python PKCS11 REST proxy
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Code Health Travis Coverage Status

Python PKCS11 REST Proxy

A flask REST proxy for talking to a PKCS11 token wo having access to a native pkcs11 shim layer. Useful for cripled languages.

Getting started

  1. build a virtualenv
  2. install gunicorn
  3. install this application
  4. create config for your token

Checkout code

# git clone <this github url>

Build a virtualenv

# apt-get install python-virtualenv
# virtualenv /path/to/venv
# . /path/to/venv/bin/activate

Install packages

# pip install -r requirements.txt
# pip install gunicorn

Install this application

# ./setup develop

Create config

In the examples directory there is a script ( that builds a sample config based on softhsm. Install softhsm first, then run to create token, generate keys and create Finally start pyeleven in the same directory as the file:

# apt-get install libhsm-bin
# cd examples
# make
# ls  Makefile  openssl.conf  softhsm.conf  softhsm.db  test.crt  test.der
# env SOFTHSM_CONF=softhsm.conf gunicorn --log-level debug -b :8080 pyeleven:app

This should start pyeleven on port 8080. Now try to sign something by POSTing a JSON object with 'mech' and 'data' fields. Currently 'mech' is silently ignored and RSASHA1 is used for everything. This will change soon.



POST a JSON object to


with the following pattern:

{'mech': 'RSAPKCS1', 'data': base64(<to be signed>)}

if successful the response will be a JSON object:

{'mech': 'RSAPKCS1', 'slot': <slot>, 'signed': base64(<signed bytes>)}

Slot Info


returns a JSON datastructure representing information.