Python library for signing x509 using keys in an pkcs11 device
Project description
python_x509_pkcs11
Seamless signing x509 using PKCS11 device for key storage
Currently supports
- Creating a root CA and generating its RSA key in the PKCS11 device
- Using the key in the PKCS11 device to sign certificates (or Intermediate CAs)
- Creating CRLs with the PKCS11 device key
- Store multiple keys in the PKCS11 device enabling a full PKI infrastructure
- 'Advanced' handling of fragile persistent PKCS11 sessions, including recreating the session if PKCS11 operation timeout
This package is pretty much a wrapper around python-pkcs11 and asn1crypto
Setup
# Install this package
pip install python_x509_pkcs11
# Install deps and add your user to the softhsm group
sudo apt-get install opensc softhsm2
sudo usermod -a -G softhsm $USER
sudo reboot # Yeah seem to not update your groups without a reboot
# export env values the code will use
export PKCS11_MODULE="/usr/lib/softhsm/libsofthsm2.so"
export PKCS11_PIN="1234"
export PKCS11_TOKEN="my_test_token_1"
# Initialize the token
softhsm2-util --init-token --slot 0 --label $PKCS11_TOKEN --pin $PKCS11_PIN --so-pin $PKCS11_PIN
Usage
Look at the tests/test_root_ca.py
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
python_x509_pkcs11-0.1.3.tar.gz
(510.2 kB
view hashes)
Built Distribution
Close
Hashes for python_x509_pkcs11-0.1.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | d1ddd6c110d44e2b453a02ee499612d9b18aecadcf69cbd382f1e3a710ac2aa3 |
|
MD5 | d17eb9b07dfc1c7f5f34e1ff0b28db6a |
|
BLAKE2b-256 | 6f356e7913a0db25b7214da6090e8550ba0a5dff332362a4cc86e2b238cbcec9 |