pyhanko.sign.pkcs11 module¶
This module provides PKCS#11 integration for pyHanko, by providing a wrapper
for python-pkcs11 that can be
seamlessly plugged into a PdfSigner
.
-
class
pyhanko.sign.pkcs11.
PKCS11Signer
(pkcs11_session: pkcs11.types.Session, cert_label: str, ca_chain=None, key_label=None)¶ Bases:
pyhanko.sign.signers.Signer
Signer implementation for PKCS11 devices.
Note: this class only supports the “RSA with PKCS#1 v1.5” scheme. In particular, there’s no ECDSA support (yet).
-
signature_mechanism
: asn1crypto.algos.SignedDigestAlgorithm¶ The (cryptographic) signature mechanism to use.
-
property
cert_registry
¶
-
property
signing_cert
¶
-
sign_raw
(data: bytes, digest_algorithm: str, dry_run=False) → bytes¶ Compute the raw cryptographic signature of the data provided, hashed using the digest algorithm provided.
- Parameters
data – Data to sign.
digest_algorithm –
Digest algorithm to use.
Warning
If
signature_mechanism
also specifies a digest, they should match.dry_run – Do not actually create a signature, but merely output placeholder bytes that would suffice to contain an actual signature.
- Returns
Signature bytes.
-