Encryption/Decryption¶
Encryption¶
-
pypkcs11.encryption.c_encrypt(h_session, h_key, data, mechanism, output_buffer=None)¶ Encrypts data with a given key and encryption flavor encryption flavors
Note
If data is a list or tuple of strings, multi-part encryption will be used.
Parameters: - h_session (int) – Current session
- h_key (int) – The key handle to encrypt the data with
- data –
The data to encrypt, either a bytestring or a list of bytestrings. If this is a list a multipart operation will be used
Note
This will be converted to hexadecimal by calling:
to_hex(from_bytestring(data))
If you need to pass in raw hex data, call:
to_bytestring(from_hex(hex-data))
- References:
- mechanism – See the
parse_mechanism()function for possible values. - output_buffer (list|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns: (Retcode, Python bytestring of encrypted data)
Return type: tuple
Decryption¶
-
pypkcs11.encryption.c_decrypt(h_session, h_key, encrypted_data, mechanism, output_buffer=None)¶ Decrypt given data with the given key and mechanism.
Note
If data is a list or tuple of strings, multi-part decryption will be used.
Parameters: - h_session (int) – The session to use
- h_key (int) – The handle of the key to use to decrypt
- encrypted_data (bytes) –
Data to be decrypted
Note
Data will be converted to hexadecimal by calling:
to_hex(from_bytestring(data))
If you need to pass in raw hex data, call:
to_bytestring(from_hex(hex-data))
- References:
- mechanism – See the
parse_mechanism()function for possible values. - output_buffer (list|int) – Integer or list of integers that specify a size of output buffer to use for an operation. By default will query with NULL pointer buffer to get required size of buffer.
Returns: (Retcode, Python bytestring of decrypted data))
Return type: tuple
Key Wrapping/Unwrapping¶
-
pypkcs11.encryption.c_wrap_key(h_session, h_wrapping_key, h_key, mechanism, output_buffer=None)¶ Wrap a key into an encrypted data blob.
Parameters: Returns: (Retcode, python bytestring representing wrapped key)
Return type: tuple
-
pypkcs11.encryption.c_unwrap_key(h_session, h_unwrapping_key, wrapped_key, key_template, mechanism)¶ Unwrap a key from an encrypted data blob.
Parameters: - h_session (int) – The session to use
- h_unwrapping_key (int) – The wrapping key handle
- wrapped_key (bytes) –
The wrapped key
Note
Data will be converted to hexadecimal by calling:
to_hex(from_bytestring(data))
If you need to pass in raw hex data, call:
to_bytestring(from_hex(hex-data))
- References:
- key_template (dict) – The python template representing the new key’s template
- mechanism – See the
parse_mechanism()function for possible values.
Returns: (Retcode, unwrapped key handle)
Return type: tuple
Multipart Helper¶
-
pypkcs11.encryption.do_multipart_operation(h_session, c_update_function, c_finalize_function, input_data_list, output_buffer=None)¶ Some code which will do a multipart encrypt or decrypt since they are the same with just different functions called
Parameters: - h_session (int) – Session handle
- c_update_function – C_<NAME>Update function to call to update each operation.
- c_finalize_function – Function to call at end of multipart operation.
- input_data_list –
List of data to call update function on.
Note
Data will be converted to hexadecimal by calling:
to_hex(from_bytestring(data))
If you need to pass in raw hex data, call:
to_bytestring(from_hex(hex-data))
- References:
- output_buffer (list) – List of integers that specify a size of output buffers to use for multi-part operations. By default will query with NULL pointer buffer to get required size of buffer