PyKCS11 code samples
This section contains some examples of use of PyKCS11, HighLevel and LowLevel interfaces.
As you can see PyKCS11 LowLevel? interface is just a thin layer over the PKCS#11 API because it was designed as a PKCS#11 testing tool. Using LowLevel interface is not very different than using a PKCS#11 module from C language.
The HighLevel? is built on the LowLevel interface and is much simpler to use.
- Dumping all objects on a Token (HighLevel interface)
- Showing Token infromations (HighLevel interface)
- Unblocking user PIN (HighLevel interface)
- Enumerating all slots and tokens (LowLevel interface)
- Finding all objects in a token (LowLevel interface)
- Dumping all objects on a Token (LowLevel interface)
- Initializing a Token (LowLevel interface)
Dumping all objects on a Token (HighLevel interface)
Showing Token infromations (HighLevel interface)
Unblocking user PIN (HighLevel interface)
Enumerating all slots and tokens (LowLevel interface)
This code lists all slots and prints information on any inserted token it finds.
from PyKCS11 import LowLevel import sys lib = "incryptoki2.dll" # place here your PKCS#11 library a = LowLevel.CPKCS11Lib() info = LowLevel.CK_INFO() slotList = LowLevel.ckintlist() slotInfo = LowLevel.CK_SLOT_INFO() tokenInfo = LowLevel.CK_TOKEN_INFO() loadRes = a.Load(lib, 1) print "Load of library '%s' : %s " % (lib, str(loadRes) ) if not loadRes: sys.exit(1) print "C_GetInfo: rv=" , hex(a.C_GetInfo(info)) print "Library manufacturerID: ", info.GetManufacturerID() # listing all slots (also empty slots) rv = a.C_GetSlotList(0, slotList) print "C_GetSlotList(): rv=", hex(rv) if (rv != LowLevel.CKR_OK): sys.exit(1) print "Available Slots: ", len(slotList) for x in xrange(len(slotList)): rv = a.C_GetSlotInfo(slotList[x], slotInfo) print "\tC_SlotInfo(): rv=" + hex(rv) if (rv != LowLevel.CKR_OK): continue print "\t\tSlot N. %d, ID=%d, name='%s'" \ % (x, slotList[x], slotInfo.GetSlotDescription().strip() ) if (slotInfo.flags & LowLevel.CKF_TOKEN_PRESENT): rv = a.C_GetTokenInfo(slotList[x], tokenInfo) print "\tC_GetTokenInfo(): rv=" + hex(rv) if (rv == LowLevel.CKR_OK): print "\t\tTokenInfo: Label='%s', ManufacturerID='%s'" \ % (tokenInfo.GetLabel(), tokenInfo.GetManufacturerID()) elif (rv == LowLevel.CKR_TOKEN_NOT_RECOGNIZED \ or rv == LowLevel.CKR_TOKEN_NOT_PRESENT): print "\tUnknown token in reader '%s'" \ % slotInfo.GetSlotDescription().strip()
Finding all objects in a token (LowLevel interface)
This code lists all objects contained in the first token found.
from PyKCS11 import LowLevel import sys lib = "incryptoki2.dll" # place here your PKCS#11 library pin = "12345678" # place here the pin of your token a = LowLevel.CPKCS11Lib() info = LowLevel.CK_INFO() slotList = LowLevel.ckintlist() loadRes = a.Load(lib, 1) print "Load of library '%s' : %s " % (lib, str(loadRes) ) if not loadRes: sys.exit(1) print "C_GetInfo: rv=" , hex(a.C_GetInfo(info)) print "Library manufacturerID: ", info.GetManufacturerID() # listing only slots with a token inside. rv = a.C_GetSlotList(1, slotList) if (rv != LowLevel.CKR_OK): sys.exit(1) if len(slotList) == 0: print "Please insert a token in any slot" sys.exit(1) session = LowLevel.CK_SESSION_HANDLE() rv = a.C_OpenSession(slotList[0], LowLevel.CKF_SERIAL_SESSION, session) print "C_OpenSession(): rv=", hex(rv) rv = a.C_Login(session, LowLevel.CKU_USER, pin) print "C_Login(): rv=" + hex(rv) SearchResult = LowLevel.ckobjlist(10) SearchTemplate = LowLevel.ckattrlist(2) SearchTemplate[0].SetNum(LowLevel.CKA_CLASS, LowLevel.CKO_CERTIFICATE) SearchTemplate[1].SetBool(LowLevel.CKA_TOKEN, True) rv = a.C_FindObjectsInit(session, SearchTemplate) print "C_FindObjectsInit: rv=", hex(rv) if (rv != LowLevel.CKR_OK): sys.exit(1) rv = a.C_FindObjects(session, SearchResult) print "C_FindObjects: rv=", hex(rv) if (rv != LowLevel.CKR_OK): sys.exit(1) print "C_FindObjectsFinal: rv=", hex(a.C_FindObjectsFinal(session)) for x in SearchResult: print "object handle: 0x%08X" % x.value() valTemplate = LowLevel.ckattrlist(2) valTemplate[0].SetType(LowLevel.CKA_LABEL) valTemplate[1].SetType(LowLevel.CKA_CLASS) # please note the dobule call to C_GetAttributeValue: # first call to get data size and second call to actually get the data. rv = a.C_GetAttributeValue(session, x, valTemplate) print "C_GetAttributeValue(1): rv=", hex(rv) if (rv == LowLevel.CKR_OK): print "CKA_LABEL Len: ", valTemplate[0].GetLen(), \ " CKA_CLASS Len: ",valTemplate[1].GetLen() rv = a.C_GetAttributeValue(session, x, valTemplate) print "C_GetAttributeValue(2): rv=", hex(rv) if (rv == LowLevel.CKR_OK): print "\tCKA_LABEL: ", valTemplate[0].GetString() print "\tCKA_CLASS: ", valTemplate[1].GetNum() print "C_Logout(): rv=", hex(a.C_Logout(session)) print "C_CloseSession(): rv=", hex(a.C_CloseSession(session)) print "C_Finalize(): rv=", hex(a.C_Finalize()) print "Unloading library: result=", a.Unload()
