general information about the Cryptoki Library

Returns a dictionary containing the following keys:

cryptokiVersion

manufacturerID

flags

libraryDescription

libraryVersion

cryptokiVersion and libraryVersion are ~pypkcs11.cryptoki.CK_VERSION structs, and the major/minor values can be accessed directly (info['cryptokiVersion'].major == 2)

Returns:	(retcode, info dictionary)

pypkcs11.session_management.c_get_session_info(session)¶

Get information about the given session.

Parameters:	session (int) – session handle
Returns:	(retcode, dictionary of session information)
Return type:	tuple

pypkcs11.session_management.c_get_slot_info(slot)¶

Get information about the given slot number.

Parameters:	slot (int) – Target slot
Returns:	Dictionary of slot information

pypkcs11.session_management.c_get_slot_list(token_present=True)¶

Get a list of all slots.

Parameters:	token_present (bool) – If true, will only return slots that have a token present.
Returns:	List of slots

pypkcs11.session_management.c_get_token_info(slot_id, rstrip=True)¶

Gets the token info for a given slot id

Parameters:	slot_id (int) – Token slot ID rstrip (bool) – If true, will strip trailing whitespace from char data.
Returns:	(retcode, A python dictionary representing the token info)
Return type:	tuple

pypkcs11.session_management.c_init_pin(h_session, pin)¶

Initializes the PIN

Parameters:	h_session (int) – Session handle pin – pin to c_initialize
Returns:	THe result code

pypkcs11.session_management.c_initialize()¶

Initializes current process for use with PKCS11

Returns:	retcode

pypkcs11.session_management.c_logout(h_session)¶

Logs out of a given session

Parameters:	h_session (int) – Session handle
Returns:	retcode
Return type:	int

pypkcs11.session_management.c_open_session(slot_num, flags=6)¶

Opens a session on the given slot

Parameters:	slot_num (int) – The slot to get a session on flags (int) – The flags to open the session with (Default value = (CKF_SERIAL_SESSION \| CKF_RW_SESSION)
Returns:	(retcode, session handle)
Return type:	tuple

pypkcs11.session_management.c_set_pin(h_session, old_pass, new_pass)¶

Allows a user to change their PIN

Parameters:	h_session (int) – Session handle old_pass – The user’s old password new_pass – The user’s desired new password
Returns:	The result code

pypkcs11.session_management.get_firmware_version(slot)¶

Calls to C_GetTokenInfo for the given slot. Returns a string representing the firmware version.

Parameters:	slot (int) – Token slot number
Returns:	Firmware String in the format “X.Y.Z”, where X is major, Y is minor, Z is subminor.
Return type:	str

pypkcs11.session_management.get_slot_dict(token_present=False)¶

Compiles a dictionary of the available slots

Returns:	A python dictionary of the available slots

pypkcs11.session_management.login(h_session, slot_num=1, password=None, user_type=1)¶

Login to the given session.

Parameters:	h_session (int) – Session handle slot_num (int) – Slot index to login on (Default value = 1) password (bytes) – Password to login with (Default value = “userpin”) user_type (int) – User type to login as (Default value = 1)
Returns:	retcode
Return type:	int

Token Management¶

Created on Aug 24, 2012

@author: mhughes

pypkcs11.token_management.c_get_mechanism_info(slot, mechanism_type)¶

Gets a mechanism’s info

Parameters:	slot – The slot to query mechanism_type – The type of the mechanism to get the information for
Returns:	The result code, The mechanism info

pypkcs11.token_management.c_get_mechanism_list(slot)¶

Gets the list of mechanisms

Parameters:	slot – The slot number to get the mechanism list on
Returns:	The result code, A python dictionary representing the mechanism list

pypkcs11.token_management.c_init_token(slot_num, password, token_label='Main Token')¶

Initializes at token at a given slot with the proper password and label

Parameters:	slot_num – The index of the slot to c_initialize a token in password – The password to c_initialize the slot with token_label – The label to c_initialize the slot with (Default value = ‘Main Token’)
Returns:	The result code

pypkcs11.token_management.get_token_by_label(label)¶

Iterates through all the tokens and returns the first token that has a label that is identical to the one that is passed in

Parameters:	label – The label of the token to search for
Returns:	The result code, The slot of the token

Key Generation and Management¶

Key Generation¶

Methods used to generate keys.

pypkcs11.key_generator.c_copy_object(h_session, h_object, template=None)¶

Method to call the C_CopyObject cryptoki command.

Parameters:	h_session (int) – Session handle h_object (int) – Handle to the object to be cloned template (dict) – Template for the new object. Defaults to None
Returns:	(retcode, Handle to the new cloned object)
Return type:	tuple

pypkcs11.key_generator.c_derive_key(h_session, h_base_key, template, mechanism=None)¶

Derives a key from another key.

Parameters:	h_session (int) – Session handle h_base_key (int) – The base key template (dict) – A python template of attributes to set on derived key mechanism – See the `parse_mechanism()` function for possible values.
Returns:	The result code, The derived key’s handle

pypkcs11.key_generator.c_destroy_object(h_session, h_object_value)¶

Deletes the object corresponsing to the passed in object handle

Parameters:	h_session (int) – Session handle h_object_value (int) – The handle of the object to delete
Returns:	Return code

pypkcs11.key_generator.c_generate_key(h_session, mechanism=None, template=None)¶

Generates a symmetric key of a given flavor given the correct template.

Parameters:	h_session (int) – Session handle template (dict) – The template to use to generate the key mechanism – See the `parse_mechanism()` function for possible values.
Returns:	(retcode, generated key handle)
Rtype tuple:

pypkcs11.key_generator.c_generate_key_pair(h_session, mechanism=None, pbkey_template=None, prkey_template=None)¶

Generates a private and public key pair for a given flavor, and given public and private key templates. The return value will be the handle for the key.

Parameters:	h_session (int) – Session handle pbkey_template (dict) – The public key template to use for key generation prkey_template (dict) – The private key template to use for key generation mechanism – See the `parse_mechanism()` function for possible values.
Returns:	(retcode, public key handle, private key handle)
Return type:	tuple

pypkcs11.key_generator.clear_keys(h_session)¶

Quick hacked together function that can be used to clear the first 10 000 keys.

Parameters:	h_session (int) – Session handle

Encryption/Decryption ¶

Contents

Encryption/Decryption

Encryption ¶

pypkcs11.encryption.c_encrypt(h_session, h_key, data, mechanism, output_buffer=None)¶

Encrypts data with a given key and encryption flavor encryption flavors

Note

If data is a list or tuple of strings, multi-part encryption will be used.

Parameters:	h_session (int) – Current session h_key (int) – The key handle to encrypt the data with data – The data to encrypt, either a bytestring or a list of bytestrings. If this is a list a multipart operation will be used Note This will be converted to hexadecimal by calling: to_hex(from_bytestring(data)) If you need to pass in raw hex data, call: to_bytestring(from_hex(hex-data)) References: `to_hex()` `from_hex()` `to_bytestring()` `from_bytestring()` mechanism – See the `parse_mechanism()` function for possible values. output_buffer (list\|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:	(Retcode, Python bytestring of encrypted data)
Return type:	tuple

Decryption ¶

pypkcs11.encryption.c_decrypt(h_session, h_key, encrypted_data, mechanism, output_buffer=None)¶

Decrypt given data with the given key and mechanism.

Note

If data is a list or tuple of strings, multi-part decryption will be used.

Parameters:	h_session (int) – The session to use h_key (int) – The handle of the key to use to decrypt encrypted_data (bytes) – Data to be decrypted Note Data will be converted to hexadecimal by calling: to_hex(from_bytestring(data)) If you need to pass in raw hex data, call: to_bytestring(from_hex(hex-data)) References: `to_hex()` `from_hex()` `to_bytestring()` `from_bytestring()` mechanism – See the `parse_mechanism()` function for possible values. output_buffer (list\|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:	(Retcode, Python bytestring of decrypted data))
Return type:	tuple

Key Wrapping/Unwrapping ¶

pypkcs11.encryption.c_wrap_key(h_session, h_wrapping_key, h_key, mechanism, output_buffer=None)¶

Wrap a key into an encrypted data blob.

Parameters:	h_session (int) – The session to use h_wrapping_key (int) – The handle of the key to use to wrap another key h_key (int) – The key to wrap based on the encryption flavor mechanism – See the `parse_mechanism()` function for possible values.
Returns:	(Retcode, python bytestring representing wrapped key)
Return type:	tuple

pypkcs11.encryption.c_unwrap_key(h_session, h_unwrapping_key, wrapped_key, key_template, mechanism)¶

Unwrap a key from an encrypted data blob.

Parameters:	h_session (int) – The session to use h_unwrapping_key (int) – The wrapping key handle wrapped_key (bytes) – The wrapped key Note Data will be converted to hexadecimal by calling: to_hex(from_bytestring(data)) If you need to pass in raw hex data, call: to_bytestring(from_hex(hex-data)) References: `to_hex()` `from_hex()` `to_bytestring()` `from_bytestring()` key_template (dict) – The python template representing the new key’s template mechanism – See the `parse_mechanism()` function for possible values.
Returns:	(Retcode, unwrapped key handle)
Return type:	tuple

Multipart Helper ¶

pypkcs11.encryption.do_multipart_operation(h_session, c_update_function, c_finalize_function, input_data_list, output_buffer=None)¶

Some code which will do a multipart encrypt or decrypt since they are the same with just different functions called

Parameters:

h_session (int) – Session handle
c_update_function – C_<NAME>Update function to call to update each operation.
c_finalize_function – Function to call at end of multipart operation.
input_data_list –
List of data to call update function on.
Note

Data will be converted to hexadecimal by calling:
```
to_hex(from_bytestring(data))
```
If you need to pass in raw hex data, call:
```
to_bytestring(from_hex(hex-data))
```
References:
output_buffer (list) – List of integers that specify a size of output buffers to use for multi-part operations. By default will query with NULL pointer buffer to get required size of buffer

Sign/Verify operations ¶

Contents

Sign/Verify operations
- Sign
- Verify

Sign ¶

pypkcs11.sign_verify.c_sign(h_session, h_key, data_to_sign, mechanism, output_buffer=None)¶

Signs the given data with given key and mechanism.

Note

If data is a list or tuple of strings, multi-part operations will be used.

Parameters:	h_session (int) – Session handle data_to_sign – The data to sign, either a string or a list of strings. If this is a list a multipart operation will be used. ex: ”This is a proper argument of some data to use in the function” [“This is another format of data this”, “function will accept.”, “It will operate on these strings in parts”] h_key (int) – The signing key mechanism – See the `parse_mechanism()` function for possible values. output_buffer (list\|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:	(retcode, python string of signed data)
Return type:	tuple

Verify ¶

pypkcs11.sign_verify.c_verify(h_session, h_key, data_to_verify, signature, mechanism)¶

Verifies data with the given signature, key and mechanism.

Note

If data is a list or tuple of strings, multi-part operations will be used.

Parameters:

h_session (int) – Session handle
data_to_verify –
The data to sign, either a string or a list of strings. If this is a list a multipart operation will be used.

ex:
- ”This is a proper argument of some data to use in the function”
- [“This is another format of data this”, “function will accept.”, “It will operate on these strings in parts”]
signature (bytes) – Signature with which to verify the data.
h_key (int) – The verifying key
mechanism – See the parse_mechanism() function for possible values.

Returns:

retcode of verify operation

pypkcs11.sign_verify.do_multipart_verify(h_session, input_data_list, signature)¶

Do a multipart verify operation

Parameters:	h_session (int) – Session handle input_data_list – list of data to verify with signature – signature to verify
Returns:	The result code

Attributes and Conversions¶

This module contains a wrapper around the key attributes and the template struct generation to make it possible to create templates in python and easily convert them into templates in C.

pypkcs11.attributes.KEY_TRANSFORMS CK_ATTRIBUTE Types mapped to Python->C transformation functions¶

class pypkcs11.attributes.Attributes(*args, **kwargs)¶

Python container for handling PKCS11 Attributes.

Provides get_c_struct(), that would returns a list of C Structs, each with the following structure:

class CK_ATTRIBUTE(Structure):
    '''
    Defines type, value and length of an attribute:

    c_ulong type;
    c_void_p pValue;
    c_ulong ulValueLen;
    '''
    pass

This list of structs can be used with C_GetAttributeValue() to get the length of the value that will be placed in pValue (will be set to ulValueLen), or if you already know the length required you can ‘blank fill’ pValue for direct use.

You can also provide new transformations in the form of a dictionary that will be preferred to the KEY_TRANSFORMS dictionary. This is passed in only as a keyword argument:

transform = {1L: lambda x: return x**2}`
attrs = Attributes({...}, new_transforms=transform)
# attrs.get_c_struct will use the lambda expression in the transform dictionary
# for key 1L

static from_c_struct(c_struct)¶

Build out a dictionary from a c_struct.

Parameters:	c_struct – Pointer to an array of `CK_ATTRIBUTE` structs
Returns:	dict

get_c_struct()¶

Build an array of CK_ATTRIBUTE Structs & return it.

Returns:	`CK_ATTRIBUTE` array

pypkcs11.attributes.c_struct_to_python(c_struct)¶

Converts a C struct to a python dictionary.

Parameters:	c_struct – The c struct to convert into a dictionary in python
Returns:	Returns a python dictionary which represents the C struct passed in

pypkcs11.attributes.convert_c_ubyte_array_to_string(byte_array)¶

Converts a ctypes unsigned byte array into a string.

Parameters:	byte_array –

pypkcs11.attributes.ret_type(c_type)¶

Decorator to set a returned C Type so we can determine what type to use for an AutoCArray

Parameters:	c_type – Default return-type of the transform function.

pypkcs11.attributes.to_bool(val, reverse=False)¶

Convert a boolean-ish value to a pValue, ulValueLen tuple.

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pypkcs11.cryptoki.CK_BBOOL`,

ctypes.c_ulong size of bool value)

pypkcs11.attributes.to_byte_array(val, reverse=False)¶

Converts an arbitrarily sized integer, list, or byte array into a byte array.

It’ll zero-pad the bit length so it’s a multiple of 8, then convert the int to binary, split the binary string into sections of 8, then place each section into a slot in a ctypes.c_ubyte array (converting to small int).

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pypkcs11.cryptoki.CK_BYTE` array,

ctypes.c_ulong size of array)

pypkcs11.attributes.to_char_array(val, reverse=False)¶

Convert the given string or list of string values into a char array.

This is slightly different than to_byte_array, which has different assumptions as to the format of the input.

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pypkcs11.cryptoki.CK_CHAR` array,

ctypes.c_ulong size of array)

pypkcs11.attributes.to_ck_date(val, reverse=False)¶

Transform a date string, date dictionary, or date object into a PKCS11 readable form (YYYYMMDD)

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pypkcs11.cryptoki.CK_CHAR` array,

ctypes.c_ulong size of array)

pypkcs11.attributes.to_long(val, reverse=False)¶

Convert a integer/long value to a pValue, ulValueLen tuple

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `ctypes.c_ulong`, `ctypes.c_ulong`

size of long value)

pypkcs11.attributes.to_sub_attributes(val, reverse=False)¶

Convert to another Attributes class & return the struct.

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pypkcs11.cryptoki.CK_ATTRIBUTE` array,

ctypes.c_ulong size of array)

Conversions¶

Provide low-level conversions between common data types.

The from_xyz functions should all return an iterator over a list of integers, representing the individual bytes in the passed-in value.

The to_xyz functions take in an iterable of integers and convert it to the specified type.

Example 1

Convert a raw bytestring to hex¶

raw_bytes = from_bytestring(b"Some test data")
assert raw_bytes = [83, 111, 109, 101, 32, 116, 101, 115, 116, 32, 100, 97, 116, 97]

hex_data = to_hex(from_bytestring(b"Some test data"))
assert hex_data == b'536f6d6520746573742064617461'

Example 2

Convert hex data to a raw bytestring¶

bytestring_data = to_bytestring(from_hex(b'536f6d6520746573742064617461'))
assert bytestring_data == b"Some test data"

raw_bytes = list(from_hex(b'536f6d6520746573742064617461'))
assert raw_bytes == [83, 111, 109, 101, 32, 116, 101, 115, 116, 32, 100, 97, 116, 97]

pypkcs11.conversions.from_bin(bin_)¶

Convert a string-representation of binary into a list of integers.

Parameters:	bin (str) – String representation of binary data (ex: “10110111”)
Returns:	iterator over integers

pypkcs11.conversions.from_bytestring(ascii_)¶

Convert an iterable of strings into an iterable of integers.

Note

For bytestrings on python3, this does effectively nothing, since iterating over a bytestring in python 3 will return integers.

Parameters:	ascii – String to convert
Returns:	iterator

pypkcs11.conversions.from_hex(hex_)¶

Convert a hexademical string to an iterable of integers.

Parameters:	hex (str) – Hex string
Returns:	Iterator

pypkcs11.conversions.to_bin(ascii_)¶

Convert an iterable of integers to a binary representation.

Parameters:	ascii (iterable) – iterable of integers
Returns:	bytestring of the binary values

pypkcs11.conversions.to_bytestring(ascii_)¶

Convert an iterable of integers into a bytestring.

Parameters:	ascii (iterable) – Iterable of integers
Returns:	bytestring

pypkcs11.conversions.to_hex(ints)¶

Convert an iterable of integers to a hexadecimal string.

Parameters:	ints (iterable) – Iterable of integers
Returns:	bytestring representing the hex data.

Mechanisms¶

Conversions for pure-python dictionaries to C struct mechanisms.

To implement a new Mechanism:

Create a new mechanism class, deriving from Mechanism
Set REQUIRED_PARAMS as a class variable. REQUIRED_PARAMS should be a list of strings, defining required parameter keys.
```
class IvMechanism(Mechanism):
    REQUIRED_PARAMS = ['iv']
```

Override to_c_mech() on the new mechanism class. This function can access self.params to get passed-in parameters, and should create the C parameter struct required by the mechanism. This should also return self.mech (which is a CK_MECHANISM struct).

Simple Example¶

class IvMechanism(Mechanism):
    REQUIRED_PARAMS = ['iv']

    def to_c_mech(self):
        super(IvMechanism, self).to_c_mech()
        if len(self.params['iv']) == 0:
            LOG.debug("Setting IV to NULL (using internal)")
            iv_ba = None
            iv_len = 0
        else:
            iv_ba, iv_len = to_byte_array(self.params['iv'])
        self.mech.pParameter = iv_ba
        self.mech.ulParameterLen = iv_len
        return self.mech

Example with a PARAMS struct¶

class AESXTSMechanism(Mechanism):
    REQUIRED_PARAMS = ['cb', 'hTweakKey']

    def to_c_mech(self):
        super(AESXTSMechanism, self).to_c_mech()
        xts_params = CK_AES_XTS_PARAMS()
        xts_params.cb = (CK_BYTE * 16)(*self.params['cb'])
        xts_params.hTweakKey = CK_ULONG(self.params['hTweakKey'])
        self.mech.pParameter = cast(pointer(xts_params), c_void_p)
        self.mech.ulParameterLen = CK_ULONG(sizeof(xts_params))
        return self.mech

Helpers¶

Mechanism base class, as well as helper functions for parsing Mechanism arguments to pypkcs11 functions.

class pypkcs11.mechanism.helpers.Mechanism(mech_type='UNKNOWN', params=None)¶

Bases: object

Base class for pypkcs11 mechanisms. Performs checks for missing parameters w/ created mechs, and creates the base Mechanism Struct for conversion to ctypes.

REQUIRED_PARAMS = []¶

to_c_mech()¶

Create the Mechanism structure & set the mech type to the passed-in flavor.

Returns:	`CK_MECHANISM`

exception pypkcs11.mechanism.helpers.MechanismException¶

Bases: Exception

Exception raised for mechanism errors. Ex: required parameters are missing

pypkcs11.mechanism.helpers.get_c_struct_from_mechanism(python_dictionary, params_type_string)¶

Gets a c struct from a python dictionary representing that struct

Parameters:	python_dictionary – The python dictionary representing the C struct, see `CK_AES_CBC_PAD_EXTRACT_PARAMS` for an example params_type_string – A string representing the parameter struct. ex. for `CK_AES_CBC_PAD_EXTRACT_PARAMS` use the string `CK_AES_CBC_PAD_EXTRACT_PARAMS`
Returns:	A C struct

pypkcs11.mechanism.helpers.get_python_dict_from_c_mechanism(c_mechanism, params_type_string)¶

Gets a python dictionary from a c mechanism’s struct for serialization and easier test case writing

Parameters:	c_mechanism – The c mechanism to convert to a python dictionary params_type_string – A string representing the parameter struct. ex. for `CK_AES_CBC_PAD_EXTRACT_PARAMS` use the string `CK_AES_CBC_PAD_EXTRACT_PARAMS`
Returns:	A python dictionary representing the c struct

pypkcs11.mechanism.helpers.parse_mechanism(mechanism_param)¶

Designed for use with any function call that takes in a mechanism, this will handle a mechanism parameter that is one of the following:

CKM_ integer constant – will create a CK_MECHANISM with only mech_type set.
parse_mechanism(CKM_RSA_PKCS)
# Results in:
mech = CK_MECHANISM()
mech.mechanism = CK_MECHANISM_TYPE(CKM_RSA_PKCS)
mech.pParameter = None
mech.ulParameterLen = 0
Dictionary with mech_type as a mandatory key, and params as an optional key. This will be passed into the Mechanism class for conversion to a CK_MECHANISM.
parse_mechanism({'mech_type': CKM_AES_CBC,
                 'params': {'iv': list(range(8))}})
# Results in:
mech = CK_MECHANISM()
mech.mechanism = CK_MECHANISM_TYPE(CKM_AES_CBC)
iv_ba, iv_len = to_byte_array(list(range(8)))
mech.pParameter = iv_ba
mech.ulParameterLen = iv_len
CK_MECHANISM struct – passed directly into the raw C Call.

Mechanism class – will call to_c_mech() on the class, and use the results.

Note

You can look at REQUIRED_PARAMS on each mechanism class to see what parameters are required.

Parameters:	mechanism_param – Parameter to convert to a C Mechanism.
Returns:	`CK_MECHANISM` struct.

AES Mechanisms¶

AES-specific mechanism implementations.

class pypkcs11.mechanism.aes.AESCBCEncryptDataMechanism(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

AES CBC mechanism for deriving keys from encrypted data.

REQUIRED_PARAMS = ['iv', 'data']¶

to_c_mech()¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pypkcs11.mechanism.aes.AESCTRMechanism(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

AES CTR Mechanism param conversion.

REQUIRED_PARAMS = ['cb', 'ulCounterBits']¶

to_c_mech()¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pypkcs11.mechanism.aes.AESECBEncryptDataMechanism(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

AES mechanism for deriving keys from encrypted data.

REQUIRED_PARAMS = ['data']¶

to_c_mech()¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pypkcs11.mechanism.aes.AESGCMMechanism(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

Creates the AES-GCM specific param structure & converts python types to C types.

REQUIRED_PARAMS = ['iv', 'AAD', 'ulTagBits']¶

to_c_mech()¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pypkcs11.mechanism.aes.AESXTSMechanism(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

Creates the AES-XTS specific param structure & converts python types to C types.

REQUIRED_PARAMS = ['cb', 'hTweakKey']¶

to_c_mech()¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pypkcs11.mechanism.aes.Iv16Mechanism(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

Mech class for flavors that require an IV set in the mechanism. Will default to [1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8] if no IV is passed in

to_c_mech()¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pypkcs11.mechanism.aes.IvMechanism(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

Mech class for flavors that require an IV set in the mechanism. Will default to [0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38] if no IV is passed in

to_c_mech()¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

Generic Mechanisms¶

Generic Mechanisms conversions.

class pypkcs11.mechanism.generic.AutoMech(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

An attempt to examine underlying C Struct and fill in the appropriate fields, making some assumptions about the data. This works best with parameter structs that only have CK_ULONGs within them (though there is a best-effort attempt to handle arrays).

Warning

Do not use this if the mechanism is already defined!

to_c_mech()¶

Attempt to handle generic mechanisms by introspection of the structure.

Returns:	`CK_MECHANISM`

class pypkcs11.mechanism.generic.ConcatenationDeriveMechanism(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

Mechanism class for key derivations. This will take in a second key handle in the parameters, and use it in the resulting Structure.

Warning

This mechanism is disabled in later versions of PCKS11.

REQUIRED_PARAMS = ['h_second_key']¶

to_c_mech()¶

Add in a pointer to the second key in the resulting mech structure.

Returns:	`CK_MECHANISM`

class pypkcs11.mechanism.generic.NullMech(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

Class that creates a mechanism from a flavor with null parameters. Used mostly for signing mechanisms that really don’t need anything else.

to_c_mech()¶

Simply set the pParameter to null pointer.

Returns:	`CK_MECHANISM`

class pypkcs11.mechanism.generic.StringDataDerivationMechanism(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

Mechanism class for key derivation using passed in string data.

REQUIRED_PARAMS = ['data']¶

to_c_mech()¶

Convert data to bytearray, then use in the resulting mech structure.

Returns:	`CK_MECHANISM`

RC Mechanisms¶

RC-related Mechanism implementations

class pypkcs11.mechanism.rc.RC2CBCMechanism(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

Creates required RC2CBC Param structure & converts python data to C data.

REQUIRED_PARAMS = ['usEffectiveBits', 'iv']¶

to_c_mech()¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pypkcs11.mechanism.rc.RC2Mechanism(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

Sets the mechanism parameter to the usEffectiveBits

REQUIRED_PARAMS = ['usEffectiveBits']¶

to_c_mech()¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pypkcs11.mechanism.rc.RC5CBCMechanism(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

Creates required RC5CBC Param structure & converts python data to C data.

REQUIRED_PARAMS = ['ulWordsize', 'ulRounds', 'iv']¶

to_c_mech()¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pypkcs11.mechanism.rc.RC5Mechanism(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

Creates required RC5 Param structure & converts python data to C data.

REQUIRED_PARAMS = ['ulWordsize', 'ulRounds']¶

to_c_mech()¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

RSA Mechanisms¶

RSA-related Mechanism implementations.

class pypkcs11.mechanism.rsa.RSAPKCSOAEPMechanism(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

Create the required RSA_PKCS_OAEP param structure & convert python data to C data.

REQUIRED_PARAMS = ['hashAlg', 'mgf']¶

to_c_mech()¶

Convert extra parameters to ctypes, then build out the mechanism.

Returns:	`CK_MECHANISM`

class pypkcs11.mechanism.rsa.RSAPKCSPSSMechanism(mech_type='UNKNOWN', params=None)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

Create the required RSA_PKCS_PSS param structure & convert python data to C data.

REQUIRED_PARAMS = ['hashAlg', 'mgf']¶

to_c_mech()¶

Uses default salt length of 8. Can be overridden w/ a parameter though.

Returns:	`CK_MECHANISM`

Unbound Mechanisms¶

Unbound vendor specific mechanisms.

class pypkcs11.mechanism.unbound.EcdsaBipDeriveMechanism(isHardened, childNum)¶

Bases: pypkcs11.mechanism.helpers.Mechanism

ECDSA BIP key derivation mechanism Parameters for ECDSA BIP Derive :param Boolean isHardened :param int childNum: The child derivation index.

REQUIRED_PARAMS = ['hardened', 'ulChildNumber']¶

to_c_mech()¶

Create the Param structure, then convert the data into byte arrays.

Returns:	`CK_MECHANISM`

Miscellaneous¶

RNG, Digest, Creating Objects¶

PKCS11 Interface to the following functions:

c_generate_random
c_seed_random
c_digest
c_digestkey
c_create_object

pypkcs11.misc.c_create_object(h_session, template)¶

Creates an object based on a given python template

Parameters:	h_session (int) – Session handle template (dict) – The python template which the object will be based on
Returns:	(retcode, the handle of the object)
Return type:	tuple

pypkcs11.misc.c_digest(h_session, data_to_digest, digest_flavor, mechanism=None, output_buffer=None)¶

Digests some data

Parameters:	h_session (int) – Session handle data_to_digest (bytes) – The data to digest, either a string or a list of strings. If this is a list a multipart operation will be used digest_flavor (int) – The flavour of the mechanism to digest (MD2, SHA-1, HAS-160, SHA224, SHA256, SHA384, SHA512) mechanism – See the `parse_mechanism()` function for possible values. If None will use digest flavor. output_buffer (list\|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:	(retcode, a python string of the digested data)
Return type:	tuple

pypkcs11.misc.c_digestkey(h_session, h_key, digest_flavor, mechanism=None)¶

Digest a key

Parameters:	h_session (int) – Session handle h_key (int) – Key to digest digest_flavor (int) – Digest flavor mechanism – See the `parse_mechanism()` function for possible values. If None will use digest flavor.

pypkcs11.misc.c_generate_random(h_session, length)¶

Generates a sequence of random numbers

Parameters:	h_session (int) – Session handle length (int) – The length in bytes of the random number sequence
Returns:	(retcode, A string of random data)
Return type:	tuple

pypkcs11.misc.c_seed_random(h_session, seed)¶

Seeds the random number generator

Parameters:	h_session (int) – Session handle seed (bytes) – A python string of some seed
Returns:	retcode
Return type:	int

Find Objects, Attribute Setting/Getting¶

Functions for dealing with object attributes

pypkcs11.object_attr_lookup.c_find_objects(h_session, template, num_entries)¶

Calls c_find_objects and c_find_objects_init to get a python dictionary of the objects found.

Parameters:	h_session (int) – Session handle template – A python dictionary of the object template to look for num_entries – The max number of entries to return
Returns:	Returns a list of handles of objects found

pypkcs11.object_attr_lookup.c_get_attribute_value(h_session, h_object, template)¶

Calls C_GetAttrributeValue to get an attribute value based on a python template

Parameters:	h_session (int) – Session handle h_object – The handle of the object to get attributes for template – A python dictionary representing the template of the attributes to be retrieved
Returns:	A python dictionary representing the attributes

pypkcs11.object_attr_lookup.c_set_attribute_value(h_session, h_object, template)¶

Calls C_SetAttributeValue to set an attribute value based on a python template

Parameters:	h_session (int) – Session handle h_object – The handle of the object to get attributes for template – A python dictionary representing the template of the attributes to be written
Returns:	A python dictionary representing the attributes returned

Pypkcs11 Helpers¶

These are various helper modules and functions. They contain constant definitions, C parameter structs, configuration parsing, and default templates.

cryptoki_helpers¶

Helper functions to get us access to the PKCS11 library.

exception pypkcs11.cryptoki_helpers.CryptokiConfigException¶

Bases: pypkcs11.exceptions.CryptokiException

Exception raised when we fail to determine the PKCS11 library location

exception pypkcs11.cryptoki_helpers.CryptokiDLLException(additional_info, orig_error)¶

Bases: Exception

Custom exception class used to print an error when a call to the Cryptoki DLL failed. The late binding makes debugging a little bit more difficult because function calls have to pass through an additional layer of abstraction. This custom exception prints out a quick message detailing exactly what function failed.

class pypkcs11.cryptoki_helpers.CryptokiDLLSingleton¶

Bases: object

A singleton class which holds an instance of the loaded cryptoki DLL object.

get_dll()¶: Get the loaded library (parsed from crystoki.ini/Chrystoki.conf)

loaded_dll_library = None¶

pypkcs11.cryptoki_helpers.log_args(funcname, args)¶

Log function name & arguments for a cryptoki ctypes call.

Parameters:	funcname (str) – Function name args (tuple) – Arguments to be passed to ctypes function.

pypkcs11.cryptoki_helpers.make_late_binding_function(function_name)¶

A function factory for creating a function that will bind to the cryptoki DLL only when the function is called.

Parameters:	function_name –

lookup_dicts¶

Module that contains lookup dictionaries for easy logging of error codes and other constants within pypkcs11.

default_templates¶

File containing a number of templates taken from CKDemo and manually converted into python format. See the attributes.py file for methods to convert them into the proper C format.

pypkcs11.default_templates.get_default_key_pair_template(mechanism)¶

Gets the default template for the given key pair gen mechanism, returns a deep copy

Parameters:	mechanism –

pypkcs11.default_templates.get_default_key_template(mechanism)¶

Gets a default template for the given key gen mechanism, returns a deep copy

Parameters:	mechanism –

defaults¶

A file containing commonly used strings or other data similar to a config file

cryptoki¶

This file contains all of the ctypes definitions for the cryptoki library. The ctypes definitions outline the structures for the cryptoki C API.

class pypkcs11.cryptoki.CK_OTP_SIGNATURE_INFO¶

pParams¶: Structure/Union member

ulCount¶: Structure/Union member

pypkcs11.cryptoki.C_UnwrapKey(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.Int32¶: alias of ctypes.c_long

pypkcs11.cryptoki.C_SetAttributeValue(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_VerifyFinal(*args)¶

Parameters:	args – *kwargs –

class pypkcs11.cryptoki.CK_DATE¶

day¶: Structure/Union member

month¶: Structure/Union member

year¶: Structure/Union member

class pypkcs11.cryptoki.CK_WTLS_PRF_PARAMS¶

DigestMechanism¶: Structure/Union member

pLabel¶: Structure/Union member

pOutput¶: Structure/Union member

pSeed¶: Structure/Union member

pulOutputLen¶: Structure/Union member

ulLabelLen¶: Structure/Union member

ulSeedLen¶: Structure/Union member

pypkcs11.cryptoki.C_GetInfo(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_ATTRIBUTE_PTR¶: alias of pypkcs11.cryptoki.LP_CK_ATTRIBUTE

class pypkcs11.cryptoki.CK_VERSION¶

major¶: Structure/Union member

minor¶: Structure/Union member

pypkcs11.cryptoki.C_WaitForSlotEvent(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_VOID_PTR¶: alias of ctypes.c_void_p

class pypkcs11.cryptoki.CK_MECHANISM_INFO¶

flags¶: Structure/Union member

ulMaxKeySize¶: Structure/Union member

ulMinKeySize¶: Structure/Union member

pypkcs11.cryptoki.Float64¶: alias of ctypes.c_double

pypkcs11.cryptoki.CK_X9_42_DH_KDF_TYPE¶: alias of ctypes.c_ulong

class pypkcs11.cryptoki.CK_INFO¶

cryptokiVersion¶: Structure/Union member

flags¶: Structure/Union member

libraryDescription¶: Structure/Union member

libraryVersion¶: Structure/Union member

manufacturerID¶: Structure/Union member

class pypkcs11.cryptoki.CK_KIP_PARAMS¶

hKey¶: Structure/Union member

pMechanism¶: Structure/Union member

pSeed¶: Structure/Union member

ulSeedLen¶: Structure/Union member

pypkcs11.cryptoki.CK_OTP_PARAM_PTR¶: alias of pypkcs11.cryptoki.LP_CK_OTP_PARAM

class pypkcs11.cryptoki.CK_X9_42_MQV_DERIVE_PARAMS¶

hPrivateData¶: Structure/Union member

kdf¶: Structure/Union member

pOtherInfo¶: Structure/Union member

pPublicData¶: Structure/Union member

pPublicData2¶: Structure/Union member

publicKey¶: Structure/Union member

ulOtherInfoLen¶: Structure/Union member

ulPrivateDataLen¶: Structure/Union member

ulPublicDataLen¶: Structure/Union member

ulPublicDataLen2¶: Structure/Union member

pypkcs11.cryptoki.C_CloseAllSessions(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_SignInit(*args)¶

Parameters:	args – *kwargs –

class pypkcs11.cryptoki.CK_CMS_SIG_PARAMS¶

certificateHandle¶: Structure/Union member

pContentType¶: Structure/Union member

pDigestMechanism¶: Structure/Union member

pRequestedAttributes¶: Structure/Union member

pRequiredAttributes¶: Structure/Union member

pSigningMechanism¶: Structure/Union member

ulRequestedAttributesLen¶: Structure/Union member

ulRequiredAttributesLen¶: Structure/Union member

class pypkcs11.cryptoki.CK_ECMQV_DERIVE_PARAMS¶

hPrivateData¶: Structure/Union member

kdf¶: Structure/Union member

pPublicData¶: Structure/Union member

pPublicData2¶: Structure/Union member

pSharedData¶: Structure/Union member

publicKey¶: Structure/Union member

ulPrivateDataLen¶: Structure/Union member

ulPublicDataLen¶: Structure/Union member

ulPublicDataLen2¶: Structure/Union member

ulSharedDataLen¶: Structure/Union member

pypkcs11.cryptoki.CK_TLS_PRF_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_TLS_PRF_PARAMS

pypkcs11.cryptoki.Word¶: alias of ctypes.c_ulong

class pypkcs11.cryptoki.CK_DES_CTR_PARAMS¶

cb¶: Structure/Union member

ulCounterBits¶: Structure/Union member

pypkcs11.cryptoki.CK_OBJECT_HANDLE¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_MAC_GENERAL_PARAMS¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_EC_MAC_SCHEME¶: alias of ctypes.c_ulong

class pypkcs11.cryptoki.CK_KDF_PRF_PARAMS¶

pContext¶: Structure/Union member

pLabel¶: Structure/Union member

prfType¶: Structure/Union member

ulContextLen¶: Structure/Union member

ulCounter¶: Structure/Union member

ulEncodingScheme¶: Structure/Union member

ulLabelLen¶: Structure/Union member

pypkcs11.cryptoki.CK_ULONG¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_SSL3_MASTER_KEY_DERIVE_PARAMS

pypkcs11.cryptoki.Float¶: alias of ctypes.c_double

pypkcs11.cryptoki.CK_DESTROYMUTEX¶: alias of ctypes.CFUNCTYPE.<locals>.CFunctionType

pypkcs11.cryptoki.CK_ECMQV_DERIVE_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_ECMQV_DERIVE_PARAMS

pypkcs11.cryptoki.SInt8¶: alias of ctypes.c_byte

pypkcs11.cryptoki.CK_DES_CTR_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_DES_CTR_PARAMS

class pypkcs11.cryptoki.CK_RC5_MAC_GENERAL_PARAMS¶

ulMacLength¶: Structure/Union member

ulRounds¶: Structure/Union member

ulWordsize¶: Structure/Union member

pypkcs11.cryptoki.CK_SEED_CTR_PARAMS¶: alias of pypkcs11.cryptoki.CK_AES_CTR_PARAMS

pypkcs11.cryptoki.CK_LKM_TOKEN_ID¶: alias of pypkcs11.cryptoki.CK_LKM_TOKEN_ID_S

class pypkcs11.cryptoki.CK_CLUSTER_STATE¶

bMembers¶: Structure/Union member

ulMemberStatus¶: Structure/Union member

pypkcs11.cryptoki.eInitMsgs¶: alias of ctypes.c_int

pypkcs11.cryptoki.CK_FLAGS¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_HA_MEMBER_PTR¶: alias of pypkcs11.cryptoki.LP_CK_HA_MEMBER

pypkcs11.cryptoki.C_Digest(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.BYTE¶: alias of ctypes.c_ubyte

pypkcs11.cryptoki.C_SignEncryptUpdate(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_MECHANISM_TYPE_PTR¶: alias of pypkcs11.cryptoki.LP_c_ulong

pypkcs11.cryptoki.CK_XOR_BASE_DATA_KDF_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_XOR_BASE_DATA_KDF_PARAMS

class pypkcs11.cryptoki.CK_SESSION_INFO¶

flags¶: Structure/Union member

slotID¶: Structure/Union member

state¶: Structure/Union member

usDeviceError¶: Structure/Union member

class pypkcs11.cryptoki.CK_WTLS_KEY_MAT_OUT¶

hKey¶: Structure/Union member

hMacSecret¶: Structure/Union member

pIV¶: Structure/Union member

class pypkcs11.cryptoki.CK_WTLS_KEY_MAT_PARAMS¶

DigestMechanism¶: Structure/Union member

RandomInfo¶: Structure/Union member

bIsExport¶: Structure/Union member

pReturnedKeyMaterial¶: Structure/Union member

ulIVSizeInBits¶: Structure/Union member

ulKeySizeInBits¶: Structure/Union member

ulMacSizeInBits¶: Structure/Union member

ulSequenceNumber¶: Structure/Union member

pypkcs11.cryptoki.C_DigestEncryptUpdate(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.UInt16¶: alias of ctypes.c_ushort

pypkcs11.cryptoki.CK_RSA_PKCS_MGF_TYPE_PTR¶: alias of pypkcs11.cryptoki.LP_c_ulong

class pypkcs11.cryptoki.CK_SKIPJACK_RELAYX_PARAMS¶

pNewPassword¶: Structure/Union member

pNewPublicData¶: Structure/Union member

pNewRandomA¶: Structure/Union member

pOldPassword¶: Structure/Union member

pOldPublicData¶: Structure/Union member

pOldRandomA¶: Structure/Union member

pOldWrappedX¶: Structure/Union member

ulNewPasswordLen¶: Structure/Union member

ulNewPublicDataLen¶: Structure/Union member

ulNewRandomLen¶: Structure/Union member

ulOldPasswordLen¶: Structure/Union member

ulOldPublicDataLen¶: Structure/Union member

ulOldRandomLen¶: Structure/Union member

ulOldWrappedXLen¶: Structure/Union member

pypkcs11.cryptoki.C_EncryptFinal(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_EC_KDF_TYPE¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_CREATEMUTEX¶: alias of ctypes.CFUNCTYPE.<locals>.CFunctionType

class pypkcs11.cryptoki.CK_KEY_WRAP_SET_OAEP_PARAMS¶

bBC¶: Structure/Union member

pX¶: Structure/Union member

ulXLen¶: Structure/Union member

pypkcs11.cryptoki.CK_SESSION_INFO_PTR¶: alias of pypkcs11.cryptoki.LP_CK_SESSION_INFO

pypkcs11.cryptoki.CK_CHAR_PTR¶: alias of pypkcs11.cryptoki.LP_c_ubyte

pypkcs11.cryptoki.CK_RC5_MAC_GENERAL_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_RC5_MAC_GENERAL_PARAMS

pypkcs11.cryptoki.CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_LKM_TOKEN_ID_PTR¶: alias of pypkcs11.cryptoki.LP_CK_LKM_TOKEN_ID_S

pypkcs11.cryptoki.PointerDifference¶: alias of ctypes.c_long

class pypkcs11.cryptoki.CK_RC2_MAC_GENERAL_PARAMS¶

ulMacLength¶: Structure/Union member

usEffectiveBits¶: Structure/Union member

pypkcs11.cryptoki.CK_SESSION_HANDLE¶: alias of ctypes.c_ulong

class pypkcs11.cryptoki.CK_SLOT_INFO¶

firmwareVersion¶: Structure/Union member

flags¶: Structure/Union member

hardwareVersion¶: Structure/Union member

manufacturerID¶: Structure/Union member

slotDescription¶: Structure/Union member

pypkcs11.cryptoki.CK_SESSION_HANDLE_PTR¶: alias of pypkcs11.cryptoki.LP_c_ulong

pypkcs11.cryptoki.CK_RC2_MAC_GENERAL_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_RC2_MAC_GENERAL_PARAMS

pypkcs11.cryptoki.CK_SKIPJACK_PRIVATE_WRAP_PTR¶: alias of pypkcs11.cryptoki.LP_CK_SKIPJACK_PRIVATE_WRAP_PARAMS

pypkcs11.cryptoki.C_SetOperationState(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_CERTIFICATE_TYPE¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_OBJECT_CLASS¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.C_VerifyRecover(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_VerifyRecoverInit(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_DigestKey(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_KEY_TYPE¶: alias of ctypes.c_ulong

class pypkcs11.cryptoki.CK_RSA_PKCS_PSS_PARAMS¶

hashAlg¶: Structure/Union member

mgf¶: Structure/Union member

usSaltLen¶: Structure/Union member

pypkcs11.cryptoki.UInt32¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_AES_XTS_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_AES_XTS_PARAMS

pypkcs11.cryptoki.C_OpenSession(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_WTLS_RANDOM_DATA_PTR¶: alias of pypkcs11.cryptoki.LP_CK_WTLS_RANDOM_DATA

pypkcs11.cryptoki.CK_RSA_PKCS_PSS_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_RSA_PKCS_PSS_PARAMS

class pypkcs11.cryptoki.CK_RC2_CBC_PARAMS¶

iv¶: Structure/Union member

usEffectiveBits¶: Structure/Union member

pypkcs11.cryptoki.CK_ARIA_CTR_PARAMS¶: alias of pypkcs11.cryptoki.CK_AES_CTR_PARAMS

class pypkcs11.cryptoki.CK_CAMELLIA_CTR_PARAMS¶

cb¶: Structure/Union member

ulCounterBits¶: Structure/Union member

pypkcs11.cryptoki.CK_AES_CBC_PAD_INSERT_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_AES_CBC_PAD_INSERT_PARAMS

pypkcs11.cryptoki.CK_WTLS_KEY_MAT_OUT_PTR¶: alias of pypkcs11.cryptoki.LP_CK_WTLS_KEY_MAT_OUT

class pypkcs11.cryptoki.CK_PKCS5_PBKD2_PARAMS¶

iterations¶: Structure/Union member

pPassword¶: Structure/Union member

pPrfData¶: Structure/Union member

pSaltSourceData¶: Structure/Union member

prf¶: Structure/Union member

saltSource¶: Structure/Union member

ulPrfDataLen¶: Structure/Union member

ulSaltSourceDataLen¶: Structure/Union member

usPasswordLen¶: Structure/Union member

pypkcs11.cryptoki.Int64¶: alias of ctypes.c_long

class pypkcs11.cryptoki.CK_X9_42_DH2_DERIVE_PARAMS¶

hPrivateData¶: Structure/Union member

kdf¶: Structure/Union member

pOtherInfo¶: Structure/Union member

pPublicData¶: Structure/Union member

pPublicData2¶: Structure/Union member

ulOtherInfoLen¶: Structure/Union member

ulPrivateDataLen¶: Structure/Union member

ulPublicDataLen¶: Structure/Union member

ulPublicDataLen2¶: Structure/Union member

pypkcs11.cryptoki.CK_STATE¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.C_Verify(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_DecryptFinal(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.Byte¶: alias of ctypes.c_ubyte

pypkcs11.cryptoki.CK_FUNCTION_LIST_PTR¶: alias of pypkcs11.cryptoki.LP_CK_FUNCTION_LIST

pypkcs11.cryptoki.CK_AES_GMAC_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_AES_GCM_PARAMS

pypkcs11.cryptoki.CK_CAMELLIA_CTR_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_CAMELLIA_CTR_PARAMS

class pypkcs11.cryptoki.CK_SSL3_RANDOM_DATA¶

pClientRandom¶: Structure/Union member

pServerRandom¶: Structure/Union member

ulClientRandomLen¶: Structure/Union member

ulServerRandomLen¶: Structure/Union member

class pypkcs11.cryptoki.CK_SSL3_KEY_MAT_PARAMS¶

RandomInfo¶: Structure/Union member

bIsExport¶: Structure/Union member

pReturnedKeyMaterial¶: Structure/Union member

ulIVSizeInBits¶: Structure/Union member

ulKeySizeInBits¶: Structure/Union member

ulMacSizeInBits¶: Structure/Union member

pypkcs11.cryptoki.CK_KIP_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_KIP_PARAMS

pypkcs11.cryptoki.CK_OTP_SIGNATURE_INFO_PTR¶: alias of pypkcs11.cryptoki.LP_CK_OTP_SIGNATURE_INFO

class pypkcs11.cryptoki.CK_WTLS_RANDOM_DATA¶

pClientRandom¶: Structure/Union member

pServerRandom¶: Structure/Union member

ulClientRandomLen¶: Structure/Union member

ulServerRandomLen¶: Structure/Union member

pypkcs11.cryptoki.CK_USHORT¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_PRF_KDF_PARAMS¶: alias of pypkcs11.cryptoki.CK_KDF_PRF_PARAMS

pypkcs11.cryptoki.CK_X9_42_DH1_DERIVE_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_X9_42_DH1_DERIVE_PARAMS

pypkcs11.cryptoki.UInt¶: alias of ctypes.c_uint

pypkcs11.cryptoki.CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR¶: alias of pypkcs11.cryptoki.LP_c_ulong

pypkcs11.cryptoki.fwResultCode¶: alias of ctypes.c_int

pypkcs11.cryptoki.CK_MECHANISM_TYPE¶: alias of ctypes.c_ulong

class pypkcs11.cryptoki.CK_ATTRIBUTE¶

pValue¶: Structure/Union member

type¶: Structure/Union member

usValueLen¶: Structure/Union member

class pypkcs11.cryptoki.CK_MECHANISM¶

mechanism¶: Structure/Union member

pParameter¶: Structure/Union member

ulParameterLen¶: Structure/Union member

pypkcs11.cryptoki.C_Encrypt(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_INFO_PTR¶: alias of pypkcs11.cryptoki.LP_CK_INFO

pypkcs11.cryptoki.CK_ARIA_CTR_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_AES_CTR_PARAMS

pypkcs11.cryptoki.C_SignRecoverInit(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_BYTE¶: alias of ctypes.c_ubyte

class pypkcs11.cryptoki.CK_SSL3_KEY_MAT_OUT¶

hClientKey¶: Structure/Union member

hClientMacSecret¶: Structure/Union member

hServerKey¶: Structure/Union member

hServerMacSecret¶: Structure/Union member

pIVClient¶: Structure/Union member

pIVServer¶: Structure/Union member

pypkcs11.cryptoki.CK_GetTotalOperations¶: alias of ctypes.CFUNCTYPE.<locals>.CFunctionType

pypkcs11.cryptoki.CK_SLOT_INFO_PTR¶: alias of pypkcs11.cryptoki.LP_CK_SLOT_INFO

pypkcs11.cryptoki.CK_KEA_DERIVE_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_KEA_DERIVE_PARAMS

pypkcs11.cryptoki.CK_BYTE_PTR¶: alias of pypkcs11.cryptoki.LP_c_ubyte

pypkcs11.cryptoki.HalfWord¶: alias of ctypes.c_ushort

pypkcs11.cryptoki.CK_VOID_PTR_PTR¶: alias of pypkcs11.cryptoki.LP_c_void_p

pypkcs11.cryptoki.CT_TokenHndle¶: alias of pypkcs11.cryptoki.LP_CT_Token

pypkcs11.cryptoki.C_SetPIN(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_GenerateKey(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_InitPIN(*args)¶

Parameters:	args – *kwargs –

class pypkcs11.cryptoki.CK_ECIES_PARAMS¶

dhPrimitive¶: Structure/Union member

encScheme¶: Structure/Union member

kdf¶: Structure/Union member

macScheme¶: Structure/Union member

pSharedData1¶: Structure/Union member

pSharedData2¶: Structure/Union member

ulEncKeyLenInBits¶: Structure/Union member

ulMacKeyLenInBits¶: Structure/Union member

ulMacLenInBits¶: Structure/Union member

ulSharedDataLen1¶: Structure/Union member

ulSharedDataLen2¶: Structure/Union member

class pypkcs11.cryptoki.CK_AES_CTR_PARAMS¶

cb¶: Structure/Union member

ulCounterBits¶: Structure/Union member

class pypkcs11.cryptoki.CK_LKM_TOKEN_ID_S¶

id¶: Structure/Union member

pypkcs11.cryptoki.CK_X9_42_DH2_DERIVE_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_X9_42_DH2_DERIVE_PARAMS

pypkcs11.cryptoki.CK_KEY_WRAP_SET_OAEP_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_KEY_WRAP_SET_OAEP_PARAMS

pypkcs11.cryptoki.CK_PARAM_TYPE¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.ResultCodeValue¶: alias of ctypes.c_int

class pypkcs11.cryptoki.CK_ECDH1_DERIVE_PARAMS¶

kdf¶: Structure/Union member

pPublicData¶: Structure/Union member

pSharedData¶: Structure/Union member

ulPublicDataLen¶: Structure/Union member

ulSharedDataLen¶: Structure/Union member

pypkcs11.cryptoki.CK_RC2_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_c_ulong

pypkcs11.cryptoki.CK_WTLS_PRF_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_WTLS_PRF_PARAMS

pypkcs11.cryptoki.C_FindObjectsFinal(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_RC2_CBC_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_RC2_CBC_PARAMS

pypkcs11.cryptoki.C_Login(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_CreateObject(*args)¶

Parameters:	args – *kwargs –

class pypkcs11.cryptoki.CK_KEA_DERIVE_PARAMS¶

isSender¶: Structure/Union member

pPublicData¶: Structure/Union member

pRandomA¶: Structure/Union member

pRandomB¶: Structure/Union member

ulPublicDataLen¶: Structure/Union member

ulRandomLen¶: Structure/Union member

pypkcs11.cryptoki.UInt64¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_LONG¶: alias of ctypes.c_long

pypkcs11.cryptoki.CK_OBJECT_HANDLE_PTR¶: alias of pypkcs11.cryptoki.LP_c_ulong

pypkcs11.cryptoki.Int¶: alias of ctypes.c_int

class pypkcs11.cryptoki.CK_AES_CBC_PAD_EXTRACT_PARAMS¶

ctxID¶: Structure/Union member

pBuffer¶: Structure/Union member

pbFileName¶: Structure/Union member

pedId¶: Structure/Union member

pulBufferLen¶: Structure/Union member

ulDeleteAfterExtract¶: Structure/Union member

ulHandle¶: Structure/Union member

ulStorage¶: Structure/Union member

ulType¶: Structure/Union member

pypkcs11.cryptoki.CK_SKIPJACK_RELAYX_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_SKIPJACK_RELAYX_PARAMS

class pypkcs11.cryptoki.CK_TLS_PRF_PARAMS¶

pLabel¶: Structure/Union member

pOutput¶: Structure/Union member

pSeed¶: Structure/Union member

pulOutputLen¶: Structure/Union member

ulLabelLen¶: Structure/Union member

ulSeedLen¶: Structure/Union member

pypkcs11.cryptoki.CK_SLOT_ID¶: alias of ctypes.c_ulong

class pypkcs11.cryptoki.CT_Token¶

pypkcs11.cryptoki.C_VerifyInit(*args)¶

Parameters:	args – *kwargs –

class pypkcs11.cryptoki.CK_SKIPJACK_PRIVATE_WRAP_PARAMS¶

pBaseG¶: Structure/Union member

pPassword¶: Structure/Union member

pPrimeP¶: Structure/Union member

pPublicData¶: Structure/Union member

pRandomA¶: Structure/Union member

pSubprimeQ¶: Structure/Union member

ulPAndGLen¶: Structure/Union member

ulPublicDataLen¶: Structure/Union member

ulQLen¶: Structure/Union member

ulRandomLen¶: Structure/Union member

usPasswordLen¶: Structure/Union member

pypkcs11.cryptoki.CK_LOCKMUTEX¶: alias of ctypes.CFUNCTYPE.<locals>.CFunctionType

pypkcs11.cryptoki.CK_EC_ENC_SCHEME¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_MECHANISM_INFO_PTR¶: alias of pypkcs11.cryptoki.LP_CK_MECHANISM_INFO

pypkcs11.cryptoki.CK_OTP_PARAM_TYPE¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_AES_GMAC_PARAMS¶: alias of pypkcs11.cryptoki.CK_AES_GCM_PARAMS

pypkcs11.cryptoki.CK_PBE_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_PBE_PARAMS

class pypkcs11.cryptoki.CK_ARIA_CBC_ENCRYPT_DATA_PARAMS¶

iv¶: Structure/Union member

length¶: Structure/Union member

pData¶: Structure/Union member

pypkcs11.cryptoki.C_SeedRandom(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.HANDLE¶: alias of ctypes.c_int

pypkcs11.cryptoki.C_CancelFunction(*args)¶

Parameters:	args – *kwargs –

class pypkcs11.cryptoki.CK_HA_STATUS¶

groupSerial¶: Structure/Union member

listSize¶: Structure/Union member

memberList¶: Structure/Union member

pypkcs11.cryptoki.C_Initialize(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_RSA_PKCS_OAEP_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_RSA_PKCS_OAEP_PARAMS

pypkcs11.cryptoki.C_InitToken(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_GetSlotList(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_GetMechanismInfo(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.Boolean¶: alias of ctypes.c_ubyte

pypkcs11.cryptoki.CK_WTLS_KEY_MAT_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_WTLS_KEY_MAT_PARAMS

class pypkcs11.cryptoki.CK_RC5_PARAMS¶

ulRounds¶: Structure/Union member

ulWordsize¶: Structure/Union member

pypkcs11.cryptoki.C_SignFinal(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_AES_CTR_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_AES_CTR_PARAMS

pypkcs11.cryptoki.CK_USHORT_PTR¶: alias of pypkcs11.cryptoki.LP_c_ulong

pypkcs11.cryptoki.CK_PKCS5_PBKD2_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_PKCS5_PBKD2_PARAMS

pypkcs11.cryptoki.CK_AES_CBC_PAD_EXTRACT_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_AES_CBC_PAD_EXTRACT_PARAMS

pypkcs11.cryptoki.CK_ECDH2_DERIVE_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_ECDH2_DERIVE_PARAMS

class pypkcs11.cryptoki.CK_DES_CBC_ENCRYPT_DATA_PARAMS¶

iv¶: Structure/Union member

length¶: Structure/Union member

pData¶: Structure/Union member

class pypkcs11.cryptoki.CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS¶

iv¶: Structure/Union member

length¶: Structure/Union member

pData¶: Structure/Union member

pypkcs11.cryptoki.C_GenerateKeyPair(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CKA_SIM_AUTH_FORM¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_HW_FEATURE_TYPE¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_CLUSTER_STATE_PTR¶: alias of pypkcs11.cryptoki.LP_CK_CLUSTER_STATE

pypkcs11.cryptoki.C_GetTokenInfo(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_VERSION_PTR¶: alias of pypkcs11.cryptoki.LP_CK_VERSION

pypkcs11.cryptoki.C_DecryptInit(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.SInt32¶: alias of ctypes.c_long

pypkcs11.cryptoki.CK_ULONG_PTR¶: alias of pypkcs11.cryptoki.LP_c_ulong

pypkcs11.cryptoki.CK_KDF_PRF_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_KDF_PRF_PARAMS

class pypkcs11.cryptoki.CK_AES_CBC_ENCRYPT_DATA_PARAMS¶

iv¶: Structure/Union member

length¶: Structure/Union member

pData¶: Structure/Union member

pypkcs11.cryptoki.CK_KEY_DERIVATION_STRING_DATA_PTR¶: alias of pypkcs11.cryptoki.LP_CK_KEY_DERIVATION_STRING_DATA

pypkcs11.cryptoki.ULong¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_DES_CBC_ENCRYPT_DATA_PARAMS

pypkcs11.cryptoki.CK_SLOT_ID_PTR¶: alias of pypkcs11.cryptoki.LP_c_ulong

pypkcs11.cryptoki.CK_RV¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_NOTIFY¶: alias of ctypes.CFUNCTYPE.<locals>.CFunctionType

pypkcs11.cryptoki.C_VerifyUpdate(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_X9_42_MQV_DERIVE_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_X9_42_MQV_DERIVE_PARAMS

pypkcs11.cryptoki.CK_X9_42_DH_KDF_TYPE_PTR¶: alias of pypkcs11.cryptoki.LP_c_ulong

pypkcs11.cryptoki.CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_ARIA_CBC_ENCRYPT_DATA_PARAMS

pypkcs11.cryptoki.C_Sign(*args)¶

Parameters:	args – *kwargs –

class pypkcs11.cryptoki.CK_X9_42_DH1_DERIVE_PARAMS¶

kdf¶: Structure/Union member

pOtherInfo¶: Structure/Union member

pPublicData¶: Structure/Union member

ulOtherInfoLen¶: Structure/Union member

ulPublicDataLen¶: Structure/Union member

pypkcs11.cryptoki.C_GetFunctionList(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_GetOperationState(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_BBOOL¶: alias of ctypes.c_ubyte

class pypkcs11.cryptoki.CK_ECDH2_DERIVE_PARAMS¶

hPrivateData¶: Structure/Union member

kdf¶: Structure/Union member

pPublicData¶: Structure/Union member

pPublicData2¶: Structure/Union member

pSharedData¶: Structure/Union member

ulPrivateDataLen¶: Structure/Union member

ulPublicDataLen¶: Structure/Union member

ulPublicDataLen2¶: Structure/Union member

ulSharedDataLen¶: Structure/Union member

pypkcs11.cryptoki.CK_OBJECT_CLASS_PTR¶: alias of pypkcs11.cryptoki.LP_c_ulong

pypkcs11.cryptoki.CK_RC2_PARAMS¶: alias of ctypes.c_ulong

class pypkcs11.cryptoki.CK_OTP_PARAM¶

pValue¶: Structure/Union member

type¶: Structure/Union member

usValueLen¶: Structure/Union member

class pypkcs11.cryptoki.CK_TOKEN_INFO¶

firmwareVersion¶: Structure/Union member

flags¶: Structure/Union member

hardwareVersion¶: Structure/Union member

label¶: Structure/Union member

manufacturerID¶: Structure/Union member

model¶: Structure/Union member

serialNumber¶: Structure/Union member

ulFreePrivateMemory¶: Structure/Union member

ulFreePublicMemory¶: Structure/Union member

ulTotalPrivateMemory¶: Structure/Union member

ulTotalPublicMemory¶: Structure/Union member

usMaxPinLen¶: Structure/Union member

usMaxRwSessionCount¶: Structure/Union member

usMaxSessionCount¶: Structure/Union member

usMinPinLen¶: Structure/Union member

usRwSessionCount¶: Structure/Union member

usSessionCount¶: Structure/Union member

utcTime¶: Structure/Union member

class pypkcs11.cryptoki.CK_RSA_PKCS_OAEP_PARAMS¶

hashAlg¶: Structure/Union member

mgf¶: Structure/Union member

pSourceData¶: Structure/Union member

source¶: Structure/Union member

ulSourceDataLen¶: Structure/Union member

pypkcs11.cryptoki.CK_SSL3_KEY_MAT_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_SSL3_KEY_MAT_PARAMS

pypkcs11.cryptoki.C_Logout(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.SizeType¶: alias of ctypes.c_uint

pypkcs11.cryptoki.C_Decrypt(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_EXTRACT_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_c_ulong

pypkcs11.cryptoki.CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS

pypkcs11.cryptoki.CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR¶: alias of pypkcs11.cryptoki.LP_c_ulong

pypkcs11.cryptoki.C_DecryptDigestUpdate(*args)¶

Parameters:	args – *kwargs –

class pypkcs11.cryptoki.CK_AES_XTS_PARAMS¶

cb¶: Structure/Union member

hTweakKey¶: Structure/Union member

class pypkcs11.cryptoki.CK_AES_GCM_PARAMS¶

pAAD¶: Structure/Union member

pIv¶: Structure/Union member

ulAADLen¶: Structure/Union member

ulIvBits¶: Structure/Union member

ulIvLen¶: Structure/Union member

ulTagBits¶: Structure/Union member

pypkcs11.cryptoki.CK_HA_STATE_PTR¶: alias of pypkcs11.cryptoki.LP_CK_HA_STATUS

class pypkcs11.cryptoki.CK_XOR_BASE_DATA_KDF_PARAMS¶

kdf¶: Structure/Union member

pSharedData¶: Structure/Union member

ulSharedDataLen¶: Structure/Union member

pypkcs11.cryptoki.C_Finalize(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_GetSlotInfo(*args)¶

Parameters:	args – *kwargs –

class pypkcs11.cryptoki.CK_HA_MEMBER¶

memberSerial¶: Structure/Union member

memberStatus¶: Structure/Union member

pypkcs11.cryptoki.C_FindObjectsInit(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_RSA_PKCS_OAEP_SOURCE_TYPE¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_UNLOCKMUTEX¶: alias of ctypes.CFUNCTYPE.<locals>.CFunctionType

class pypkcs11.cryptoki.CK_RC5_CBC_PARAMS¶

pIv¶: Structure/Union member

ulIvLen¶: Structure/Union member

ulRounds¶: Structure/Union member

ulWordsize¶: Structure/Union member

pypkcs11.cryptoki.CK_KDF_PRF_ENCODING_SCHEME¶: alias of ctypes.c_ulong

class pypkcs11.cryptoki.CK_PBE_PARAMS¶

pInitVector¶: Structure/Union member

pPassword¶: Structure/Union member

pSalt¶: Structure/Union member

usIteration¶: Structure/Union member

usPasswordLen¶: Structure/Union member

usSaltLen¶: Structure/Union member

pypkcs11.cryptoki.CK_USER_TYPE¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.C_GetMechanismList(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_WTLS_MASTER_KEY_DERIVE_PARAMS

pypkcs11.cryptoki.C_GetAttributeValue(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_GetFunctionStatus(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_OTP_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_OTP_PARAMS

class pypkcs11.cryptoki.CK_SSL3_MASTER_KEY_DERIVE_PARAMS¶

RandomInfo¶: Structure/Union member

pVersion¶: Structure/Union member

pypkcs11.cryptoki.CK_UTF8CHAR_PTR¶: alias of pypkcs11.cryptoki.LP_c_ubyte

class pypkcs11.cryptoki.swapper¶

bytes¶: Structure/Union member

words¶: Structure/Union member

pypkcs11.cryptoki.C_WrapKey(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_ATTRIBUTE_TYPE¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_AES_CBC_ENCRYPT_DATA_PARAMS

pypkcs11.cryptoki.SInt16¶: alias of ctypes.c_short

pypkcs11.cryptoki.C_DestroyObject(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR¶: alias of pypkcs11.cryptoki.LP_c_ulong

pypkcs11.cryptoki.C_GetSessionInfo(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.Int16¶: alias of ctypes.c_short

pypkcs11.cryptoki.CK_SSL3_KEY_MAT_OUT_PTR¶: alias of pypkcs11.cryptoki.LP_CK_SSL3_KEY_MAT_OUT

pypkcs11.cryptoki.CK_CHAR¶: alias of ctypes.c_ubyte

pypkcs11.cryptoki.UInt8¶: alias of ctypes.c_ubyte

pypkcs11.cryptoki.CK_CMS_SIG_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_CMS_SIG_PARAMS

pypkcs11.cryptoki.C_DeriveKey(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_DigestUpdate(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_FindObjects(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.SInt64¶: alias of ctypes.c_long

pypkcs11.cryptoki.SInt¶: alias of ctypes.c_int

pypkcs11.cryptoki.CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_RSA_PKCS_MGF_TYPE¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_EXTRACT_PARAMS¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_RC5_CBC_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_RC5_CBC_PARAMS

pypkcs11.cryptoki.CK_ResetTotalOperations¶: alias of ctypes.CFUNCTYPE.<locals>.CFunctionType

pypkcs11.cryptoki.CK_AES_GCM_PARAMS_PTR¶: alias of pypkcs11.cryptoki.CK_AES_GCM_PARAMS

pypkcs11.cryptoki.CK_MAC_GENERAL_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_c_ulong

pypkcs11.cryptoki.CK_TOKEN_INFO_PTR¶: alias of pypkcs11.cryptoki.LP_CK_TOKEN_INFO

class pypkcs11.cryptoki.CK_AES_CBC_PAD_INSERT_PARAMS¶

ctxID¶: Structure/Union member

pBuffer¶: Structure/Union member

pbFileName¶: Structure/Union member

pedId¶: Structure/Union member

pulHandle¶: Structure/Union member

pulType¶: Structure/Union member

ulBufferLen¶: Structure/Union member

ulContainerState¶: Structure/Union member

ulStorage¶: Structure/Union member

ulStorageType¶: Structure/Union member

class pypkcs11.cryptoki.CK_KEY_DERIVATION_STRING_DATA¶

pData¶: Structure/Union member

ulLen¶: Structure/Union member

pypkcs11.cryptoki.CK_MECHANISM_PTR¶: alias of pypkcs11.cryptoki.LP_CK_MECHANISM

class pypkcs11.cryptoki.CK_FUNCTION_LIST¶

C_CancelFunction¶: Structure/Union member

C_CloseAllSessions¶: Structure/Union member

C_CloseSession¶: Structure/Union member

C_CopyObject¶: Structure/Union member

C_CreateObject¶: Structure/Union member

C_Decrypt¶: Structure/Union member

C_DecryptDigestUpdate¶: Structure/Union member

C_DecryptFinal¶: Structure/Union member

C_DecryptInit¶: Structure/Union member

C_DecryptUpdate¶: Structure/Union member

C_DecryptVerifyUpdate¶: Structure/Union member

C_DeriveKey¶: Structure/Union member

C_DestroyObject¶: Structure/Union member

C_Digest¶: Structure/Union member

C_DigestEncryptUpdate¶: Structure/Union member

C_DigestFinal¶: Structure/Union member

C_DigestInit¶: Structure/Union member

C_DigestKey¶: Structure/Union member

C_DigestUpdate¶: Structure/Union member

C_Encrypt¶: Structure/Union member

C_EncryptFinal¶: Structure/Union member

C_EncryptInit¶: Structure/Union member

C_EncryptUpdate¶: Structure/Union member

C_Finalize¶: Structure/Union member

C_FindObjects¶: Structure/Union member

C_FindObjectsFinal¶: Structure/Union member

C_FindObjectsInit¶: Structure/Union member

C_GenerateKey¶: Structure/Union member

C_GenerateKeyPair¶: Structure/Union member

C_GenerateRandom¶: Structure/Union member

C_GetAttributeValue¶: Structure/Union member

C_GetFunctionList¶: Structure/Union member

C_GetFunctionStatus¶: Structure/Union member

C_GetInfo¶: Structure/Union member

C_GetMechanismInfo¶: Structure/Union member

C_GetMechanismList¶: Structure/Union member

C_GetObjectSize¶: Structure/Union member

C_GetOperationState¶: Structure/Union member

C_GetSessionInfo¶: Structure/Union member

C_GetSlotInfo¶: Structure/Union member

C_GetSlotList¶: Structure/Union member

C_GetTokenInfo¶: Structure/Union member

C_InitPIN¶: Structure/Union member

C_InitToken¶: Structure/Union member

C_Initialize¶: Structure/Union member

C_Login¶: Structure/Union member

C_Logout¶: Structure/Union member

C_OpenSession¶: Structure/Union member

C_SeedRandom¶: Structure/Union member

C_SetAttributeValue¶: Structure/Union member

C_SetOperationState¶: Structure/Union member

C_SetPIN¶: Structure/Union member

C_Sign¶: Structure/Union member

C_SignEncryptUpdate¶: Structure/Union member

C_SignFinal¶: Structure/Union member

C_SignInit¶: Structure/Union member

C_SignRecover¶: Structure/Union member

C_SignRecoverInit¶: Structure/Union member

C_SignUpdate¶: Structure/Union member

C_UnwrapKey¶: Structure/Union member

C_Verify¶: Structure/Union member

C_VerifyFinal¶: Structure/Union member

C_VerifyInit¶: Structure/Union member

C_VerifyRecover¶: Structure/Union member

C_VerifyRecoverInit¶: Structure/Union member

C_VerifyUpdate¶: Structure/Union member

C_WaitForSlotEvent¶: Structure/Union member

C_WrapKey¶: Structure/Union member

DYC_CreateX509Request¶: Structure/Union member

DYC_SelfSignX509¶: Structure/Union member

DYC_SignX509¶: Structure/Union member

version¶: Structure/Union member

pypkcs11.cryptoki.CK_RC5_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_RC5_PARAMS

class pypkcs11.cryptoki.CK_WTLS_MASTER_KEY_DERIVE_PARAMS¶

DigestMechanism¶: Structure/Union member

RandomInfo¶: Structure/Union member

pVersion¶: Structure/Union member

pypkcs11.cryptoki.C_SignUpdate(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_EncryptInit(*args)¶

Parameters:	args – *kwargs –

class pypkcs11.cryptoki.CK_OTP_PARAMS¶

pParams¶: Structure/Union member

ulCount¶: Structure/Union member

pypkcs11.cryptoki.CK_SEED_CTR_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_AES_CTR_PARAMS

pypkcs11.cryptoki.C_DigestFinal(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_CloseSession(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_EC_DH_PRIMITIVE¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_FUNCTION_LIST_PTR_PTR¶: alias of pypkcs11.cryptoki.LP_LP_CK_FUNCTION_LIST

pypkcs11.cryptoki.C_DecryptVerifyUpdate(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_UTF8CHAR¶: alias of ctypes.c_ubyte

pypkcs11.cryptoki.C_DigestInit(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_CopyObject(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_NOTIFICATION¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.C_SignRecover(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.C_EncryptUpdate(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.CK_KDF_PRF_TYPE¶: alias of ctypes.c_ulong

pypkcs11.cryptoki.CK_ECDH1_DERIVE_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_ECDH1_DERIVE_PARAMS

pypkcs11.cryptoki.C_DecryptUpdate(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.Int8¶: alias of ctypes.c_char

pypkcs11.cryptoki.Float32¶: alias of ctypes.c_float

pypkcs11.cryptoki.CK_ECIES_PARAMS_PTR¶: alias of pypkcs11.cryptoki.LP_CK_ECIES_PARAMS

pypkcs11.cryptoki.C_GetObjectSize(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.DYC_SelfSignX509(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.DYC_SignX509(*args)¶

Parameters:	args – *kwargs –

pypkcs11.cryptoki.DYC_CreateX509Request(*args)¶

Parameters:	args – *kwargs –

Unbound Tech functions ¶

Contents

Unbound Tech functions

Certificate X509 Self Sign ¶

pypkcs11.unbound.dyc_self_sign_x509(h_session, h_key, hash_alg, subject, serial=None, days=365)¶

Wrapper for Unbound X509 Self Sign function

Parameters:	h_session (int) – Current session h_key (int) – The key handle to sign with hash_alg (int) – Hashing algorithm mechanism type subject (string) – Certificate subject string serial (bytes) – Certificate serial number days (int) – Number of days
Returns:	(Retcode, Python bytestring of self signed X509 certificate)
Return type:	tuple

Call example: ret, x509 = dyc_self_sign_x509(session, priv_key, CKM_SHA256, ‘CN=some guy, L=around, C=US’)

Certificate X509 Sign ¶

pypkcs11.unbound.dyc_sign_x509(h_session, h_key, x509CA, hash_alg, csr, serial=None, days=365)¶

Wrapper for Unbound X509 Sign function

Parameters:	h_session (int) – Current session h_key (int) – The key handle to sign with hash_alg (int) – Hashing algorithm mechanism type x509CA (bytes) – CA Certificate csr (bytes) – Certificate Sign Request serial (bytes) – Certificate serial number
Returns:	(Retcode, Python bytestring of signed X509 certificate)
Return type:	tuple

Create X509 Certificate Sign Request ¶

pypkcs11.unbound.dyc_create_x509_request(h_session, h_key, hash_alg, subject)¶

Wrapper for Unbound Create X509 Certificate Signing Request function

Parameters:	h_session (int) – Current session h_key (int) – The key handle to sign with hash_alg (int) – Hashing algorithm mechanism type subject (string) – Certificate subject string
Returns:	(Retcode, Python bytestring of X509 CSR)
Return type:	tuple