Pycryptoki Daemon Package¶

Start pycryptoki.daemon.rpyc_pycryptoki.py on your remote client, then connect to it using RemotePycryptokiClient. You can then use the RemotePycryptokiClient as if it were local:

pycryptoki = RemotePycryptokiClient('10.2.96.130', port=8001)
pycryptoki.c_initialize_ex()  # Executed on the daemon!
session = pycryptoki.c_open_session_ex(0)
#etc

daemon.rpyc_pycryptoki¶

RPYC-based daemon that allows for remote execution of pycryptoki commands.

Start via ./rpyc_pycryptoki.py -i <ip> -p <port> or python rpyc_pycryptoki.py -i <ip> -p <port>

All methods starting are useable via rpyc_conn.root.<method>

All methods ending with _ex will automatically check the return code from cryptoki & raise an exception if it is not CKR_OK. It will NOT give you the return code, instead just returning the second part of the regular return tuple:

c_open_session()     # Returns: (ret_code, session_handle)
c_open_session_ex()  # Returns: session_handle, raises exception if ret_code != CKR_OK

class pycryptoki.daemon.rpyc_pycryptoki.PycryptokiService[source]¶

Bases: rpyc.core.service.SlaveService

This is the core service to expose over RPYC.

If you’re working with pointers, you’ll need to create the pointer in a function here rather than passing in a pointer from the client (pointers getting pickled makes no sense).

static c_close_all_sessions(slot)¶

Closes all the sessions on a given slot

Parameters:	slot – The slot to close all sessions on
Returns:	retcode
Return type:	int

static c_close_all_sessions_ex(slot)¶

Executes c_close_all_sessions(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_close_session(h_session)¶

Closes a session

Parameters:	h_session (int) – Session handle
Returns:	retcode
Return type:	int

static c_close_session_ex(h_session)¶

Executes c_close_session(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_copy_object(h_session, h_object, template=None)¶

Method to call the C_CopyObject cryptoki command.

Parameters:	h_session (int) – Session handle h_object (int) – Handle to the object to be cloned template (dict) – Template for the new object. Defaults to None
Returns:	(retcode, Handle to the new cloned object)
Return type:	tuple

static c_copy_object_ex(h_session, h_object, template=None)¶

Executes c_copy_object(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_create_object(h_session, template)¶

Creates an object based on a given python template

Parameters:	h_session (int) – Session handle template (dict) – The python template which the object will be based on
Returns:	(retcode, the handle of the object)
Return type:	tuple

static c_create_object_ex(h_session, template)¶

Executes c_create_object(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_decrypt(h_session, h_key, encrypted_data, mechanism, output_buffer=None)¶

Decrypt given data with the given key and mechanism.

Note

If data is a list or tuple of strings, multi-part decryption will be used.

Parameters:	h_session (int) – The session to use h_key (int) – The handle of the key to use to decrypt encrypted_data (bytes) – Data to be decrypted Note Data will be converted to hexadecimal by calling: to_hex(from_bytestring(data)) If you need to pass in raw hex data, call: to_bytestring(from_hex(hex-data)) References: `to_hex()` `from_hex()` `to_bytestring()` `from_bytestring()` mechanism – See the `parse_mechanism()` function for possible values. output_buffer (list\|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:	(Retcode, Python bytestring of decrypted data))
Return type:	tuple

static c_decrypt_ex(h_session, h_key, encrypted_data, mechanism, output_buffer=None)¶

Executes c_decrypt(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_derive_key(h_session, h_base_key, template, mechanism=None)¶

Derives a key from another key.

Parameters:	h_session (int) – Session handle h_base_key (int) – The base key template (dict) – A python template of attributes to set on derived key mechanism – See the `parse_mechanism()` function for possible values.
Returns:	The result code, The derived key’s handle

static c_derive_key_ex(h_session, h_base_key, template, mechanism=None)¶

Executes c_derive_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_destroy_object(h_session, h_object_value)¶

Deletes the object corresponsing to the passed in object handle

Parameters:	h_session (int) – Session handle h_object_value (int) – The handle of the object to delete
Returns:	Return code

static c_destroy_object_ex(h_session, h_object_value)¶

Executes c_destroy_object(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_digest(h_session, data_to_digest, digest_flavor, mechanism=None, output_buffer=None)¶

Digests some data

Parameters:	h_session (int) – Session handle data_to_digest (bytes) – The data to digest, either a string or a list of strings. If this is a list a multipart operation will be used digest_flavor (int) – The flavour of the mechanism to digest (MD2, SHA-1, HAS-160, SHA224, SHA256, SHA384, SHA512) mechanism – See the `parse_mechanism()` function for possible values. If None will use digest flavor. output_buffer (list\|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:	(retcode, a python string of the digested data)
Return type:	tuple

static c_digest_ex(h_session, data_to_digest, digest_flavor, mechanism=None, output_buffer=None)¶

Executes c_digest(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_digest_key(h_session, h_key, digest_flavor, mechanism=None)¶

Digest a key

Parameters:	h_session (int) – Session handle h_key (int) – Key to digest digest_flavor (int) – Digest flavor mechanism – See the `parse_mechanism()` function for possible values. If None will use digest flavor.

static c_digest_key_ex(h_session, h_key, digest_flavor, mechanism=None)¶

Executes c_digestkey(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_encrypt(h_session, h_key, data, mechanism, output_buffer=None)¶

Encrypts data with a given key and encryption flavor encryption flavors

Note

If data is a list or tuple of strings, multi-part encryption will be used.

Parameters:	h_session (int) – Current session h_key (int) – The key handle to encrypt the data with data – The data to encrypt, either a bytestring or a list of bytestrings. If this is a list a multipart operation will be used Note This will be converted to hexadecimal by calling: to_hex(from_bytestring(data)) If you need to pass in raw hex data, call: to_bytestring(from_hex(hex-data)) References: `to_hex()` `from_hex()` `to_bytestring()` `from_bytestring()` mechanism – See the `parse_mechanism()` function for possible values. output_buffer (list\|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:	(Retcode, Python bytestring of encrypted data)
Return type:	tuple

static c_encrypt_ex(h_session, h_key, data, mechanism, output_buffer=None)¶

Executes c_encrypt(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_finalize()¶

Finalizes PKCS11 library.

Returns:	Cryptoki return code

static c_finalize_ex()¶

Executes c_finalize(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_find_objects(h_session, template, num_entries)¶

Calls c_find_objects and c_find_objects_init to get a python dictionary of the objects found.

Parameters:	h_session (int) – Session handle template – A python dictionary of the object template to look for num_entries – The max number of entries to return
Returns:	Returns a list of handles of objects found

static c_find_objects_ex(h_session, template, num_entries)¶

Executes c_find_objects(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_generate_key(h_session, mechanism=None, template=None)¶

Generates a symmetric key of a given flavor given the correct template.

Parameters:	h_session (int) – Session handle template (dict) – The template to use to generate the key mechanism – See the `parse_mechanism()` function for possible values.
Returns:	(retcode, generated key handle)
Rtype tuple:

static c_generate_key_ex(h_session, mechanism=None, template=None)¶

Executes c_generate_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_generate_key_pair(h_session, mechanism=None, pbkey_template=None, prkey_template=None)¶

Generates a private and public key pair for a given flavor, and given public and private key templates. The return value will be the handle for the key.

Parameters:	h_session (int) – Session handle pbkey_template (dict) – The public key template to use for key generation prkey_template (dict) – The private key template to use for key generation mechanism – See the `parse_mechanism()` function for possible values.
Returns:	(retcode, public key handle, private key handle)
Return type:	tuple

static c_generate_key_pair_ex(h_session, mechanism=None, pbkey_template=None, prkey_template=None)¶

Executes c_generate_key_pair(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_generate_random(h_session, length)¶

Generates a sequence of random numbers

Parameters:	h_session (int) – Session handle length (int) – The length in bytes of the random number sequence
Returns:	(retcode, A string of random data)
Return type:	tuple

static c_generate_random_ex(h_session, length)¶

Executes c_generate_random(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_attribute_value(h_session, h_object, template)¶

Calls C_GetAttrributeValue to get an attribute value based on a python template

Parameters:	h_session (int) – Session handle h_object – The handle of the object to get attributes for template – A python dictionary representing the template of the attributes to be retrieved
Returns:	A python dictionary representing the attributes returned from the HSM/library

static c_get_attribute_value_ex(h_session, h_object, template)¶

Executes c_get_attribute_value(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_info()¶

Get general information about the Cryptoki Library

Returns a dictionary containing the following keys:

cryptokiVersion and libraryVersion are CK_VERSION structs, and the major/minor values can be accessed directly (info['cryptokiVersion'].major == 2)

Returns:	(retcode, info dictionary)

static c_get_info_ex()¶

Executes c_get_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_mechanism_info(slot, mechanism_type)¶

Gets a mechanism’s info

Parameters:	slot – The slot to query mechanism_type – The type of the mechanism to get the information for
Returns:	The result code, The mechanism info

static c_get_mechanism_info_ex(slot, mechanism_type)¶

Executes c_get_mechanism_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_mechanism_list(slot)¶

Gets the list of mechanisms from the HSM

Parameters:	slot – The slot number to get the mechanism list on
Returns:	The result code, A python dictionary representing the mechanism list

static c_get_mechanism_list_ex(slot)¶

Executes c_get_mechanism_list(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_ped_id(slot)¶

Get the PED ID for the given slot.

Parameters:	slot – slot number
Returns:	The result code and ID

static c_get_ped_id_ex(slot)¶

Executes c_get_ped_id(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_session_info(session)¶

Get information about the given session.

Parameters:	session (int) – session handle
Returns:	(retcode, dictionary of session information)
Return type:	tuple

static c_get_session_info_ex(session)¶

Executes c_get_session_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_slot_info(slot)¶

Get information about the given slot number.

Parameters:	slot (int) – Target slot
Returns:	Dictionary of slot information

static c_get_slot_info_ex(slot)¶

Executes c_get_slot_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_slot_list(token_present=True)¶

Get a list of all slots.

Parameters:	token_present (bool) – If true, will only return slots that have a token present.
Returns:	List of slots

static c_get_slot_list_ex(token_present=True)¶

Executes c_get_slot_list(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_get_token_info(slot_id, rstrip=True)¶

Gets the token info for a given slot id

Parameters:	slot_id (int) – Token slot ID rstrip (bool) – If true, will strip trailing whitespace from char data.
Returns:	(retcode, A python dictionary representing the token info)
Return type:	tuple

static c_get_token_info_ex(slot_id, rstrip=True)¶

Executes c_get_token_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_init_pin(h_session, pin)¶

Initializes the PIN

Parameters:	h_session (int) – Session handle pin – pin to c_initialize
Returns:	THe result code

static c_init_pin_ex(h_session, pin)¶

Executes c_init_pin(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_init_token(slot_num, password, token_label='Main Token')¶

Initializes at token at a given slot with the proper password and label

Parameters:	slot_num – The index of the slot to c_initialize a token in password – The password to c_initialize the slot with token_label – The label to c_initialize the slot with (Default value = ‘Main Token’)
Returns:	The result code

static c_init_token_ex(slot_num, password, token_label='Main Token')¶

Executes c_init_token(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_initialize(flags=None, init_struct=None)¶

Initializes current process for use with PKCS11.

Some sample flags:

See the PKCS11 documentation for more details.

Parameters:	flags (int) – Flags to be set within InitArgs Struct. (Default = None) init_struct – InitArgs structure (Default = None)
Returns:	Cryptoki return code.

static c_initialize_ex(flags=None, init_struct=None)¶

Executes c_initialize(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_logout(h_session)¶

Logs out of a given session

Parameters:	h_session (int) – Session handle
Returns:	retcode
Return type:	int

static c_logout_ex(h_session)¶

Executes c_logout(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_open_session(slot_num, flags=6)¶

Opens a session on the given slot

Parameters:	slot_num (int) – The slot to get a session on flags (int) – The flags to open the session with (Default value = (CKF_SERIAL_SESSION \| CKF_RW_SESSION)
Returns:	(retcode, session handle)
Return type:	tuple

static c_open_session_ex(slot_num, flags=6)¶

Executes c_open_session(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_performselftest(slot, test_type, input_data, input_data_len)¶

Test: Performs a self test for specified test type on a given slot.

Parameters:

slot – slot number
test_type – type of test CK_ULONG
input_data – pointer to input data CK_BYTE_PTR
input_data_len – input data length CK_ULONG

Returns:

the result code

[CK_SLOT_ID, CK_ULONG, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]

static c_performselftest_ex(slot, test_type, input_data, input_data_len)¶

Executes c_performselftest(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_seed_random(h_session, seed)¶

Seeds the random number generator

Parameters:	h_session (int) – Session handle seed (bytes) – A python string of some seed
Returns:	retcode
Return type:	int

static c_seed_random_ex(h_session, seed)¶

Executes c_seed_random(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_set_attribute_value(h_session, h_object, template)¶

Calls C_SetAttributeValue to set an attribute value based on a python template

Parameters:	h_session (int) – Session handle h_object – The handle of the object to get attributes for template – A python dictionary representing the template of the attributes to be written
Returns:	A python dictionary representing the attributes returned from the HSM/library

static c_set_attribute_value_ex(h_session, h_object, template)¶

Executes c_set_attribute_value(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_set_ped_id(slot, id)¶

Set the PED ID for the given slot.

Parameters:	slot – slot number id – PED ID to use
Returns:	The result code

static c_set_ped_id_ex(slot, id)¶

Executes c_set_ped_id(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_set_pin(h_session, old_pass, new_pass)¶

Allows a user to change their PIN

Parameters:	h_session (int) – Session handle old_pass – The user’s old password new_pass – The user’s desired new password
Returns:	The result code

static c_set_pin_ex(h_session, old_pass, new_pass)¶

Executes c_set_pin(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_sign(h_session, h_key, data_to_sign, mechanism, output_buffer=None)¶

Signs the given data with given key and mechanism.

Note

If data is a list or tuple of strings, multi-part operations will be used.

Parameters:	h_session (int) – Session handle data_to_sign – The data to sign, either a string or a list of strings. If this is a list a multipart operation will be used (using C_…Update and C_…Final) ex: ”This is a proper argument of some data to use in the function” [“This is another format of data this”, “function will accept.”, “It will operate on these strings in parts”] h_key (int) – The signing key mechanism – See the `parse_mechanism()` function for possible values. output_buffer (list\|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:	(retcode, python string of signed data)
Return type:	tuple

static c_sign_ex(h_session, h_key, data_to_sign, mechanism, output_buffer=None)¶

Executes c_sign(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_unwrap_key(h_session, h_unwrapping_key, wrapped_key, key_template, mechanism)¶

Unwrap a key from an encrypted data blob.

Parameters:	h_session (int) – The session to use h_unwrapping_key (int) – The wrapping key handle wrapped_key (bytes) – The wrapped key Note Data will be converted to hexadecimal by calling: to_hex(from_bytestring(data)) If you need to pass in raw hex data, call: to_bytestring(from_hex(hex-data)) References: `to_hex()` `from_hex()` `to_bytestring()` `from_bytestring()` key_template (dict) – The python template representing the new key’s template mechanism – See the `parse_mechanism()` function for possible values.
Returns:	(Retcode, unwrapped key handle)
Return type:	tuple

static c_unwrap_key_ex(h_session, h_unwrapping_key, wrapped_key, key_template, mechanism)¶

Executes c_unwrap_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_verify(h_session, h_key, data_to_verify, signature, mechanism)¶

Verifies data with the given signature, key and mechanism.

Note

If data is a list or tuple of strings, multi-part operations will be used.

Parameters:

h_session (int) – Session handle
data_to_verify –
The data to sign, either a string or a list of strings. If this is a list a multipart operation will be used (using C_…Update and C_…Final)

ex:
- ”This is a proper argument of some data to use in the function”
- [“This is another format of data this”, “function will accept.”, “It will operate on these strings in parts”]
signature (bytes) – Signature with which to verify the data.
h_key (int) – The verifying key
mechanism – See the parse_mechanism() function for possible values.

Returns:

retcode of verify operation

static c_verify_ex(h_session, h_key, data_to_verify, signature, mechanism)¶

Executes c_verify(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static c_wrap_key(h_session, h_wrapping_key, h_key, mechanism, output_buffer=None)¶

Wrap a key off the HSM into an encrypted data blob.

Parameters:	h_session (int) – The session to use h_wrapping_key (int) – The handle of the key to use to wrap another key h_key (int) – The key to wrap based on the encryption flavor mechanism – See the `parse_mechanism()` function for possible values.
Returns:	(Retcode, python bytestring representing wrapped key)
Return type:	tuple

static c_wrap_key_ex(h_session, h_wrapping_key, h_key, mechanism, output_buffer=None)¶

Executes c_wrap_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_assign_key(h_session, h_object)¶

Crypto Officer assigns a key

Parameters:	h_session – session handle object – key handle to assign
Returns:	Ret code

static ca_assign_key_ex(h_session, h_object)¶

Executes ca_assign_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_authorize_key(h_session, h_object, auth_data)¶

User authorizes key within session or access for use

Parameters:	h_session – session handle object – key handle to authorize auth_data – authorization byte list, e.g. [11, 12, 13, ..]
Returns:	Ret code

static ca_authorize_key_ex(h_session, h_object, auth_data)¶

Executes ca_authorize_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_clonemofn(h_session)¶

Clones MofN secret from one token to another.

Parameters:	h_session (int) – Session handle
Returns:	the result code

static ca_clonemofn_ex(h_session)¶

Executes ca_clonemofn(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_close_application_id_v2(slot, appid)¶

Close the AccessID associated with the given slot.

Parameters:	slot – Slot #. appid – bytestring of length 16.
Returns:	Retcode.

static ca_close_application_id_v2_ex(slot, appid)¶

Executes ca_close_application_id_v2(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_close_secure_token(h_session, h_ID)¶

Parameters:	h_session (int) – Session handle h_ID –

static ca_close_secure_token_ex(h_session, h_ID)¶

Executes ca_close_secure_token(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_closeapplicationID(slot, id_high, id_low)¶

Close a given AppID on a slot.

Parameters:	slot (int) – Slot on which to close the APP ID id_high (int) – High value of App ID id_low (int) – Low value of App ID
Returns:	retcode
Return type:	int

static ca_closeapplicationID_ex(slot, id_high, id_low)¶

Executes ca_closeapplicationID(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_create_container(h_session, storage_size, password=None, label='Inserted Token')¶

Inserts a token into a slot without a Security Officer on the token

Parameters:	h_session (int) – Session handle storage_size – The storage size of the token (0 for undefined/unlimited) password – The password associated with the token (Default value = ‘userpin’) label – The label associated with the token (Default value = ‘Inserted Token’)
Returns:	The result code, The container number

static ca_create_container_ex(h_session, storage_size, password=None, label='Inserted Token')¶

Executes ca_create_container(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_createloginchallenge(h_session, user_type, challenge)¶

Creates a login challenge for the given user.

Parameters:	h_session (int) – Session handle user_type – user type challenge – challenge
Returns:	the result code

static ca_createloginchallenge_ex(h_session, user_type, challenge)¶

Executes ca_createloginchallenge(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_delete_container_with_handle(h_session, h_container)¶

Delete a container by handle

Parameters:	h_session (int) – Session handle h_container – target container handle
Returns:	result code

static ca_delete_container_with_handle_ex(h_session, h_container)¶

Executes ca_delete_container_with_handle(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_deleteremotepedvector(h_session)¶

Deletes a remote PED vector

Parameters:	h_session (int) – Session handle
Returns:	the result code

static ca_deleteremotepedvector_ex(h_session)¶

Executes ca_deleteremotepedvector(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_derive_key_and_wrap(h_session, derive_mechanism, h_base_key, derive_template, wrapping_key, wrap_mechanism, output_buffer=2048)¶

Derive a key from the base key and wrap it off the HSM using the wrapping key

Parameters:	h_session (int) – The session to use h_base_key (int) – The base key derive_template (dict) – A python template of attributes to set on derived key derive_mechanism – See the `parse_mechanism()` function for possible values. wrapping_key (int) – The wrapping key based on the encryption flavor wrap_mechanism – See the `parse_mechanism()` function for possible values. output_buffer – The size of the wrapped key, defaulted to a cert size
Returns:	(Retcode, python bytestring representing wrapped key)
Return type:	tuple

static ca_derive_key_and_wrap_ex(h_session, derive_mechanism, h_base_key, derive_template, wrapping_key, wrap_mechanism, output_buffer=2048)¶

Executes ca_derive_key_and_wrap(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_destroy_multiple_objects(h_session, objects)¶

Delete multiple objects corresponding to given object handles

Parameters:	h_session (int) – Session handle objects (list) – The handles of the objects to delete
Returns:	Return code

static ca_destroy_multiple_objects_ex(h_session, objects)¶

Executes ca_destroy_multiple_objects(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_duplicatemofn(h_session)¶

Duplicates a set of M of N vectors.

Parameters:	h_session (int) – Session handle
Returns:	the result code

static ca_duplicatemofn_ex(h_session)¶

Executes ca_duplicatemofn(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_extract(h_session, mechanism)¶

Parameters:	h_session (int) – Session handle mechanism – See the `parse_mechanism()` function for possible values.

static ca_extract_ex(h_session, mechanism)¶

Executes ca_extract(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_factory_reset(slot)¶

Does a factory reset on a given slot

Parameters:	slot – The slot to do a factory reset on
Returns:	The result code

static ca_factory_reset_ex(slot)¶

Executes ca_factory_reset(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_generatemofn(h_session, m_value, vector_value, vector_count, is_secure_port_used)¶

Generates MofN secret information on a token.

Parameters:	h_session (int) – Session handle m_value – m vector_count – number of vectors is_secure_port_used – is secure port used vector_value –
Returns:	the result code

static ca_generatemofn_ex(h_session, m_value, vector_value, vector_count, is_secure_port_used)¶

Executes ca_generatemofn(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_application_id()¶

Get the current process’s AccessID.

Returns:	retcode, bytestring tuple.

static ca_get_application_id_ex()¶

Executes ca_get_application_id(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_container_capability_set(slot, h_container)¶

Get the container capabilities of the given slot.

Parameters:	slot (int) – target slot number h_container (int) – target container handle
Returns:	result code, {id: val} dict of capabilities (None if command failed)

static ca_get_container_capability_set_ex(slot, h_container)¶

Executes ca_get_container_capability_set(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_container_capability_setting(slot, h_container, capability_id)¶

Get the value of a container’s single capability

Parameters:	slot – slot ID of slot to query h_container – target container handle capability_id – capability ID
Returns:	result code, CK_ULONG representing capability active or not

static ca_get_container_capability_setting_ex(slot, h_container, capability_id)¶

Executes ca_get_container_capability_setting(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_container_list(slot, group_handle=0, container_type=0)¶

Get list of containers.

Parameters:	slot – slot ID of the slot to query group_handle – group ID container_type – type of container
Returns:	result code, list of container handles

static ca_get_container_list_ex(slot, group_handle=0, container_type=0)¶

Executes ca_get_container_list(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_container_name(slot, h_container)¶

Get a container’s name

Parameters:	slot – target slot h_container – target container handle
Returns:	result code, container name string

static ca_get_container_name_ex(slot, h_container)¶

Executes ca_get_container_name(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_container_policy_set(slot, h_container)¶

Get the policies of the given slot and container.

Parameters:	slot (int) – target slot number h_container (int) – target container handle
Returns:	result code, {id: val} dict of policies (None if command failed)

static ca_get_container_policy_set_ex(slot, h_container)¶

Executes ca_get_container_policy_set(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_container_policy_setting(slot, h_container, policy_id)¶

Get the value of a container’s single policy

Parameters:	slot – slot ID of slot to query h_container – target container handle policy_id – policy ID
Returns:	result code, CK_ULONG representing policy active or not

static ca_get_container_policy_setting_ex(slot, h_container, policy_id)¶

Executes ca_get_container_policy_setting(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_container_status(slot, h_container)¶

Get a container’s Status

Parameters:	slot – target slot h_container – target container handle
Returns:	result code, dict of flags, dict of failed logins

static ca_get_container_status_ex(slot, h_container)¶

Executes ca_get_container_status(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_container_storage_information(slot, h_container)¶

Get a container’s storage information

Parameters:	slot – target slot h_container – target container handle
Returns:	result code, dict of storage values

static ca_get_container_storage_information_ex(slot, h_container)¶

Executes ca_get_container_storage_information(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_cv_firmware_version(slot_id)¶

Cryptovisor specific ca extension function to get cv fw version

Parameters:	slot_id – slot id
Returns:	tuple of return code and cv fw version

static ca_get_cv_firmware_version_ex(slot_id)¶

Executes ca_get_cv_firmware_version(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_hsm_capability_set(slot)¶

Get the capabilities of the given slot.

Parameters:	slot (int) – Target slot number
Returns:	retcode, {id: val} dict of capabilities (None if command failed)

static ca_get_hsm_capability_set_ex(slot)¶

Executes ca_get_hsm_capability_set(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_hsm_capability_setting(slot, capability_id)¶

Get the value of a single capability

Parameters:	slot – slot ID of slot to query capability_id – capability ID
Returns:	result code, CK_ULONG representing capability active or not

static ca_get_hsm_capability_setting_ex(slot, capability_id)¶

Executes ca_get_hsm_capability_setting(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_hsm_policy_set(slot)¶

Get the policies of the given slot.

Parameters:	slot (int) – Target slot number
Returns:	retcode, {id: val} dict of policies (None if command failed)

static ca_get_hsm_policy_set_ex(slot)¶

Executes ca_get_hsm_policy_set(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_hsm_policy_setting(slot, policy_id)¶

Get the value of a single policy

Parameters:	slot – slot ID of slot to query policy_id – policy ID
Returns:	result code, CK_ULONG representing policy active or not

static ca_get_hsm_policy_setting_ex(slot, policy_id)¶

Executes ca_get_hsm_policy_setting(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_object_handle(slot, session, objectouid)¶

Calls CA_GetObjectHandle to get the object handle from OUID

Parameters:	slot – partition slot number session – session id that was opened to run the function objectouid – OUID, a string of the hex value that maps to object handle
Returns:	a tuple containing the return code and the object handle mapping the given OUID

static ca_get_object_handle_ex(slot, session, objectouid)¶

Executes ca_get_object_handle(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_session_info(session)¶

ca extension function that returns session information

Parameters:	session – session handle
Returns:	tuple of return code and session info dict

static ca_get_session_info_ex(session)¶

Executes ca_get_session_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_time(h_session)¶

Parameters:	h_session (int) – Session handle

static ca_get_time_ex(h_session)¶

Executes ca_get_time(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_get_token_policies(slot)¶

Get the policies of the given slot.

Parameters:	slot (int) – Target slot number
Returns:	retcode, {id: val} dict of policies (None if command failed)

static ca_get_token_policies_ex(slot)¶

Executes ca_get_token_policies(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_hainit(h_session, h_key)¶

Creates a login key pair on the primary token.

Parameters:	h_session (int) – Session handle h_key – the login private key
Returns:	the result code

static ca_hainit_ex(h_session, h_key)¶

Executes ca_hainit(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_increment_failed_auth_count(h_session, h_object)¶: This function is called by HA group when auth failure happens on a key to sync up status. Here its defined mostly for testing purposes :param h_session: session handle :param object: key handle to update :return: Ret code

static ca_increment_failed_auth_count_ex(h_session, h_object)¶

Executes ca_increment_failed_auth_count(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_init_audit(slot, audit_pin, audit_label)¶

Parameters:	slot – audit_pin – audit_label –

static ca_init_audit_ex(slot, audit_pin, audit_label)¶

Executes ca_init_audit(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_initializeremotepedvector(h_session)¶

Initializes a remote PED vector

Parameters:	h_session (int) – Session handle
Returns:	the result code

static ca_initializeremotepedvector_ex(h_session)¶

Executes ca_initializeremotepedvector(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_insert(h_session, mechanism)¶

Parameters:	h_session (int) – Session handle mechanism – See the `parse_mechanism()` function for possible values.

static ca_insert_ex(h_session, mechanism)¶

Executes ca_insert(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_modifyusagecount(h_session, h_object, command_type, value)¶

Modifies CKA_USAGE_COUNT attribute of the object.

Parameters:	h_session (int) – Session handle h_object – object command_type – command type value – value
Returns:	the result code

static ca_modifyusagecount_ex(h_session, h_object, command_type, value)¶

Executes ca_modifyusagecount(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_mtkresplit(slot)¶

Resplit the MTK

Parameters:	slot – slot number
Returns:	the result code

static ca_mtkresplit_ex(slot)¶

Executes ca_mtkresplit(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_mtkrestore(slot)¶

Restore the MTK

Parameters:	slot – slot number
Returns:	the result code

static ca_mtkrestore_ex(slot)¶

Executes ca_mtkrestore(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_mtkzeroize(slot)¶

Zeroize the MTK

Parameters:	slot – slot number
Returns:	the result code

static ca_mtkzeroize_ex(slot)¶

Executes ca_mtkzeroize(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_open_application_id_v2(slot, appid)¶

Open the given AccessID for the target slot.

Parameters:	slot – Slot #. appid – bytestring of length 16.
Returns:	Retcode.

static ca_open_application_id_v2_ex(slot, appid)¶

Executes ca_open_application_id_v2(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_open_secure_token(h_session, storage_path, dev_ID, mode)¶

Parameters:	h_session (int) – Session handle storage_path – dev_ID – mode –

static ca_open_secure_token_ex(h_session, storage_path, dev_ID, mode)¶

Executes ca_open_secure_token(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_openapplicationID(slot, id_high, id_low)¶

Open an application ID on the given slot.

Parameters:	slot (int) – Slot on which to open the APP ID id_high (int) – High value of App ID id_low (int) – Low value of App ID
Returns:	retcode
Return type:	int

static ca_openapplicationID_ex(slot, id_high, id_low)¶

Executes ca_openapplicationID(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_read_all_utilization_counters(h_session)¶

Read Metrics from previously saved HSM snapshot Call either functions prior to create snapshot: ca_read_utilization_metrics ca_read_and_reset_utilization_metrics

Returns:	a dictionary, where keys are serial numbers

and values are dictionaries of bins and values, example: ‘SIGN’:0

static ca_read_all_utilization_counters_ex(h_session)¶

Executes ca_read_all_utilization_counters(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_read_and_reset_utilization_metrics(session)¶

HSM reads current utilization data and saves as a snapshot; HSM resets metrics to zeroes

Parameters:	session – session id that was opened to run the function
Returns:	a dictionary with partition serial numbers as keys, value - dictionary of utilization metrics

static ca_read_and_reset_utilization_metrics_ex(session)¶

Executes ca_read_and_reset_utilization_metrics(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_read_utilization_metrics(session)¶

HSM reads utilization data and saves as a snapshot

Parameters:	session – session id that was opened to run the function
Returns:	Ret code

static ca_read_utilization_metrics_ex(session)¶

Executes ca_read_utilization_metrics(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_reset_authorization_data(h_session, h_object, auth_data)¶

CO resets auth data on unassigned key

Parameters:	h_session – session handle object – key handle to update auth_data – byte list, e.g. [11, 12, 13, ..]
Returns:	Ret code

static ca_reset_authorization_data_ex(h_session, h_object, auth_data)¶

Executes ca_reset_authorization_data(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_restart(slot)¶

Parameters:	slot –

static ca_restart_ex(slot)¶

Executes ca_restart(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_set_authorization_data(h_session, h_object, old_auth_data, new_auth_data)¶

User changes authorization data on key object (private, secret)

Parameters:	h_session – session handle object – key handle to update old_auth_data – byte list, e.g. [11, 12, 13, ..] new_auth_data – byte list, e.g. [11, 12, 13, ..]
Returns:	Ret code

static ca_set_authorization_data_ex(h_session, h_object, old_auth_data, new_auth_data)¶

Executes ca_set_authorization_data(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_set_container_policies(h_session, h_container, policies)¶

Set multiple container policies.

Parameters:	h_session (int) – Session handle h_container – target container handle policies – dict of policy ID ints and value ints
Returns:	result code

static ca_set_container_policies_ex(h_session, h_container, policies)¶

Executes ca_set_container_policies(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_set_container_policy(h_session, h_containerber, policy_id, policy_val)¶

Sets a policy on the container.

NOTE: With per partition SO this method should generally not be used. Instead ca_set_partition_policies should be used

Parameters:	h_session (int) – Session handle h_containerber – The container number to set the policy on. policy_id – The identifier of the policy (ex. CONTAINER_CONFIG_MINIMUM_PIN_LENGTH) policy_val – The value to set the policy to
Returns:	The result code

static ca_set_container_policy_ex(h_session, h_containerber, policy_id, policy_val)¶

Executes ca_set_container_policy(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_set_container_size(h_session, h_container, size)¶

Set a container’s size

Parameters:	h_session (int) – Session handle h_container – target container handle size – size
Returns:	result code

static ca_set_container_size_ex(h_session, h_container, size)¶

Executes ca_set_container_size(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_set_destructive_hsm_policies(h_session, policies)¶

Set multiple HSM policies.

Parameters:	h_session (int) – Session handle policies – dict of policy ID ints and value ints
Returns:	result code

static ca_set_destructive_hsm_policies_ex(h_session, policies)¶

Executes ca_set_destructive_hsm_policies(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_set_destructive_hsm_policy(h_session, policy_id, policy_val)¶

Sets the destructive HSM policies by calling CA_SetDestructiveHSMPolicy

Parameters:	h_session (int) – Session handle policy_id – The ID of the policy being set policy_val – The value of the policy being set
Returns:	The result code

static ca_set_destructive_hsm_policy_ex(h_session, policy_id, policy_val)¶

Executes ca_set_destructive_hsm_policy(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_set_hsm_policies(h_session, policies)¶

Set multiple HSM policies.

Parameters:	h_session (int) – Session handle policies – dict of policy ID ints and value ints
Returns:	result code

static ca_set_hsm_policies_ex(h_session, policies)¶

Executes ca_set_hsm_policies(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_set_hsm_policy(h_session, policy_id, policy_val)¶

Sets the HSM policies by calling CA_SetHSMPolicy

Parameters:	h_session (int) – Session handle policy_id – The ID of the policy being set policy_val – The value of the policy being set
Returns:	The result code

static ca_set_hsm_policy_ex(h_session, policy_id, policy_val)¶

Executes ca_set_hsm_policy(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_setapplicationID(id_high, id_low)¶

Set the App ID for the current process.

Parameters:	id_high (int) – High value of App ID id_low (int) – Low value of App ID
Returns:	retcode
Return type:	int

static ca_setapplicationID_ex(id_high, id_low)¶

Executes ca_setapplicationID(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_settokencertificatesignature(h_session, access_level, customer_id, pub_template, signature, signature_len)¶

Completes the installation of a certificate on a token. The caller must supply a public key and a signature for token certificate. The public key is provided through the template; it must contain a key type, a modulus and a public exponent.

Parameters:	h_session (int) – Session handle access_level – the access level customer_id – the customer ID pub_template – the public template signature – the signature signature_len – the length in bytes of the signature
Returns:	the result code

static ca_settokencertificatesignature_ex(h_session, access_level, customer_id, pub_template, signature, signature_len)¶

Executes ca_settokencertificatesignature(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_sim_extract(h_session, key_handles, authform, auth_secrets=None, subset_size=0, delete_after_extract=False)¶

Extract multiple keys to a wrapped blob. The returned blob can then be written into a file.

Parameters:

h_session (int) – Session handle
key_handles (list[int]) – List of key handles to extract
authform (int) – Type of authentication to use. See pycryptoki.backup.SIM_AUTH for details
auth_secrets (list(str)) – Authorization secrets to use (Length will correspond to the N value in ckdemo)
subset_size (int) – Subset size required for key use (Corresponds to the M value in ckdemo)
delete_after_extract (bool) – If true, will destroy the original keys after they have been extracted.

Returns:

retcode, blob_data tuple.

static ca_sim_extract_ex(h_session, key_handles, authform, auth_secrets=None, subset_size=0, delete_after_extract=False)¶

Executes ca_sim_extract(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_sim_insert(h_session, blob_data, authform, auth_secrets=None)¶

Insert keys into the HSM from blob data that was wrapped off using SIM.

Parameters:	h_session (int) – Session handle blob_data (str) – Read in raw wrapped data. Typically read in from a file. authform (int) – Type of authentication to use. See `pycryptoki.backup.SIM_AUTH` for details auth_secrets (list[str]) – Authorization secrets to use (Length will correspond to the `N` value in ckdemo)
Returns:	retcode, keys tuple, where `keys` is a list of integers.

static ca_sim_insert_ex(h_session, blob_data, authform, auth_secrets=None)¶

Executes ca_sim_insert(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_sim_multisign(h_session, blob_data, data_to_sign, mechanism, authform, auth_secrets=None)¶

Sign data using keys that were extracted to a SIM blob.

Parameters:

h_session (int) – Session handle
blob_data (str) – Read in raw wrapped key data. Typically read in from a file.
data_to_sign – List of bytestring data to sign
mechanism – Mechanism to use with the Sign operation
authform (int) – Type of authentication to use. See pycryptoki.backup.SIM_AUTH for details
auth_secrets (list[str]) – Authorization secrets to use (Length will correspond to the N value in ckdemo)

Returns:

retcode, signature list

static ca_sim_multisign_ex(h_session, blob_data, data_to_sign, mechanism, authform, auth_secrets=None)¶

Executes ca_sim_multisign(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static ca_time_sync(h_session, ultime)¶

Parameters:	h_session (int) – Session handle ultime –

static ca_time_sync_ex(h_session, ultime)¶

Executes ca_time_sync(), and checks the retcode; raising an exception if the return code is not CKR_OK.

exposed_ca_authorize_key¶

staticmethod(function) -> method

Convert a function to be a static method.

A static method does not receive an implicit first argument. To declare a static method, use this idiom:

It can be called either on the class (e.g. C.f()) or on an instance (e.g. C().f()). The instance is ignored except for its class.

Static methods in Python are similar to those found in Java or C++. For a more advanced concept, see the classmethod builtin.

exposed_ca_authorize_key_ex¶

staticmethod(function) -> method

Convert a function to be a static method.

A static method does not receive an implicit first argument. To declare a static method, use this idiom:

It can be called either on the class (e.g. C.f()) or on an instance (e.g. C().f()). The instance is ignored except for its class.

Static methods in Python are similar to those found in Java or C++. For a more advanced concept, see the classmethod builtin.

exposed_ca_set_authorization_data¶

staticmethod(function) -> method

Convert a function to be a static method.

A static method does not receive an implicit first argument. To declare a static method, use this idiom:

It can be called either on the class (e.g. C.f()) or on an instance (e.g. C().f()). The instance is ignored except for its class.

Static methods in Python are similar to those found in Java or C++. For a more advanced concept, see the classmethod builtin.

exposed_ca_set_authorization_data_ex¶

staticmethod(function) -> method

Convert a function to be a static method.

A static method does not receive an implicit first argument. To declare a static method, use this idiom:

It can be called either on the class (e.g. C.f()) or on an instance (e.g. C().f()). The instance is ignored except for its class.

Static methods in Python are similar to those found in Java or C++. For a more advanced concept, see the classmethod builtin.

static get_token_by_label(label)¶

Iterates through all the tokens and returns the first token that has a label that is identical to the one that is passed in

Parameters:	label – The label of the token to search for
Returns:	The result code, The slot of the token

static get_token_by_label_ex(label)¶

Executes get_token_by_label(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static login(h_session, slot_num=1, password=None, user_type=1)¶

Login to the given session.

Parameters:	h_session (int) – Session handle slot_num (int) – Slot index to login on (Default value = 1) password (bytes) – Password to login with (Default value = “userpin”) user_type (int) – User type to login as (Default value = 1)
Returns:	retcode
Return type:	int

static login_ex(h_session, slot_num=1, password=None, user_type=1)¶

Executes login(), and checks the retcode; raising an exception if the return code is not CKR_OK.

static test_attrs(attributes)[source]¶: Function used for validating that dicts can be used across rpyc pipes.

static test_conn()[source]¶: Test Function used to validate that custom functions are properly exposed over RPYC. Specifically not using something like conn.ping() to verify exposed functions.

static to_bool(val, reverse=False)¶

Convert a boolean-ish value to a pValue, ulValueLen tuple.

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pycryptoki.cryptoki.CK_BBOOL`,

ctypes.c_ulong size of bool value)

static to_byte_array(val, reverse=False)¶

Converts an arbitrarily sized integer, list, or byte array into a byte array.

It’ll zero-pad the bit length so it’s a multiple of 8, then convert the int to binary, split the binary string into sections of 8, then place each section into a slot in a ctypes.c_ubyte array (converting to small int).

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pycryptoki.cryptoki.CK_BYTE` array,

ctypes.c_ulong size of array)

static to_char_array(val, reverse=False)¶

Convert the given string or list of string values into a char array.

This is slightly different than to_byte_array, which has different assumptions as to the format of the input.

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pycryptoki.cryptoki.CK_CHAR` array,

ctypes.c_ulong size of array)

static to_ck_date(val, reverse=False)¶

Transform a date string, date dictionary, or date object into a PKCS11 readable form (YYYYMMDD)

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pycryptoki.cryptoki.CK_CHAR` array,

ctypes.c_ulong size of array)

static to_long(val, reverse=False)¶

Convert a integer/long value to a pValue, ulValueLen tuple

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `ctypes.c_ulong`, `ctypes.c_ulong`

size of long value)

static to_subattributes(val, reverse=False)¶

Convert to another Attributes class & return the struct.

Parameters:	val – Value to convert reverse – Whether to convert from C -> Python
Returns:	(`ctypes.c_void_p` ptr to `pycryptoki.cryptoki.CK_ATTRIBUTE` array,

ctypes.c_ulong size of array)

pycryptoki.daemon.rpyc_pycryptoki.configure_logging(logfile=None)[source]¶

Setup logging. If a log file is specified, will log to that file.

Parameters:	logfile (str) – Log file path/name to use for logging.
Returns:	Configured logger.

pycryptoki.daemon.rpyc_pycryptoki.create_server_subprocess(target, args, logger)[source]¶

Create the subprocess, set it as a daemon, setup a signal handler in case the parent process is killed, the child process should also be killed, then return the subprocess.

Parameters:	target – Target function to run in a subprocess args – Args to pass to the function
Returns:	multiprocessing.Process

pycryptoki.daemon.rpyc_pycryptoki.server_launch(service, ip, port, config)[source]¶

Target for the multiprocessing Pycryptoki service.

Parameters:	service – ip – port – config –
Returns:

pycryptoki.pycryptoki_client¶

class pycryptoki.pycryptoki_client.LocalPycryptokiClient[source]¶

Bases: object

Class forwards calls to pycryptoki to local client but looks identical to remote client

cleanup()[source]¶

kill()[source]¶

class pycryptoki.pycryptoki_client.RemotePycryptokiClient(ip=None, port=None)[source]¶

Bases: object

Class to handle connecting to a remote Pycryptoki RPYC daemon.

After instantiation, you can use it directly to make calls to a remote cryptoki library via RPYC (no need to do any imports or anything like that, just use the direct pycryptoki call like client.c_initialize_ex() )

Parameters:	ip – IP Address of the client the remote daemon is running on. port – What Port the daemon is running on.

cleanup()[source]¶

kill()[source]¶: Close out the local RPYC connection.

start()[source]¶: Start the connection to the remote RPYC daemon.

started¶

Check if the RPYC connection is alive.

Returns:	boolean

pycryptoki.pycryptoki_client.connection_test(func)[source]¶

Decorator to check that the underlying rpyc connection is alive before sending commands across it.

Parameters:	func –
Returns:

pycryptoki.pycryptoki_client.log_args(funcname, arg_dict)[source]¶

This will run through each of the key, value pairs of the argument spec passed into pycryptoki and perform the following checks:

Parameters:	arg_dict –
Returns:

pycryptoki.pycryptoki_client.retry(ExceptionToCheck, tries=4, delay=3, backoff=2, logger=None)[source]¶

Retry calling the decorated function using an exponential backoff.

http://www.saltycrane.com/blog/2009/11/trying-out-retry-decorator-python/ original from: http://wiki.python.org/moin/PythonDecoratorLibrary#Retry

Parameters:

ExceptionToCheck (Exception or tuple) – the exception to check. may be a tuple of exceptions to check
tries (int) – number of times to try (not retry) before giving up
delay (int) – initial delay between retries in seconds
backoff (int) – backoff multiplier e.g. value of 2 will double the delay each retry
logger (logging.Logger instance) – logger to use. If None, print