diff --git a/docs/applied.rst b/docs/applied.rst index 66856ba..429a502 100644 --- a/docs/applied.rst +++ b/docs/applied.rst @@ -321,7 +321,8 @@ PEM a standard for handling cryptographic objects. It is a base64 encoded version of the binary DER object. The label indicates the type of object, and thus what ASN.1 model to use. `python-pkcs11` does not include PEM parsing, -you should include another package if required. +you should include another package if required. :mod:`asn1crypto.pem` is a +dependency of `python-pkcs11`. Getting a Session ----------------- @@ -656,17 +657,16 @@ Both specifications are specified using the same `attribute`: public, private = parameters.generate_keypair() -Named curves (e.g. `prime256v1`) can be specified like this: +Named curves (e.g. `secp256r1`) can be specified like this: :: from pkcs11 import Attribute from pkcs11.util.ec import encode_named_curve_parameters - from pyasn1_modules.rfc3279 import prime256v1 parameters = session.create_domain_parameters(KeyType.EC, { - Attribute.EC_PARAMS: encode_named_curve_parameters(prime256v1) + Attribute.EC_PARAMS: encode_named_curve_parameters('secp256r1') }, local=True) Key pairs can be generated from the domain parameters: @@ -702,11 +702,10 @@ DER-encoded into attributes that can be used with .. note:: PEM certificates are base64-encoded versions of the canonical DER-encoded - forms used in `python-pkcs11`. Converting between PEM and DER is beyond the - scope of `python-pkcs11`. + forms used in `python-pkcs11`. Conversion between PEM and DER can be + achieved using `asn1crypto.pem + `_. - :mod:`pyasn1` and :mod:`pyasn1_modules` are required to import and export - DER-encoded objects. AES/DES ~~~~~~~ diff --git a/docs/opensc.rst b/docs/opensc.rst index 343f535..2c65d4a 100644 --- a/docs/opensc.rst +++ b/docs/opensc.rst @@ -73,12 +73,10 @@ EC :: - from pyasn1_modules.rfc3279 import prime256v1 - with token.open(user_pin='1234', rw=True) as session: ecparams = session.create_domain_parameters( pkcs11.KeyType.EC, { - pkcs11.Attribute.EC_PARAMS: pkcs11.util.ec.encode_named_curve_parameters(prime256v1), + pkcs11.Attribute.EC_PARAMS: pkcs11.util.ec.encode_named_curve_parameters('secp256r1'), }, local=True) pub, priv = ecparams.generate_keypair(store=True, diff --git a/pkcs11/constants.py b/pkcs11/constants.py index 4470553..0636b1c 100644 --- a/pkcs11/constants.py +++ b/pkcs11/constants.py @@ -256,20 +256,20 @@ class Attribute(IntEnum): """ DER-encoded ANSI X9.62 Elliptic-Curve domain parameters (:class:`bytes`). - These can be output by OpenSSL (for named curves): + These can packed using :mod:`pkcs11.util.ec.encode_named_curve_parameters`: :: - openssl ecparam -outform der -name | base64 + from pkcs11.util.ec import encode_named_curve_parameters + + ecParams = encode_named_curve_parameters('secp256r1') - Or packed using :mod:`pyasn1`: + Or output by OpenSSL: :: - from pyasn1_modules.rfc3279 import prime256v1 - from pkcs11.ecutils import encode_named_curve_parameters + openssl ecparam -outform der -name | base64 - ecParams = encode_named_curve_parameters(prime256v1) """ EC_POINT = 0x00000181 diff --git a/pkcs11/util/__init__.py b/pkcs11/util/__init__.py index bb27db2..d17bc99 100644 --- a/pkcs11/util/__init__.py +++ b/pkcs11/util/__init__.py @@ -1,13 +1,13 @@ def biginteger(value): """ Returns a PKCS#11 biginteger bytestream from a Python integer or - similar type (e.g. :class:`pyasn1.type.univ.Integer`). + similar type (e.g. :class:`asn1crypto.core.Integer`). :param int value: Value :rtype: bytes """ - value = int(value) # In case it's a PyASN1 type or similar + value = int(value) # In case it's a asn1 type or similar return value.to_bytes((value.bit_length() + 7) // 8, byteorder='big') diff --git a/pkcs11/util/ec.py b/pkcs11/util/ec.py index fa7e2de..3ca344b 100644 --- a/pkcs11/util/ec.py +++ b/pkcs11/util/ec.py @@ -20,10 +20,11 @@ def encode_named_curve_parameters(oid): """ Return DER-encoded ANSI X.62 EC parameters for a named curve. - Curve names are given by object identifier and can be found in - :mod:`pyasn1_modules.rfc3279`. + Curve names are given by object identifier or common name. Names come + from `asn1crypto + `_. - :param str curve: named curve + :param str oid: OID or named curve :rtype: bytes """ return ECDomainParameters(