Python library for signing x509 using keys in an pkcs11 device such as a HSM
Project description
python_x509_pkcs11
Seamless signing x509 using PKCS11 device for key storage
Currently supports
- Creating a root CA and generating its RSA key in the PKCS11 device
- Using the key in the PKCS11 device to sign certificates (or Intermediate CAs)
- Creating CRLs with the PKCS11 device key
- Store multiple keys in the PKCS11 device enabling a full PKI infrastructure
- 'Advanced' handling of fragile persistent PKCS11 sessions, including recreating the session if PKCS11 operation timeout
This package is pretty much a wrapper around python-pkcs11 and asn1crypto
Setup
# Install this package
pip install python_x509_pkcs11
# Install deps and add your user to the softhsm group
sudo apt-get install opensc softhsm2
sudo usermod -a -G softhsm $USER
sudo reboot # Yeah seem to not update your groups without a reboot
# export env values the code will use
export PKCS11_MODULE="/usr/lib/softhsm/libsofthsm2.so"
export PKCS11_PIN="1234"
export PKCS11_TOKEN="my_test_token_1"
# Initialize the token
softhsm2-util --init-token --slot 0 --label $PKCS11_TOKEN --pin $PKCS11_PIN --so-pin $PKCS11_PIN
Usage
Look at the documentation
The tests are also a good starting point If you are using the code in tests then dont forget to change
from src.python_x509_pkcs11 import csr
# to
from python_x509_pkcs11 import csr
Tests
# Install the package
pip install python_x509_pkcs11
# Export env vars
export PKCS11_MODULE="/usr/lib/softhsm/libsofthsm2.so"
export PKCS11_TOKEN='my_test_token_1'
export PKCS11_PIN='1234'
# Delete and init a token
softhsm2-util --delete-token --token my_test_token_1
softhsm2-util --init-token --slot 0 --label $PKCS11_TOKEN --pin $PKCS11_PIN --so-pin $PKCS11_PIN
# Run unittest with mypy, pylint and pycodestyle
mypy --strict --namespace-packages --ignore-missing-imports tests/*.py \
&& pylint tests/*.py \
&& pycodestyle tests/*.py \
&& python3 -m unittest
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
python_x509_pkcs11-0.1.8.tar.gz
(10.8 kB
view details)
Built Distribution
File details
Details for the file python_x509_pkcs11-0.1.8.tar.gz.
File metadata
- Download URL: python_x509_pkcs11-0.1.8.tar.gz
- Upload date:
- Size: 10.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.9.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6d196ce39d42f5b1c5f33deaef7e9bf9a18fa38123cd85a050ce32d7ec8632c1 |
|
| MD5 | b0cf3e5ecb4d1ec02c7269b555d511cc |
|
| BLAKE2b-256 | ce102a2e780dee63a0a0935a679eb53e4fc97cb4f596414c8ad912c72871f5aa |
File details
Details for the file python_x509_pkcs11-0.1.8-py3-none-any.whl.
File metadata
- Download URL: python_x509_pkcs11-0.1.8-py3-none-any.whl
- Upload date:
- Size: 11.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.9.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2e1e178e54b1f5a950aa81ed98ae67e626d1b8a6660c2944e9ae86b73cada030 |
|
| MD5 | a618ca3e33fe12f61076aae6c5765859 |
|
| BLAKE2b-256 | 7b6d8bda232c032ae1813c4e9ccf72e5d398f13781db83c613df1fde6a512fa2 |
