Project description

Keyfactor Signature Provider

SPSDK Signature Provider plugin using Keyfactor's API

Features

Allows SPSDK to use Keyfactor for signing any arbitrary data
Users might be authenticated using Client Certificates

Installation

Activate virtual env, where you have SPSDK
- if SPSDK is not installed, the latest one will be installed automatically from PyPI
pip install spsdk_keyfactor

Usage

All of plugin configuration can be done via environment variables:

KEYFACTOR_HOST: URL of the Keyfactor host (example: "https://ray-signserver.keyfactoriot.com")
KEYFACTOR_HOST_VERIFY: Path to a TLS certificate to verify the HOST (example: "ejbcav8demo.keyfactoriot.com.pem")
KEYFACTOR_AUTH_TYPE: Type of authentication in Keyfactor
- client_certificate_key using client x509 certificate and private key
- client_certificate_pkcs12 using client PKCS#12 certificate and password (password might be stored in a file, and then password is a path to a file with the password to PKCS#12 certificate)
KEYFACTOR_AUTH_VALUE: Coma-separated string of values described by KEYFACTOR_AUTH_TYPE (example for PKCS#12: "path_to_pkcs.p12,path_to_pass.txt")
KEYFACTOR_WORKER: Name or ID of the Keyfactor Worker to use (example: "PlainSigner")
KEYFACTOR_PREHASH: Client-side pre-hashing of data (example: "NONE", "SHA-256")
- if this setting is skipped, the plugin will autodetect the value
KEYFACTOR_SIGNATURE_LENGTH: Length in bytes of the raw signature (without potential DER encoding) (example: 256 for RSA, 64 for ECC-256)
- if this setting is skipped, the plugin will autodetect the value

Environment variables may be specified in a file. By default the plugin searches for file named .keyfactor.env in the following locations: CWD, HOME, ~/.config
The path to env file also be set via environment variable KEYFACTOR_DOTENV_PATH

Once the plugin is configured, you may use it everywhere in SPSDK config files where a path to a private key or signature provider is mentioned. The identifier for this plugin is keyfactor.

Example: signProvider: type=keyfactor[;worker=myWorker]

(setting the worker name/id in SPSDK config file overrides the KEYFACTOR_WORKER setting)

Credits

This package was created with Cookiecutter and the SPSDK Signature Provider project template.

Project details

These details have not been verified by PyPI

Project links

Development Status
- 2 - Pre-Alpha
Intended Audience
- Developers
License
- OSI Approved :: BSD License
Natural Language
- English
Programming Language

Release history Release notifications | RSS feed

This version

0.1.0

Nov 15, 2024

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

spsdk_keyfactor-0.1.0.tar.gz (7.7 kB view details)

Uploaded Nov 15, 2024 Source

Built Distribution

spsdk_keyfactor-0.1.0-py3-none-any.whl (7.1 kB view details)

Uploaded Nov 15, 2024 Python 3

File details

Details for the file spsdk_keyfactor-0.1.0.tar.gz.

File metadata

Download URL: spsdk_keyfactor-0.1.0.tar.gz
Upload date: Nov 15, 2024
Size: 7.7 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/5.1.1 CPython/3.12.6

File hashes

Hashes for spsdk_keyfactor-0.1.0.tar.gz
Algorithm	Hash digest
SHA256	`95df34093d937c7ec72649a0e77314833fd0401484d1ffa5b67cc2427c7fb007`
MD5	`7f0f7ad694a2b4d5b4dad85d061519d5`
BLAKE2b-256	`35289cc5341fdee73604314d9d1391af8d2124d85e6beeab859d392e8fbb6d4b`

See more details on using hashes here.

File details

Details for the file spsdk_keyfactor-0.1.0-py3-none-any.whl.

File metadata

Download URL: spsdk_keyfactor-0.1.0-py3-none-any.whl
Upload date: Nov 15, 2024
Size: 7.1 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/5.1.1 CPython/3.12.6

File hashes

Hashes for spsdk_keyfactor-0.1.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`8cc58f048fca806ca47c72f39e902500bc21c5fe878bfd77a992e658c95450d9`
MD5	`321fcf73847808991d5d6c315f61575e`
BLAKE2b-256	`367a4392aff1aa638aee862f73d46254e11374eea744d4657da63e2fd58a4845`