Python Library

The Python library allows you to interface with a YubiHSM 2 through the Connector service using the Python programming language. It supports both Python 2 and 3.

The recommended way to install the library is by using pip inside a virtualenv. To create and activate a virtualenv, just run:

virtualenv yubihsm
Running virtualenv with interpreter /usr/bin/python3
New python executable in /home/user/yubihsm/bin/python3
Also creating executable in /home/user/yubihsm/bin/python
Installing setuptools, pkg_resources, pip, wheel...done.

source yubihsm/bin/activate
(yubihsm) $ pip install yubihsm[http,usb]
Collecting yubihsm-2.0.0
...
Successfully installed asn1crypto-0.22.0 cffi-1.10.0 cryptography-1.8.1 enum34-1.1.6 idna-2.5 ipaddress-1.0.18 pycparser-2.17 pyusb-1.0.2 requests-2.13.0 yubihsm-2.0.0
(yubihsm) $
Note
The cryptography dependency uses C extensions, and therfore has some build dependencies. For detailed instructions on getting building, see: https://cryptography.io/en/latest/installation/
from yubihsm import YubiHsm
from yubihsm.objects import AsymmetricKey
from yubihsm.defs import ALGORITHM, CAPABILITY

Connect to the Connector and establish a session using the default auth key:
hsm = YubiHsm.connect("http://localhost:12345/connector/api")
session = hsm.create_session_derived(1, "password")

Create a new EC key for signing:
key = AsymmetricKey.generate(session, 0, "EC Key", 1, CAPABILITY.SIGN_ECDSA, ALGORITHM.EC_P256)

Sign a message
data = b'Hello world!'
signature = key.sign_ecdsa(data)

Delete the key from the YubiHSM 2
key.delete()

Close session and connection:
session.close()
hsm.close()