Signature Provider plugin for SPSDK using PKCS#11 interface
Project description
PKCS#11 Signature Provider
Signature Provider plugin for SPSDK using PKCS#11 interface
Features
- Using a PKCS#11 library to sign data using HSM
- Supported signing schemes: RSA, RSA-PSS, ECDSA
Installation
- Activate virtual env, where you have SPSDK
- if SPSDK is not installed, the latest one will be installed automatically from PyPI
pip install spsdk-pkcs11
Usage
-
To use this Signature Provider, you have to update your signature provider configuration string(s) in YAML file(s)
-
Configuration string Parameters:
type
: set topkcs11
so_path
: Path to (or name of) your PKCS#11 library (usually delivered by HSM vendor)- Plugin is looking for the library in current directory, and paths defined in PATH environment variable
- Path can be set also in an environment variable (e.g.: $MY_PKCS_LIB)
user_pin
: Pin to your HSM- Pin can be placed directly in the config string (not recommended!)
- You may place your pin into environment variable (e.g: $MY_PKCS_PIN)
- You may place your pin into a file, then simply provide the path
token_label
and/ortoken_serial
: Label or serial to identify the Token in your HSM containing your keykey_label
and/orkey_id
: Label or ID to identify the key you want to use
-
Configuration string example:
type=pkcs11;so_path:c:/SoftHSM2/lib/softhsm2-x64.dll;user_pin=~/test_pin.txt;token_label=My token 1;key_label=rsa_2048
Limitations
Currently the plugin doesn't wok on Windows when using Python 3.12 (https://github.com/pyauth/python-pkcs11/issues/165)
Credits
This package was created with Cookiecutter and the SPSDK Signature Provider project template.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
spsdk_pkcs11-0.1.0.tar.gz
(8.8 kB
view hashes)
Built Distribution
Close
Hashes for spsdk_pkcs11-0.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | ea085447a0030fc1c67198aaf53da8382781813cd400289bc707e4cad1e54022 |
|
MD5 | bb73ed32d67c71eccab356db2c514faf |
|
BLAKE2b-256 | 385196e2ce22428013916ab0832d625fc84cb56e6235ee501da2e794b5e33045 |