6
pycrypto is a low-level module that gives you all the pieces you need to build a cryptosystem, not a complete cryptosystem implementation.
Also, pycrypto doesn’t have PKCS#11 support. And neither do the major alternatives. Even if you use one of the OpenSSL wrappers, normal builds of OpenSSL themselves don’t have PKCS#11 support compiled in. You need to specify a .dll/.so/.dylib implementing PKCS#11 for your specific hardware (or multiple such libs) at configure time and build OpenSSL.
On top of that, if you’re doing PKCS#11, one of the pieces you probably need is a way to interface with smartcards and other hardware token, and pycrypto doesn’t do that part at all.
You may want to use a higher-level library, with hardware support built in, like pykcs11. This wraps a C library that knows how to do both Windows built-in PKCS#11 and cross-platform PKCS#11, with a variety of different hardware from different vendors. Hopefully you can just use the high-level API; you may need to use the low-level API (or even combine two libraries—e.g., you might want to use pykcs11 to generate a keypair, and then use pycrypto to sign something with the private key).
1
python-pkcs11 is what you want to use. There’s documentation on signing and verifying.
- [Django]-InlineModelAdmin not showing up on admin page
- [Django]-Why does Django template prevent HTML autocomplete from functioning?