The Python library allows you to interface with a YubiHSM 2 through the Connector service using the Python programming language. It supports both Python 2 and 3.
The recommended way to install the library is by using pip
inside a
virtualenv
. To create and activate a virtualenv, just run:
virtualenv yubihsm Running virtualenv with interpreter /usr/bin/python3 New python executable in /home/user/yubihsm/bin/python3 Also creating executable in /home/user/yubihsm/bin/python Installing setuptools, pkg_resources, pip, wheel...done. source yubihsm/bin/activate (yubihsm) $ pip install yubihsm[http,usb] Collecting yubihsm-2.0.0 ... Successfully installed asn1crypto-0.22.0 cffi-1.10.0 cryptography-1.8.1 enum34-1.1.6 idna-2.5 ipaddress-1.0.18 pycparser-2.17 pyusb-1.0.2 requests-2.13.0 yubihsm-2.0.0 (yubihsm) $
Note
|
The cryptography dependency uses C extensions, and therfore has some build
dependencies. For detailed instructions on getting building, see:
https://cryptography.io/en/latest/installation/ |
from yubihsm import YubiHsm from yubihsm.objects import AsymmetricKey from yubihsm.defs import ALGORITHM, CAPABILITY Connect to the Connector and establish a session using the default auth key: hsm = YubiHsm.connect("http://localhost:12345") session = hsm.create_session_derived(1, "password") Create a new EC key for signing: key = AsymmetricKey.generate(session, 0, "EC Key", 1, CAPABILITY.SIGN_ECDSA, ALGORITHM.EC_P256) Sign a message data = b'Hello world!' signature = key.sign_ecdsa(data) Delete the key from the YubiHSM 2 key.delete() Close session and connection: session.close() hsm.close()