pyhanko.sign.pkcs11 module

This module provides PKCS#11 integration for pyHanko, by providing a wrapper for python-pkcs11 that can be seamlessly plugged into a PdfSigner.

class pyhanko.sign.pkcs11.PKCS11Signer(pkcs11_session: pkcs11.types.Session, cert_label: str, ca_chain=None, key_label=None)

Bases: pyhanko.sign.signers.Signer

Signer implementation for PKCS11 devices.

Note: this class only supports the “RSA with PKCS#1 v1.5” scheme. In particular, there’s no ECDSA support (yet).

signature_mechanism: asn1crypto.algos.SignedDigestAlgorithm

The (cryptographic) signature mechanism to use.

property cert_registry
property signing_cert
sign_raw(data: bytes, digest_algorithm: str, dry_run=False) → bytes

Compute the raw cryptographic signature of the data provided, hashed using the digest algorithm provided.

  • data – Data to sign.

  • digest_algorithm

    Digest algorithm to use.


    If signature_mechanism also specifies a digest, they should match.

  • dry_run – Do not actually create a signature, but merely output placeholder bytes that would suffice to contain an actual signature.


Signature bytes.