'''Created Feb 24, 2021 Levi''' import os import ssl import urllib.request import tempfile import platform import keyring from keyring import backends import PyKCS11 import asn1crypto.pem import binascii from PyKCS11.LowLevel import (CKF_SERIAL_SESSION, CKF_RW_SESSION, CKO_PRIVATE_KEY, CKA_ID, CKA_CLASS, CKM_SHA1_RSA_PKCS, CKO_PUBLIC_KEY) if platform.system() == 'Linux': keyring.backend._load_plugins() keyring.set_keyring(backends.SecretService.Keyring()) lib = PyKCS11.PyKCS11Lib() lib.load(os.getenv('PKCS11_MODULE')) token_present = True slot = lib.getSlotList(tokenPresent=True)[0] slots = lib.getSlotList(token_present) print(lib.getMechanismList(slot)) print("Available Slots:", len(slots), slots) for s in slots: try: i = lib.getSlotInfo(s) print("Slot no:", s) print("slotDescription", i.slotDescription.strip()) print("manufacturerID", i.manufacturerID.strip()) t = lib.getTokenInfo(s) print("TokenInfo") print("label", t.label.strip()) print("manufacturerID", t.manufacturerID.strip()) print("model", t.model.strip()) except PyKCS11.PyKCS11Error as e: print("Error:", e) keyID = (0x38, 0x7b, 0x4b, 0x49, 0xe2, 0xe7, 0x10, 0x4f, 0x60, 0x15, 0xc1, 0x42, 0x38, 0x6c, 0x3d, 0x41, 0x43, 0x5e, 0x91, 0x9b,) session = lib.openSession(slot, CKF_SERIAL_SESSION | CKF_RW_SESSION) session.login(keyring.get_password('sig', 'token').strip()) toSign = "48656c6c6f20776f726c640d0a" privKey = session.findObjects([(CKA_CLASS, CKO_PRIVATE_KEY), (CKA_ID, keyID)])[0] print(privKey) signature = session.sign(privKey, binascii.unhexlify(toSign), PyKCS11.Mechanism(CKM_SHA1_RSA_PKCS, None)) # key_dict = privKey.to_dict() pubKey = session.findObjects([(CKA_CLASS, CKO_PUBLIC_KEY), (CKA_ID, keyID)])[0] result = session.verify(pubKey, binascii.unhexlify(toSign), signature, PyKCS11.Mechanism(CKM_SHA1_RSA_PKCS, None)) print("\nVerified:", result) # print(privKey) session.logout() session.closeSession()