Key Generation and Management

Contents

• Key Generation and Management
  • Key Generation
  • Key Management
  • Key Usage

Key Generation

Methods used to generate keys.

pycryptoki.key_generator.c_copy_object(h_session, h_object, template=None)

Method to call the C_CopyObject cryptoki command.

Parameters:

• h_session (int) – Session handle
• h_object (int) – Handle to the object to be cloned
• template (dict) – Template for the new object. Defaults to None

Returns:

(retcode, Handle to the new cloned object)

Return type:

tuple

pycryptoki.key_generator.c_copy_object_ex(h_session, h_object, template=None)

Executes c_copy_object(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Note

By default, this will not return the return code if the function returns additional data.

Example:

retcode, key_handle = c_generate_key(...)
#vs
key_handle = c_generate_key_ex(...)

If the function only returns the retcode, then that will still be returned:

retcode = c_seed_random(...)
retcode = c_seed_random_ex(...)

pycryptoki.key_generator.c_derive_key(h_session, h_base_key, template, mechanism=None)

Derives a key from another key.

Parameters:

• h_session (int) – Session handle
• h_base_key (int) – The base key
• template (dict) – A python template of attributes to set on derived key
• mechanism – See the parse_mechanism() function for possible values.

Returns:

The result code, The derived key’s handle

pycryptoki.key_generator.c_derive_key_ex(h_session, h_base_key, template, mechanism=None)

Executes c_derive_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Note

By default, this will not return the return code if the function returns additional data.

Example:

retcode, key_handle = c_generate_key(...)
#vs
key_handle = c_generate_key_ex(...)

If the function only returns the retcode, then that will still be returned:

retcode = c_seed_random(...)
retcode = c_seed_random_ex(...)

pycryptoki.key_generator.c_destroy_object(h_session, h_object_value)

Deletes the object corresponsing to the passed in object handle

Parameters:

• h_session (int) – Session handle
• h_object_value (int) – The handle of the object to delete

Returns:

Return code

pycryptoki.key_generator.c_destroy_object_ex(h_session, h_object_value)

Executes c_destroy_object(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Note

By default, this will not return the return code if the function returns additional data.

Example:

retcode, key_handle = c_generate_key(...)
#vs
key_handle = c_generate_key_ex(...)

If the function only returns the retcode, then that will still be returned:

retcode = c_seed_random(...)
retcode = c_seed_random_ex(...)

pycryptoki.key_generator.c_generate_key(h_session, mechanism=None, template=None)

Generates a symmetric key of a given flavor given the correct template.

Parameters:

• h_session (int) – Session handle
• template (dict) – The template to use to generate the key
• mechanism – See the parse_mechanism() function for possible values.

Returns:

(retcode, generated key handle)

Rtype tuple:

pycryptoki.key_generator.c_generate_key_ex(h_session, mechanism=None, template=None)

Executes c_generate_key(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Note

By default, this will not return the return code if the function returns additional data.

Example:

retcode, key_handle = c_generate_key(...)
#vs
key_handle = c_generate_key_ex(...)

If the function only returns the retcode, then that will still be returned:

retcode = c_seed_random(...)
retcode = c_seed_random_ex(...)

pycryptoki.key_generator.c_generate_key_pair(h_session, mechanism=None, pbkey_template=None, prkey_template=None)

Generates a private and public key pair for a given flavor, and given public and private key templates. The return value will be the handle for the key.

Parameters:

• h_session (int) – Session handle
• pbkey_template (dict) – The public key template to use for key generation
• prkey_template (dict) – The private key template to use for key generation
• mechanism – See the parse_mechanism() function for possible values.

Returns:

(retcode, public key handle, private key handle)

Return type:

tuple

pycryptoki.key_generator.c_generate_key_pair_ex(h_session, mechanism=None, pbkey_template=None, prkey_template=None)

Executes c_generate_key_pair(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Note

By default, this will not return the return code if the function returns additional data.

Example:

retcode, key_handle = c_generate_key(...)
#vs
key_handle = c_generate_key_ex(...)

If the function only returns the retcode, then that will still be returned:

retcode = c_seed_random(...)
retcode = c_seed_random_ex(...)

pycryptoki.key_generator.clear_keys(h_session)

Quick hacked together function that can be used to clear the first 10 000 keys.

Parameters:h_session (int) – Session handle

Key Management

Methods responsible for key management

pycryptoki.key_management.ca_generatemofn(h_session, m_value, vector_value, vector_count, is_secure_port_used)

Generates MofN secret information on a token.

Parameters:

• h_session (int) – Session handle
• m_value – m
• vector_count – number of vectors
• is_secure_port_used – is secure port used
• vector_value –

Returns:

the result code

pycryptoki.key_management.ca_generatemofn_ex(h_session, m_value, vector_value, vector_count, is_secure_port_used)

Executes ca_generatemofn(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Note

By default, this will not return the return code if the function returns additional data.

Example:

retcode, key_handle = c_generate_key(...)
#vs
key_handle = c_generate_key_ex(...)

If the function only returns the retcode, then that will still be returned:

retcode = c_seed_random(...)
retcode = c_seed_random_ex(...)

pycryptoki.key_management.ca_modifyusagecount(h_session, h_object, command_type, value)

Modifies CKA_USAGE_COUNT attribute of the object.

Parameters:

• h_session (int) – Session handle
• h_object – object
• command_type – command type
• value – value

Returns:

the result code

pycryptoki.key_management.ca_modifyusagecount_ex(h_session, h_object, command_type, value)

Executes ca_modifyusagecount(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Note

By default, this will not return the return code if the function returns additional data.

Example:

retcode, key_handle = c_generate_key(...)
#vs
key_handle = c_generate_key_ex(...)

If the function only returns the retcode, then that will still be returned:

retcode = c_seed_random(...)
retcode = c_seed_random_ex(...)

Key Usage

Methods responsible for key usage

pycryptoki.key_usage.ca_clonemofn(h_session)

Clones MofN secret from one token to another.

Parameters:h_session (int) – Session handle Returns:the result code

pycryptoki.key_usage.ca_clonemofn_ex(h_session)

Executes ca_clonemofn(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Note

By default, this will not return the return code if the function returns additional data.

Example:

retcode, key_handle = c_generate_key(...)
#vs
key_handle = c_generate_key_ex(...)

If the function only returns the retcode, then that will still be returned:

retcode = c_seed_random(...)
retcode = c_seed_random_ex(...)

pycryptoki.key_usage.ca_duplicatemofn(h_session)

Duplicates a set of M of N vectors.

Parameters:h_session (int) – Session handle Returns:the result code

pycryptoki.key_usage.ca_duplicatemofn_ex(h_session)

Executes ca_duplicatemofn(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Note

By default, this will not return the return code if the function returns additional data.

Example:

retcode, key_handle = c_generate_key(...)
#vs
key_handle = c_generate_key_ex(...)

If the function only returns the retcode, then that will still be returned:

retcode = c_seed_random(...)
retcode = c_seed_random_ex(...)