Class Session

x.__init__(...) initializes x; see help(type(x)) for signature

Parameters:

• pykcs11 (PyKCS11Lib) - PyKCS11 library object
• session (instance of CK_SESSION_HANDLE) - session handle

Overrides: object.__init__

Get the low level lib of the owning PyKCS11Lib

Decorators:

• @property

C_GetSessionInfo

Returns:

a CK_SESSION_INFO object

C_Login

Parameters:

• pin (string) - the user's PIN or None for CKF_PROTECTED_AUTHENTICATION_PATH
• user_type (integer) - the user type. The default value is CKU_USER. You may also use CKU_SO

C_InitPIN

Parameters:

• new_pin - new PIN

C_SetPIN

Parameters:

• old_pin - old PIN
• new_pin - new PIN

C_CreateObject

Parameters:

• template - object template

C_DestroyObject

Parameters:

• obj - object ID

C_DigestInit/C_DigestUpdate/C_DigestKey/C_DigestFinal

Parameters:

• mecha (Mechanism instance or MechanismSHA1 for CKM_SHA_1) - the digesting mechanism to be used

Returns: DigestSession

A DigestSession object

C_DigestInit/C_Digest

Parameters:

• data ((binary) sring or list/tuple of bytes) - the data to be digested
• mecha (Mechanism instance or MechanismSHA1 for CKM_SHA_1) - the digesting mechanism to be used

Returns: list of bytes

the computed digest

   bytes(ckbytelistDigest)

   ''.join(chr(i) for i in ckbytelistDigest)

C_SignInit/C_Sign

Parameters:

• key (integer) - a key handle, obtained calling findObjects.
• data ((binary) string or list/tuple of bytes) - the data to be signed
• mecha (Mechanism instance or MechanismRSAPKCS1 for CKM_RSA_PKCS) - the signing mechanism to be used

Returns: list of bytes

the computed signature

   bytes(ckbytelistSignature)

   ''.join(chr(i) for i in ckbytelistSignature)

C_VerifyInit/C_Verify

Parameters:

• key (integer) - a key handle, obtained calling findObjects.
• data ((binary) string or list/tuple of bytes) - the data that was signed
• signature ((binary) string or list/tuple of bytes) - the signature to be verified
• mecha (Mechanism instance or MechanismRSAPKCS1 for CKM_RSA_PKCS) - the signing mechanism to be used

Returns: bool

True if signature is valid, False otherwise

C_EncryptInit/C_Encrypt

Parameters:

• key (integer) - a key handle, obtained calling findObjects.
• data ((binary) string or list/tuple of bytes) - the data to be encrypted
• mecha (Mechanism instance or MechanismRSAPKCS1 for CKM_RSA_PKCS) - the encryption mechanism to be used

Returns: list of bytes

the encrypted data

   bytes(ckbytelistEncrypted)

   ''.join(chr(i) for i in ckbytelistEncrypted)

C_DecryptInit/C_Decrypt

Parameters:

• key (integer) - a key handle, obtained calling findObjects.
• data ((binary) string or list/tuple of bytes) - the data to be decrypted
• mecha (Mechanism instance or MechanismRSAPKCS1 for CKM_RSA_PKCS) - the decrypt mechanism to be used

Returns: list of bytes

the decrypted data

   bytes(ckbytelistData)

   ''.join(chr(i) for i in ckbytelistData)

C_WrapKey

Parameters:

• wrappingKey (integer) - a wrapping key handle
• key (integer) - a handle of the key to be wrapped
• mecha (Mechanism instance or MechanismRSAPKCS1 for CKM_RSA_PKCS) - the encrypt mechanism to be used

Returns: list of bytes

the wrapped key bytes

   bytes(ckbytelistData)

   ''.join(chr(i) for i in ckbytelistData)

C_UnwrapKey

Parameters:

• unwrappingKey (integer) - the unwrapping key handle
• wrappedKey ((binary) string or list/tuple of bytes) - the bytes of the wrapped key
• template - template for the unwrapped key
• mecha (Mechanism instance or MechanismRSAPKCS1 for CKM_RSA_PKCS) - the decrypt mechanism to be used

Returns: integer

the unwrapped key object

is the type a numerical value?

Parameters:

• type - PKCS#11 type like CKA_CERTIFICATE_TYPE

Returns: bool

is the type a string value?

Parameters:

• type - PKCS#11 type like CKA_LABEL

Returns: bool

is the type a boolean value?

Parameters:

• type - PKCS#11 type like CKA_ALWAYS_SENSITIVE

Returns: bool

is the type a byte array value?

Parameters:

• type - PKCS#11 type like CKA_MODULUS

Returns: bool

generate a secret key

Parameters:

• template - template for the secret key
• mecha - mechanism to use

Returns: PyKCS11.LowLevel.CK_OBJECT_HANDLE

handle of the generated key

generate a key pair

Parameters:

• templatePub - template for the public key
• templatePriv - template for the private key
• mecha - mechanism to use

Returns: tuple

a tuple of handles (pub, priv)

find the objects matching the template pattern

Parameters:

• template (list) - list of attributes tuples (attribute,value). The default value is () and all the objects are returned

Returns: list

a list of object ids

C_GetAttributeValue

Parameters:

• obj_id (integer) - object ID returned by findObjects
• attr (list) - list of attributes
• allAsBinary (Boolean) - return all values as binary data; default is False.

Returns: list

a list of values corresponding to the list of attributes

   bytes(ckbytelistVariable)

   ''.join(chr(i) for i in ckbytelistVariable)

Same as getAttributeValue except that when some attribute is sensitive or unknown an empty value (None) is returned.

Note: this is achived by getting attributes one by one.

C_SeedRandom

Parameters:

• seed (iterable) - seed material

C_GenerateRandom

Parameters:

• size (integer) - number of random bytes to get

   bytes(random)

   ''.join(chr(i) for i in random)