Session/Token Management ¶

Modules for Token and session creation and management.

Contents

Session/Token Management
- Session Management
- Token Management

Session Management ¶

Methods responsible for managing a user’s session and login/c_logout

pycryptoki.session_management.c_initialize(flags=None, init_struct=None)[source]¶

Initializes current process for use with PKCS11.

Some sample flags:

See the PKCS11 documentation for more details.

Parameters:	flags (int) – Flags to be set within InitArgs Struct. (Default = None) init_struct – InitArgs structure (Default = None)
Returns:	Cryptoki return code.

pycryptoki.session_management.c_initialize_ex(flags=None, init_struct=None)¶

Executes c_initialize(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_finalize()[source]¶

Finalizes PKCS11 library.

Returns:	Cryptoki return code

pycryptoki.session_management.c_finalize_ex()¶

Executes c_finalize(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_open_session(slot_num, flags=6)[source]¶

Opens a session on the given slot

Parameters:	slot_num (int) – The slot to get a session on flags (int) – The flags to open the session with (Default value = (CKF_SERIAL_SESSION \| CKF_RW_SESSION)
Returns:	(retcode, session handle)
Return type:	tuple

pycryptoki.session_management.c_open_session_ex(slot_num, flags=6)¶

Executes c_open_session(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.login(h_session, slot_num=1, password=None, user_type=1)[source]¶

Login to the given session.

Parameters:	h_session (int) – Session handle slot_num (int) – Slot index to login on (Default value = 1) password (bytes) – Password to login with (Default value = “userpin”) user_type (int) – User type to login as (Default value = 1)
Returns:	retcode
Return type:	int

pycryptoki.session_management.login_ex(h_session, slot_num=1, password=None, user_type=1)¶

Executes login(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_get_info()[source]¶

Get general information about the Cryptoki Library

Returns a dictionary containing the following keys:

cryptokiVersion and libraryVersion are CK_VERSION structs, and the major/minor values can be accessed directly (info['cryptokiVersion'].major == 2)

Returns:	(retcode, info dictionary)

pycryptoki.session_management.c_get_info_ex()¶

Executes c_get_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_get_slot_list(token_present=True)[source]¶

Get a list of all slots.

Parameters:	token_present (bool) – If true, will only return slots that have a token present.
Returns:	List of slots

pycryptoki.session_management.c_get_slot_list_ex(token_present=True)¶

Executes c_get_slot_list(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_get_slot_info(slot)[source]¶

Get information about the given slot number.

Parameters:	slot (int) – Target slot
Returns:	Dictionary of slot information

pycryptoki.session_management.c_get_slot_info_ex(slot)¶

Executes c_get_slot_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_get_session_info(session)[source]¶

Get information about the given session.

Parameters:	session (int) – session handle
Returns:	(retcode, dictionary of session information)
Return type:	tuple

pycryptoki.session_management.c_get_session_info_ex(session)¶

Executes c_get_session_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_get_token_info(slot_id, rstrip=True)[source]¶

Gets the token info for a given slot id

Parameters:	slot_id (int) – Token slot ID rstrip (bool) – If true, will strip trailing whitespace from char data.
Returns:	(retcode, A python dictionary representing the token info)
Return type:	tuple

pycryptoki.session_management.c_get_token_info_ex(slot_id, rstrip=True)¶

Executes c_get_token_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.get_slot_dict(token_present=False)[source]¶

Compiles a dictionary of the available slots

Returns:	A python dictionary of the available slots

pycryptoki.session_management.get_slot_dict_ex(token_present=False)¶

Executes get_slot_dict(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_close_session(h_session)[source]¶

Closes a session

Parameters:	h_session (int) – Session handle
Returns:	retcode
Return type:	int

pycryptoki.session_management.c_close_session_ex(h_session)¶

Executes c_close_session(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_logout(h_session)[source]¶

Logs out of a given session

Parameters:	h_session (int) – Session handle
Returns:	retcode
Return type:	int

pycryptoki.session_management.c_logout_ex(h_session)¶

Executes c_logout(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_init_pin(h_session, pin)[source]¶

Initializes the PIN

Parameters:	h_session (int) – Session handle pin – pin to c_initialize
Returns:	THe result code

pycryptoki.session_management.c_init_pin_ex(h_session, pin)¶

Executes c_init_pin(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.ca_factory_reset(slot)[source]¶

Does a factory reset on a given slot

Parameters:	slot – The slot to do a factory reset on
Returns:	The result code

pycryptoki.session_management.ca_factory_reset_ex(slot)¶

Executes ca_factory_reset(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_set_pin(h_session, old_pass, new_pass)[source]¶

Allows a user to change their PIN

Parameters:	h_session (int) – Session handle old_pass – The user’s old password new_pass – The user’s desired new password
Returns:	The result code

pycryptoki.session_management.c_set_pin_ex(h_session, old_pass, new_pass)¶

Executes c_set_pin(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.c_close_all_sessions(slot)[source]¶

Closes all the sessions on a given slot

Parameters:	slot – The slot to close all sessions on
Returns:	retcode
Return type:	int

pycryptoki.session_management.c_close_all_sessions_ex(slot)¶

Executes c_close_all_sessions(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.ca_openapplicationID(slot, id_high, id_low)[source]¶

Open an application ID on the given slot.

Parameters:	slot (int) – Slot on which to open the APP ID id_high (int) – High value of App ID id_low (int) – Low value of App ID
Returns:	retcode
Return type:	int

pycryptoki.session_management.ca_openapplicationID_ex(slot, id_high, id_low)¶

Executes ca_openapplicationID(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.ca_closeapplicationID(slot, id_high, id_low)[source]¶

Close a given AppID on a slot.

Parameters:	slot (int) – Slot on which to close the APP ID id_high (int) – High value of App ID id_low (int) – Low value of App ID
Returns:	retcode
Return type:	int

pycryptoki.session_management.ca_closeapplicationID_ex(slot, id_high, id_low)¶

Executes ca_closeapplicationID(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.ca_setapplicationID(id_high, id_low)[source]¶

Set the App ID for the current process.

Parameters:	id_high (int) – High value of App ID id_low (int) – Low value of App ID
Returns:	retcode
Return type:	int

pycryptoki.session_management.ca_setapplicationID_ex(id_high, id_low)¶

Executes ca_setapplicationID(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.ca_restart(slot)[source]¶

Parameters:	slot –

pycryptoki.session_management.ca_restart_ex(slot)¶

Executes ca_restart(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.session_management.get_firmware_version(slot)[source]¶

Returns a string representing the firmware version of the given slot.

It will first try to call CA_GetFirmwareVersion, and if that fails (not present on older cryptoki libraries), will call C_GetTokenInfo.

Parameters:	slot (int) – Token slot number
Returns:	Firmware String in the format “X.Y.Z”, where X is major, Y is minor, Z is subminor.
Return type:	str

Token Management ¶

Created on Aug 24, 2012

@author: mhughes

pycryptoki.token_management.c_init_token(slot_num, password, token_label='Main Token')[source]¶

Initializes at token at a given slot with the proper password and label

Parameters:	slot_num – The index of the slot to c_initialize a token in password – The password to c_initialize the slot with token_label – The label to c_initialize the slot with (Default value = ‘Main Token’)
Returns:	The result code

pycryptoki.token_management.c_init_token_ex(slot_num, password, token_label='Main Token')¶

Executes c_init_token(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.token_management.get_token_by_label(label)[source]¶

Iterates through all the tokens and returns the first token that has a label that is identical to the one that is passed in

Parameters:	label – The label of the token to search for
Returns:	The result code, The slot of the token

pycryptoki.token_management.get_token_by_label_ex(label)¶

Executes get_token_by_label(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.token_management.c_get_mechanism_list(slot)[source]¶

Gets the list of mechanisms from the HSM

Parameters:	slot – The slot number to get the mechanism list on
Returns:	The result code, A python dictionary representing the mechanism list

pycryptoki.token_management.c_get_mechanism_list_ex(slot)¶

Executes c_get_mechanism_list(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.token_management.c_get_mechanism_info(slot, mechanism_type)[source]¶

Gets a mechanism’s info

Parameters:	slot – The slot to query mechanism_type – The type of the mechanism to get the information for
Returns:	The result code, The mechanism info

pycryptoki.token_management.c_get_mechanism_info_ex(slot, mechanism_type)¶

Executes c_get_mechanism_info(), and checks the retcode; raising an exception if the return code is not CKR_OK.

pycryptoki.token_management.ca_get_token_policies(slot)[source]¶

Get the policies of the given slot.

Parameters:	slot (int) – Target slot number
Returns:	retcode, {id: val} dict of policies (None if command failed)

pycryptoki.token_management.ca_get_token_policies_ex(slot)¶

Executes ca_get_token_policies(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Session/Token Management¶

Session Management¶

Token Management¶

Session/Token Management ¶

Session Management ¶

Token Management ¶