Package nss :: Module nss :: Class PK11Slot
[hide private]
[frames] | no frames]

Class PK11Slot

object --+
         |
        PK11Slot

An object representing a PKCS #11 Slot

Instance Methods [hide private]
 
__init__(...)
x.__init__(...) initializes x; see x.__class__.__doc__ for signature
a new object with type S, a subtype of T

__new__(T, S, ...)
:Parameters:

authenticate(load_certs=False, user_data1=..., ...)
load_certs : bool If True load certificates after authenticating.
 
generate_key_pair(...)
generate_key_pair(mechanism, key_params, token, sensitive, [user_data1, ...]) -> public_key, private_key
length

get_best_key_length(mechanism)
:Parameters: mechanism : int key mechanism enumeration constant (CKM_*)
mechanism

get_best_wrap_mechanism()
Find the best key wrap mechanism for this slot.
integer

get_disabled_reason()
Returns a diabled reason enumerated constant (i.e.
bool

has_protected_authentication_path()
Returns True if token has a "protected authentication path", whereby a user can log into the token without passing a PIN through the library, False otherwise.
bool

has_root_certs()
Returns True if the slot contains the root certificate , False otherwise.
bool

is_disabled()
Returns True if the slot is disabled, False otherwise.
bool

is_friendly()
Returns True if the slot allows certificates to be read without logging in to the token, False otherwise.
bool

is_hw()
Returns True if the slot is implemented in hardware, False otherwise.
bool

is_internal()
Returns True if the the slot is internal, False otherwise.
bool

is_logged_in(user_data1=..., ...)
:Parameters: user_data1 : object ...
bool

is_present()
Returns True if the slot's token present, False otherwise.
bool

is_read_only()
Returns True if the the slot is read-only, False otherwise.
bool

is_removable()
Returns True if the token is removable, False otherwise.
 
key_gen(...)
key_gen(mechanism, sec_param, key_size, [user_data1, ...]) -> PK11SymKey object
 
logout(...)
logout()l
bool

need_login()
Returns True if there are some cryptographic functions that a user must be logged in to perform, False otherwise.
bool

need_user_init()
Returns True if the slot needs to be logged into by the user by providing their pin, False otherwise.
 
user_disable()
Prevents the slot from being used, and sets disable reason to PK11_DIS_USER_SELECTED.
 
user_enable()
Allow all mechanisms that are ON before `PK11Slot.user_disable()` was called to be available again.

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Properties [hide private]
  slot_name
slot name
  token_name
token name

Inherited from object: __class__

Method Details [hide private]

__init__(...)
(Constructor)

 
x.__init__(...) initializes x; see x.__class__.__doc__ for signature

Overrides: object.__init__

__new__(T, S, ...)

 


Returns:
a new object with type S, a subtype of T

Overrides: object.__new__

authenticate(load_certs=False, user_data1=..., ...)

 
    load_certs : bool
        If True load certificates after authenticating.

Checks to see if token needs to be logged in.  If so it invokes the
password callback (set via `nss.set_password_callback()`) passing the
optional user_data parameters to the password callback.

Returns:
:Parameters:

generate_key_pair(...)

 
generate_key_pair(mechanism, key_params, token, sensitive, [user_data1, ...]) -> public_key, private_key

:Parameters:
    mechanism : int
        key mechanism enumeration constant (CKM_*)
    key_params : SecItem object or None
        SecItem key parameters. None is also valid.
    token : bool
        If true the key is a token object otherwise it's a session object.
    sensitive : bool
        If a key is sensitive, certain attributes of the key cannot be
        revealed in plaintext outside the token. It is also more
        expensive to move between tokens.
    user_dataN : object ...
        zero or more caller supplied parameters which will
        be passed to the password callback function

Generate a public and private key pair.

Example::

    # Generate a DSA key pair
    key_params = nss.KEYPQGParams()
    mechanism = nss.CKM_DSA_KEY_PAIR_GEN
    slot = nss.get_best_slot(mechanism)
    pub_key, priv_key = slot.generate_key_pair(mechanism, key_params, False, False)

    # Generate a DSA key pair
    key_params = nss.RSAGenParams()
    mechanism = nss.CKM_RSA_PKCS_KEY_PAIR_GEN
    slot = nss.get_best_slot(mechanism)
    pub_key, priv_key = slot.generate_key_pair(mechanism, key_params, False, False)

get_best_key_length(mechanism)

 
:Parameters:
    mechanism : int
        key mechanism enumeration constant (CKM_*)

Return the best key length for this slot and mechanism.
A zero result means that token knows how long the key should be,
the result is typically used with key_gen(), token_key_gen(), or
token_key_gen_with_flags()

Returns:
length

get_disabled_reason()

 
Returns a diabled reason enumerated constant (i.e. PK11_DIS_*).

May be one of:

    * PK11_DIS_NONE
    * PK11_DIS_USER_SELECTED
    * PK11_DIS_COULD_NOT_INIT_TOKEN
    * PK11_DIS_TOKEN_VERIFY_FAILED
    * PK11_DIS_TOKEN_NOT_PRESENT

Returns:
integer

has_protected_authentication_path()

 
Returns True if token has a "protected authentication path", whereby
a user can log into the token without passing a PIN through the
library, False otherwise.  An example might be a token with an
integrated key pad.

Returns:
bool

is_logged_in(user_data1=..., ...)

 
:Parameters:
    user_data1 : object ...
        zero or more caller supplied parameters which will
        be passed to the password callback function

Return True if token is logged in, False otherwise.

Returns:
bool

key_gen(...)

 
key_gen(mechanism, sec_param, key_size, [user_data1, ...]) -> PK11SymKey object

:Parameters:
    mechanism : int
        key mechanism enumeration constant (CKM_*)
    sec_param : SecItem object or None
        SecItem key parameters. None is also valid.
    key_size : int
        key length (use get_best_key_length())
    user_dataN : object ...
        zero or more caller supplied parameters which will
        be passed to the password callback function

Generate a symmetric key.

logout(...)

 
logout()l

Logs a user out of a session destroying any objects
allocated on their behalf.

user_disable()

 
Prevents the slot from being used, and sets disable reason to
PK11_DIS_USER_SELECTED.

Mechanisms that were on continue to stay on. Therefore, when the slot
is enabled again via `PK11Slot.user_enable()`, it will remember what
mechanisms needs to be turned on.

user_enable()

 
Allow all mechanisms that are ON before `PK11Slot.user_disable()` was
called to be available again. Sets disable reason to PK11_DIS_NONE.