Skip to main content

Signature Provider plugin for SPSDK using PKCS#11 interface

Project description

PKCS#11 Signature Provider

Signature Provider plugin for SPSDK using PKCS#11 interface

Features

  • Using a PKCS#11 library to sign data using HSM
  • Supported signing schemes: RSA, RSA-PSS, ECDSA

Installation

  • Activate virtual env, where you have SPSDK
    • if SPSDK is not installed, the latest one will be installed automatically from PyPI
  • pip install spsdk-pkcs11

Usage

  • To use this Signature Provider, you have to update your signature provider configuration string(s) in YAML file(s)

  • Configuration string Parameters:

    • type: set to pkcs11
    • so_path: Path to (or name of) your PKCS#11 library (usually delivered by HSM vendor)
      • Plugin is looking for the library in current directory, and paths defined in PATH environment variable
      • Path can be set also in an environment variable (e.g.: $MY_PKCS_LIB)
    • user_pin: Pin to your HSM
      • Pin can be placed directly in the config string (not recommended!)
      • You may place your pin into environment variable (e.g: $MY_PKCS_PIN)
      • You may place your pin into a file, then simply provide the path
    • token_label and/or token_serial: Label or serial to identify the Token in your HSM containing your key
    • key_label and/or key_id: Label or ID to identify the key you want to use
  • Configuration string example:

    • type=pkcs11;so_path:c:/SoftHSM2/lib/softhsm2-x64.dll;user_pin=~/test_pin.txt;token_label=My token 1;key_label=rsa_2048

Limitations

Currently the plugin doesn't wok on Windows when using Python 3.12 (https://github.com/pyauth/python-pkcs11/issues/165)

Credits

This package was created with Cookiecutter and the SPSDK Signature Provider project template.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

spsdk_pkcs11-0.1.0.tar.gz (8.8 kB view details)

Uploaded Source

Built Distribution

spsdk_pkcs11-0.1.0-py3-none-any.whl (6.5 kB view details)

Uploaded Python 3

File details

Details for the file spsdk_pkcs11-0.1.0.tar.gz.

File metadata

  • Download URL: spsdk_pkcs11-0.1.0.tar.gz
  • Upload date:
  • Size: 8.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.0 CPython/3.12.2

File hashes

Hashes for spsdk_pkcs11-0.1.0.tar.gz
Algorithm Hash digest
SHA256 d9f1c3c8bca975aaeeabcf52eb81a5181c6e49a3c91b56ff826d844e4ec850d9
MD5 0ecb97f18c79e79c96ee93fbc29bd5cf
BLAKE2b-256 8cee3691411692e02528bc14ef2e8e777ffb9b973eb87d47b23eccf77baa2802

See more details on using hashes here.

Provenance

File details

Details for the file spsdk_pkcs11-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for spsdk_pkcs11-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 ea085447a0030fc1c67198aaf53da8382781813cd400289bc707e4cad1e54022
MD5 bb73ed32d67c71eccab356db2c514faf
BLAKE2b-256 385196e2ce22428013916ab0832d625fc84cb56e6235ee501da2e794b5e33045

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page