Miscellaneous¶
Contents
RNG, Digest, Creating Objects¶
PKCS11 Interface to the following functions:
- c_generate_random
- c_seed_random
- c_digest
- c_digestkey
- c_create_object
- c_set_ped_id (CA_ function)
- c_get_ped_id (CA_ function)
-
pycryptoki.misc.
c_generate_random
(h_session, length)[source]¶ Generates a sequence of random numbers
Parameters: Returns: (retcode, A string of random data)
Return type: tuple
-
pycryptoki.misc.
c_generate_random_ex
(h_session, length)¶ Executes
c_generate_random()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.misc.
c_seed_random
(h_session, seed)[source]¶ Seeds the random number generator
Parameters: - h_session (int) – Session handle
- seed (bytes) – A python string of some seed
Returns: retcode
Return type:
-
pycryptoki.misc.
c_seed_random_ex
(h_session, seed)¶ Executes
c_seed_random()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.misc.
c_digest
(h_session, data_to_digest, digest_flavor, mechanism=None, output_buffer=None)[source]¶ Digests some data
Parameters: - h_session (int) – Session handle
- data_to_digest (bytes) – The data to digest, either a string or a list of strings. If this is a list a multipart operation will be used
- digest_flavor (int) – The flavour of the mechanism to digest (MD2, SHA-1, HAS-160, SHA224, SHA256, SHA384, SHA512)
- mechanism – See the
parse_mechanism()
function for possible values. If None will use digest flavor. - output_buffer (list|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns: (retcode, a python string of the digested data)
Return type: tuple
-
pycryptoki.misc.
c_digest_ex
(h_session, data_to_digest, digest_flavor, mechanism=None, output_buffer=None)¶ Executes
c_digest()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.misc.
c_digestkey
(h_session, h_key, digest_flavor, mechanism=None)[source]¶ Digest a key
Parameters:
-
pycryptoki.misc.
c_digestkey_ex
(h_session, h_key, digest_flavor, mechanism=None)¶ Executes
c_digestkey()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.misc.
c_create_object
(h_session, template)[source]¶ Creates an object based on a given python template
Parameters: Returns: (retcode, the handle of the object)
Return type: tuple
-
pycryptoki.misc.
c_create_object_ex
(h_session, template)¶ Executes
c_create_object()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.misc.
c_set_ped_id
(slot, id)[source]¶ Set the PED ID for the given slot.
Parameters: - slot – slot number
- id – PED ID to use
Returns: The result code
-
pycryptoki.misc.
c_set_ped_id_ex
(slot, id)¶ Executes
c_set_ped_id()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.misc.
c_get_ped_id
(slot)[source]¶ Get the PED ID for the given slot.
Parameters: slot – slot number Returns: The result code and ID
-
pycryptoki.misc.
c_get_ped_id_ex
(slot)¶ Executes
c_get_ped_id()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
Find Objects, Attribute Setting/Getting¶
Functions for dealing with object attributes
-
pycryptoki.object_attr_lookup.
c_find_objects
(h_session, template, num_entries)[source]¶ Calls c_find_objects and c_find_objects_init to get a python dictionary of the objects found.
Parameters: - h_session (int) – Session handle
- template – A python dictionary of the object template to look for
- num_entries – The max number of entries to return
Returns: Returns a list of handles of objects found
-
pycryptoki.object_attr_lookup.
c_find_objects_ex
(h_session, template, num_entries)¶ Executes
c_find_objects()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.object_attr_lookup.
c_get_attribute_value
(h_session, h_object, template)[source]¶ Calls C_GetAttrributeValue to get an attribute value based on a python template
Parameters: - h_session (int) – Session handle
- h_object – The handle of the object to get attributes for
- template – A python dictionary representing the template of the attributes to be retrieved
Returns: A python dictionary representing the attributes returned from the HSM/library
-
pycryptoki.object_attr_lookup.
c_get_attribute_value_ex
(h_session, h_object, template)¶ Executes
c_get_attribute_value()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.object_attr_lookup.
c_set_attribute_value
(h_session, h_object, template)[source]¶ Calls C_SetAttributeValue to set an attribute value based on a python template
Parameters: - h_session (int) – Session handle
- h_object – The handle of the object to get attributes for
- template – A python dictionary representing the template of the attributes to be written
Returns: A python dictionary representing the attributes returned from the HSM/library
-
pycryptoki.object_attr_lookup.
c_set_attribute_value_ex
(h_session, h_object, template)¶ Executes
c_set_attribute_value()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
HSM Management¶
Methods responsible for pycryptoki ‘hsm management’ set of commands.
-
pycryptoki.hsm_management.
c_performselftest
(slot, test_type, input_data, input_data_len)[source]¶ Test: Performs a self test for specified test type on a given slot.
Parameters: - slot – slot number
- test_type – type of test CK_ULONG
- input_data – pointer to input data CK_BYTE_PTR
- input_data_len – input data length CK_ULONG
Returns: the result code
[CK_SLOT_ID, CK_ULONG, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR]
-
pycryptoki.hsm_management.
c_performselftest_ex
(slot, test_type, input_data, input_data_len)¶ Executes
c_performselftest()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.hsm_management.
ca_settokencertificatesignature
(h_session, access_level, customer_id, pub_template, signature, signature_len)[source]¶ Completes the installation of a certificate on a token. The caller must supply a public key and a signature for token certificate. The public key is provided through the template; it must contain a key type, a modulus and a public exponent.
Parameters: - h_session (int) – Session handle
- access_level – the access level
- customer_id – the customer ID
- pub_template – the public template
- signature – the signature
- signature_len – the length in bytes of the signature
Returns: the result code
-
pycryptoki.hsm_management.
ca_settokencertificatesignature_ex
(h_session, access_level, customer_id, pub_template, signature, signature_len)¶ Executes
ca_settokencertificatesignature()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.hsm_management.
ca_hainit
(h_session, h_key)[source]¶ Creates a login key pair on the primary token.
Parameters: - h_session (int) – Session handle
- h_key – the login private key
Returns: the result code
-
pycryptoki.hsm_management.
ca_hainit_ex
(h_session, h_key)¶ Executes
ca_hainit()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.hsm_management.
ca_createloginchallenge
(h_session, user_type, challenge)[source]¶ Creates a login challenge for the given user.
Parameters: - h_session (int) – Session handle
- user_type – user type
- challenge – challenge
Returns: the result code
-
pycryptoki.hsm_management.
ca_createloginchallenge_ex
(h_session, user_type, challenge)¶ Executes
ca_createloginchallenge()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.hsm_management.
ca_initializeremotepedvector
(h_session)[source]¶ Initializes a remote PED vector
Parameters: h_session (int) – Session handle Returns: the result code
-
pycryptoki.hsm_management.
ca_initializeremotepedvector_ex
(h_session)¶ Executes
ca_initializeremotepedvector()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.hsm_management.
ca_deleteremotepedvector
(h_session)[source]¶ Deletes a remote PED vector
Parameters: h_session (int) – Session handle Returns: the result code
-
pycryptoki.hsm_management.
ca_deleteremotepedvector_ex
(h_session)¶ Executes
ca_deleteremotepedvector()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.hsm_management.
ca_mtkrestore
(slot)[source]¶ Restore the MTK
Parameters: slot – slot number Returns: the result code
-
pycryptoki.hsm_management.
ca_mtkrestore_ex
(slot)¶ Executes
ca_mtkrestore()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.hsm_management.
ca_mtkresplit
(slot)[source]¶ Resplit the MTK
Parameters: slot – slot number Returns: the result code
-
pycryptoki.hsm_management.
ca_mtkresplit_ex
(slot)¶ Executes
ca_mtkresplit()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.hsm_management.
ca_mtkzeroize
(slot)[source]¶ Zeroize the MTK
Parameters: slot – slot number Returns: the result code
-
pycryptoki.hsm_management.
ca_mtkzeroize_ex
(slot)¶ Executes
ca_mtkzeroize()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.hsm_management.
ca_set_hsm_policy
(h_session, policy_id, policy_val)[source]¶ Sets the HSM policies by calling CA_SetHSMPolicy
Parameters: - h_session (int) – Session handle
- policy_id – The ID of the policy being set
- policy_val – The value of the policy being set
Returns: The result code
-
pycryptoki.hsm_management.
ca_set_hsm_policy_ex
(h_session, policy_id, policy_val)¶ Executes
ca_set_hsm_policy()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.hsm_management.
ca_set_hsm_policies
(h_session, policies)[source]¶ Set multiple HSM policies.
Parameters: - h_session (int) – Session handle
- policies – dict of policy ID ints and value ints
Returns: result code
-
pycryptoki.hsm_management.
ca_set_hsm_policies_ex
(h_session, policies)¶ Executes
ca_set_hsm_policies()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.hsm_management.
ca_set_destructive_hsm_policy
(h_session, policy_id, policy_val)[source]¶ Sets the destructive HSM policies by calling CA_SetDestructiveHSMPolicy
Parameters: - h_session (int) – Session handle
- policy_id – The ID of the policy being set
- policy_val – The value of the policy being set
Returns: The result code
-
pycryptoki.hsm_management.
ca_set_destructive_hsm_policy_ex
(h_session, policy_id, policy_val)¶ Executes
ca_set_destructive_hsm_policy()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.hsm_management.
ca_set_destructive_hsm_policies
(h_session, policies)[source]¶ Set multiple HSM policies.
Parameters: - h_session (int) – Session handle
- policies – dict of policy ID ints and value ints
Returns: result code
-
pycryptoki.hsm_management.
ca_set_destructive_hsm_policies_ex
(h_session, policies)¶ Executes
ca_set_destructive_hsm_policies()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.hsm_management.
ca_get_hsm_capability_set
(slot)[source]¶ Get the capabilities of the given slot.
Parameters: slot (int) – Target slot number Returns: retcode, {id: val} dict of capabilities (None if command failed)
-
pycryptoki.hsm_management.
ca_get_hsm_capability_set_ex
(slot)¶ Executes
ca_get_hsm_capability_set()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.hsm_management.
ca_get_hsm_capability_setting
(slot, capability_id)[source]¶ Get the value of a single capability
Parameters: - slot – slot ID of slot to query
- capability_id – capability ID
Returns: result code, CK_ULONG representing capability active or not
-
pycryptoki.hsm_management.
ca_get_hsm_capability_setting_ex
(slot, capability_id)¶ Executes
ca_get_hsm_capability_setting()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.hsm_management.
ca_get_hsm_policy_set
(slot)[source]¶ Get the policies of the given slot.
Parameters: slot (int) – Target slot number Returns: retcode, {id: val} dict of policies (None if command failed)
-
pycryptoki.hsm_management.
ca_get_hsm_policy_set_ex
(slot)¶ Executes
ca_get_hsm_policy_set()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.hsm_management.
ca_get_hsm_policy_setting
(slot, policy_id)[source]¶ Get the value of a single policy
Parameters: - slot – slot ID of slot to query
- policy_id – policy ID
Returns: result code, CK_ULONG representing policy active or not
-
pycryptoki.hsm_management.
ca_get_hsm_policy_setting_ex
(slot, policy_id)¶ Executes
ca_get_hsm_policy_setting()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
Audit Functions¶
Methods responsible for managing a user’s session and login/c_logout
-
pycryptoki.audit_handling.
ca_init_audit
(slot, audit_pin, audit_label)[source]¶ Parameters: - slot –
- audit_pin –
- audit_label –
-
pycryptoki.audit_handling.
ca_init_audit_ex
(slot, audit_pin, audit_label)¶ Executes
ca_init_audit()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.audit_handling.
ca_time_sync
(h_session, ultime)[source]¶ Parameters: - h_session (int) – Session handle
- ultime –
-
pycryptoki.audit_handling.
ca_time_sync_ex
(h_session, ultime)¶ Executes
ca_time_sync()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.audit_handling.
ca_get_time
(h_session)[source]¶ Parameters: h_session (int) – Session handle
-
pycryptoki.audit_handling.
ca_get_time_ex
(h_session)¶ Executes
ca_get_time()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
Backup Functions¶
Backup related commands
-
pycryptoki.backup.
ca_open_secure_token
(h_session, storage_path, dev_ID, mode)[source]¶ Parameters: - h_session (int) – Session handle
- storage_path –
- dev_ID –
- mode –
-
pycryptoki.backup.
ca_open_secure_token_ex
(h_session, storage_path, dev_ID, mode)¶ Executes
ca_open_secure_token()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.backup.
ca_close_secure_token
(h_session, h_ID)[source]¶ Parameters: - h_session (int) – Session handle
- h_ID –
-
pycryptoki.backup.
ca_close_secure_token_ex
(h_session, h_ID)¶ Executes
ca_close_secure_token()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.backup.
ca_extract
(h_session, mechanism)[source]¶ Parameters: - h_session (int) – Session handle
- mechanism – See the
parse_mechanism()
function for possible values.
-
pycryptoki.backup.
ca_extract_ex
(h_session, mechanism)¶ Executes
ca_extract()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.backup.
ca_insert
(h_session, mechanism)[source]¶ Parameters: - h_session (int) – Session handle
- mechanism – See the
parse_mechanism()
function for possible values.
-
pycryptoki.backup.
ca_insert_ex
(h_session, mechanism)¶ Executes
ca_insert()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.backup.
ca_sim_extract
(h_session, key_handles, authform, auth_secrets=None, subset_size=0, delete_after_extract=False)[source]¶ Extract multiple keys to a wrapped blob. The returned blob can then be written into a file.
Parameters: - h_session (int) – Session handle
- key_handles (list[int]) – List of key handles to extract
- authform (int) – Type of authentication to use. See
pycryptoki.backup.SIM_AUTH
for details - auth_secrets (list(str)) – Authorization secrets to use (Length will correspond to the
N
value in ckdemo) - subset_size (int) – Subset size required for key use (Corresponds to the
M
value in ckdemo) - delete_after_extract (bool) – If true, will destroy the original keys after they have been extracted.
Returns: retcode, blob_data tuple.
-
pycryptoki.backup.
ca_sim_extract_ex
(h_session, key_handles, authform, auth_secrets=None, subset_size=0, delete_after_extract=False)¶ Executes
ca_sim_extract()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.backup.
ca_sim_insert
(h_session, blob_data, authform, auth_secrets=None)[source]¶ Insert keys into the HSM from blob data that was wrapped off using SIM.
Parameters: - h_session (int) – Session handle
- blob_data (str) – Read in raw wrapped data. Typically read in from a file.
- authform (int) – Type of authentication to use. See
pycryptoki.backup.SIM_AUTH
for details - auth_secrets (list[str]) – Authorization secrets to use (Length will correspond to the
N
value in ckdemo)
Returns: retcode, keys tuple, where
keys
is a list of integers.
-
pycryptoki.backup.
ca_sim_insert_ex
(h_session, blob_data, authform, auth_secrets=None)¶ Executes
ca_sim_insert()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)
-
pycryptoki.backup.
ca_sim_multisign
(h_session, blob_data, data_to_sign, mechanism, authform, auth_secrets=None)[source]¶ Sign data using keys that were extracted to a SIM blob.
Parameters: - h_session (int) – Session handle
- blob_data (str) – Read in raw wrapped key data. Typically read in from a file.
- data_to_sign – List of bytestring data to sign
- mechanism – Mechanism to use with the Sign operation
- authform (int) – Type of authentication to use. See
pycryptoki.backup.SIM_AUTH
for details - auth_secrets (list[str]) – Authorization secrets to use (Length will correspond to the
N
value in ckdemo)
Returns: retcode, signature list
-
pycryptoki.backup.
ca_sim_multisign_ex
(h_session, blob_data, data_to_sign, mechanism, authform, auth_secrets=None)¶ Executes
ca_sim_multisign()
, and checks the retcode; raising an exception if the return code is not CKR_OK.Note
By default, this will not return the return code if the function returns additional data.
Example:
retcode, key_handle = c_generate_key(...) #vs key_handle = c_generate_key_ex(...)
If the function only returns the retcode, then that will still be returned:
retcode = c_seed_random(...) retcode = c_seed_random_ex(...)