Signature Provider plugin for SPSDK using PKCS#11 interface
Project description
PKCS#11 Signature Provider
Signature Provider plugin for SPSDK using PKCS#11 interface
Features
- Using a PKCS#11 library to sign data using HSM
- Supported signing schemes: RSA, RSA-PSS, ECDSA
Installation
- Activate virtual env, where you have SPSDK
- if SPSDK is not installed, the latest one will be installed automatically from PyPI
pip install spsdk-pkcs11
Usage
-
To use this Signature Provider, you have to update your signature provider configuration string(s) in YAML file(s)
-
Configuration string Parameters:
type
: set topkcs11
so_path
: Path to (or name of) your PKCS#11 library (usually delivered by HSM vendor)- Plugin is looking for the library in current directory, and paths defined in PATH environment variable
- Path can be set also in an environment variable (e.g.: $MY_PKCS_LIB)
user_pin
: Pin to your HSM- Pin can be placed directly in the config string (not recommended!)
- You may place your pin into environment variable (e.g: $MY_PKCS_PIN)
- You may place your pin into a file, then simply provide the path
token_label
and/ortoken_serial
: Label or serial to identify the Token in your HSM containing your keykey_label
and/orkey_id
: Label or ID to identify the key you want to use
-
Configuration string example:
type=pkcs11;so_path:c:/SoftHSM2/lib/softhsm2-x64.dll;user_pin=~/test_pin.txt;token_label=My token 1;key_label=rsa_2048
Limitations
Currently the plugin doesn't wok on Windows when using Python 3.12 (https://github.com/pyauth/python-pkcs11/issues/165)
Credits
This package was created with Cookiecutter and the SPSDK Signature Provider project template.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
spsdk_pkcs11-0.1.0.tar.gz
(8.8 kB
view details)
Built Distribution
File details
Details for the file spsdk_pkcs11-0.1.0.tar.gz
.
File metadata
- Download URL: spsdk_pkcs11-0.1.0.tar.gz
- Upload date:
- Size: 8.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.2
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | d9f1c3c8bca975aaeeabcf52eb81a5181c6e49a3c91b56ff826d844e4ec850d9 |
|
MD5 | 0ecb97f18c79e79c96ee93fbc29bd5cf |
|
BLAKE2b-256 | 8cee3691411692e02528bc14ef2e8e777ffb9b973eb87d47b23eccf77baa2802 |
Provenance
File details
Details for the file spsdk_pkcs11-0.1.0-py3-none-any.whl
.
File metadata
- Download URL: spsdk_pkcs11-0.1.0-py3-none-any.whl
- Upload date:
- Size: 6.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.2
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | ea085447a0030fc1c67198aaf53da8382781813cd400289bc707e4cad1e54022 |
|
MD5 | bb73ed32d67c71eccab356db2c514faf |
|
BLAKE2b-256 | 385196e2ce22428013916ab0832d625fc84cb56e6235ee501da2e794b5e33045 |