Key Generation and Management¶
Key Generation¶
Methods used to generate keys.
-
pycryptoki.key_generator.
c_copy_object
(h_session, h_object, template=None)[source]¶ Method to call the C_CopyObject cryptoki command.
Parameters: Returns: (retcode, Handle to the new cloned object)
Return type: tuple
-
pycryptoki.key_generator.
c_copy_object_ex
(h_session, h_object, template=None)¶ Executes
c_copy_object()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.key_generator.
c_derive_key
(h_session, h_base_key, template, mechanism=None)[source]¶ Derives a key from another key.
Parameters: Returns: The result code, The derived key’s handle
-
pycryptoki.key_generator.
c_derive_key_ex
(h_session, h_base_key, template, mechanism=None)¶ Executes
c_derive_key()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.key_generator.
c_destroy_object
(h_session, h_object_value)[source]¶ Deletes the object corresponsing to the passed in object handle
Parameters: Returns: Return code
-
pycryptoki.key_generator.
c_destroy_object_ex
(h_session, h_object_value)¶ Executes
c_destroy_object()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.key_generator.
c_generate_key
(h_session, mechanism=None, template=None)[source]¶ Generates a symmetric key of a given flavor given the correct template.
Parameters: Returns: (retcode, generated key handle)
Rtype tuple:
-
pycryptoki.key_generator.
c_generate_key_ex
(h_session, mechanism=None, template=None)¶ Executes
c_generate_key()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.key_generator.
c_generate_key_pair
(h_session, mechanism=None, pbkey_template=None, prkey_template=None)[source]¶ Generates a private and public key pair for a given flavor, and given public and private key templates. The return value will be the handle for the key.
Parameters: Returns: (retcode, public key handle, private key handle)
Return type: tuple
-
pycryptoki.key_generator.
c_generate_key_pair_ex
(h_session, mechanism=None, pbkey_template=None, prkey_template=None)¶ Executes
c_generate_key_pair()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
Key Management¶
Methods responsible for key management
-
pycryptoki.key_management.
ca_generatemofn
(h_session, m_value, vector_value, vector_count, is_secure_port_used)[source]¶ Generates MofN secret information on a token.
Parameters: - h_session (int) – Session handle
- m_value – m
- vector_count – number of vectors
- is_secure_port_used – is secure port used
- vector_value –
Returns: the result code
-
pycryptoki.key_management.
ca_generatemofn_ex
(h_session, m_value, vector_value, vector_count, is_secure_port_used)¶ Executes
ca_generatemofn()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.key_management.
ca_modifyusagecount
(h_session, h_object, command_type, value)[source]¶ Modifies CKA_USAGE_COUNT attribute of the object.
Parameters: - h_session (int) – Session handle
- h_object – object
- command_type – command type
- value – value
Returns: the result code
-
pycryptoki.key_management.
ca_modifyusagecount_ex
(h_session, h_object, command_type, value)¶ Executes
ca_modifyusagecount()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
Key Usage¶
Methods responsible for key usage
-
pycryptoki.key_usage.
ca_clonemofn
(h_session)[source]¶ Clones MofN secret from one token to another.
Parameters: h_session (int) – Session handle Returns: the result code
-
pycryptoki.key_usage.
ca_clonemofn_ex
(h_session)¶ Executes
ca_clonemofn()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.key_usage.
ca_duplicatemofn
(h_session)[source]¶ Duplicates a set of M of N vectors.
Parameters: h_session (int) – Session handle Returns: the result code
-
pycryptoki.key_usage.
ca_duplicatemofn_ex
(h_session)¶ Executes
ca_duplicatemofn()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)