Sign/Verify operations

Sign

pycryptoki.sign_verify.c_sign(h_session, h_key, data_to_sign, mechanism, output_buffer=None)[source]

Signs the given data with given key and mechanism.

Note

If data is a list or tuple of strings, multi-part operations will be used.

Parameters:
  • h_session (int) – Session handle
  • data_to_sign

    The data to sign, either a string or a list of strings. If this is a list a multipart operation will be used (using C_…Update and C_…Final)

    ex:

    • ”This is a proper argument of some data to use in the function”
    • [“This is another format of data this”, “function will accept.”, “It will operate on these strings in parts”]
  • h_key (int) – The signing key
  • mechanism – See the parse_mechanism() function for possible values.
  • output_buffer (list|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns:

(retcode, python string of signed data)
Return type:

tuple
pycryptoki.sign_verify.c_sign_ex(h_session, h_key, data_to_sign, mechanism, output_buffer=None)

Executes c_sign(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Note

By default, this will not return the return code if the function returns additional data.

Example:

retcode, key_handle = c_generate_key(...)
#vs
key_handle = c_generate_key_ex(...)

If the function only returns the retcode, then that will still be returned:

retcode = c_seed_random(...)
retcode = c_seed_random_ex(...)

Verify

pycryptoki.sign_verify.c_verify(h_session, h_key, data_to_verify, signature, mechanism)[source]

Verifies data with the given signature, key and mechanism.

Note

If data is a list or tuple of strings, multi-part operations will be used.

Parameters:
  • h_session (int) – Session handle
  • data_to_verify

    The data to sign, either a string or a list of strings. If this is a list a multipart operation will be used (using C_…Update and C_…Final)

    ex:

    • ”This is a proper argument of some data to use in the function”
    • [“This is another format of data this”, “function will accept.”, “It will operate on these strings in parts”]
  • signature (bytes) – Signature with which to verify the data.
  • h_key (int) – The verifying key
  • mechanism – See the parse_mechanism() function for possible values.
Returns:

retcode of verify operation
pycryptoki.sign_verify.c_verify_ex(h_session, h_key, data_to_verify, signature, mechanism)

Executes c_verify(), and checks the retcode; raising an exception if the return code is not CKR_OK.

Note

By default, this will not return the return code if the function returns additional data.

Example:

retcode, key_handle = c_generate_key(...)
#vs
key_handle = c_generate_key_ex(...)

If the function only returns the retcode, then that will still be returned:

retcode = c_seed_random(...)
retcode = c_seed_random_ex(...)
pycryptoki.sign_verify.do_multipart_verify(h_session, input_data_list, signature)[source]

Do a multipart verify operation

Parameters:
  • h_session (int) – Session handle
  • input_data_list – list of data to verify with
  • signature – signature to verify
Returns:

The result code