You are viewing information archived from Mozilla.org on 2014-10-02.

Package nss :: Module nss :: Class PK11Slot

Class PK11Slot

object --+
         |
        PK11Slot

An object representing a PKCS #11 Slot

Instance Methods

[hide private]

__init__(...)
x.__init__(...) initializes x; see help(type(x)) for signature

a new object with type S, a subtype of T

__new__(T, S, ...)

Parameters:

authenticate(load_certs=False, user_data1=..., ...)
If True load certificates after authenticating.

generate_key_pair(...)
generate_key_pair(mechanism, key_params, token, sensitive, [user_data1, ...]) -> public_key, private_key

length

get_best_key_length(mechanism)
Return the best key length for this slot and mechanism.

mechanism

get_best_wrap_mechanism()
Find the best key wrap mechanism for this slot.

integer

get_disabled_reason()
Returns a diabled reason enumerated constant (i.e.

bool

has_protected_authentication_path()
Returns True if token has a "protected authentication path", whereby a user can log into the token without passing a PIN through the library, False otherwise.

bool

has_root_certs()
Returns True if the slot contains the root certificate , False otherwise.

bool

is_disabled()
Returns True if the slot is disabled, False otherwise.

bool

is_friendly()
Returns True if the slot allows certificates to be read without logging in to the token, False otherwise.

bool

is_hw()
Returns True if the slot is implemented in hardware, False otherwise.

bool

is_internal()
Returns True if the the slot is internal, False otherwise.

bool

is_logged_in(user_data1=..., ...)
Return True if token is logged in, False otherwise.

bool

is_present()
Returns True if the slot's token present, False otherwise.

bool

is_read_only()
Returns True if the the slot is read-only, False otherwise.

bool

is_removable()
Returns True if the token is removable, False otherwise.

key_gen(...)
key_gen(mechanism, sec_param, key_size, [user_data1, ...]) -> PK11SymKey object

(Certificate, ...)

list_certs()
Returns a tuple of Certificate objects found in the slot.

logout(...)
logout()l

bool

need_login()
Returns True if there are some cryptographic functions that a user must be logged in to perform, False otherwise.

bool

need_user_init()
Returns True if the slot needs to be logged into by the user by providing their pin, False otherwise.

user_disable()
Prevents the slot from being used, and sets disable reason to PK11_DIS_USER_SELECTED.

user_enable()
Allow all mechanisms that are ON before PK11Slot.user_disable() was called to be available again.

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Properties

[hide private]

slot_name
slot name

token_name
token name

Inherited from object: __class__

Method Details

[hide private]

init(...)
(Constructor)

x.__init__(...) initializes x; see help(type(x)) for signature

Overrides: object.__init__

new(T, S, ...)

Returns: a new object with type S, a subtype of T
Overrides: object.__new__

authenticate(load_certs=False, user_data1=..., ...)

load_certs : bool

If True load certificates after authenticating.

Checks to see if token needs to be logged in. If so it invokes the password callback (set via nss.set_password_callback()) passing the optional user_data parameters to the password callback.

Returns: Parameters:

generate_key_pair(...)

generate_key_pair(mechanism, key_params, token, sensitive, [user_data1, ...]) -> public_key, private_key

Generate a public and private key pair.

Example:

# Generate a DSA key pair
key_params = nss.KEYPQGParams()
mechanism = nss.CKM_DSA_KEY_PAIR_GEN
slot = nss.get_best_slot(mechanism)
pub_key, priv_key = slot.generate_key_pair(mechanism, key_params, False, False)

# Generate a DSA key pair
key_params = nss.RSAGenParams()
mechanism = nss.CKM_RSA_PKCS_KEY_PAIR_GEN
slot = nss.get_best_slot(mechanism)
pub_key, priv_key = slot.generate_key_pair(mechanism, key_params, False, False)

Parameters:

mechanism (int) - key mechanism enumeration constant (CKM_*)
key_params (SecItem object or None) - SecItem key parameters. None is also valid.
token (bool) - If true the key is a token object otherwise it's a session object.
sensitive (bool) - If a key is sensitive, certain attributes of the key cannot be revealed in plaintext outside the token. It is also more expensive to move between tokens.
user_dataN (object ...) - zero or more caller supplied parameters which will be passed to the password callback function

get_best_key_length(mechanism)

Return the best key length for this slot and mechanism. A zero result means that token knows how long the key should be, the result is typically used with key_gen(), token_key_gen(), or token_key_gen_with_flags()

Parameters:

mechanism (int) - key mechanism enumeration constant (CKM_*)

Returns: length

get_disabled_reason()

Returns a diabled reason enumerated constant (i.e. PK11_DIS_*).

May be one of:

PK11_DIS_NONE

PK11_DIS_USER_SELECTED

PK11_DIS_COULD_NOT_INIT_TOKEN

PK11_DIS_TOKEN_VERIFY_FAILED

PK11_DIS_TOKEN_NOT_PRESENT

Returns: integer

has_protected_authentication_path()

Returns True if token has a "protected authentication path", whereby a user can log into the token without passing a PIN through the library, False otherwise. An example might be a token with an integrated key pad.

Returns: bool

is_logged_in(user_data1=..., ...)

Return True if token is logged in, False otherwise.

Parameters:

user_data1 (object ...) - zero or more caller supplied parameters which will be passed to the password callback function

Returns: bool

key_gen(...)

key_gen(mechanism, sec_param, key_size, [user_data1, ...]) -> PK11SymKey object

Generate a symmetric key.

Parameters:

mechanism (int) - key mechanism enumeration constant (CKM_*)
sec_param (SecItem object or None) - SecItem key parameters. None is also valid.
key_size (int) - key length (use get_best_key_length())
user_dataN (object ...) - zero or more caller supplied parameters which will be passed to the password callback function

logout(...)

logout()l

Logs a user out of a session destroying any objects allocated on their behalf.

user_disable()

Prevents the slot from being used, and sets disable reason to PK11_DIS_USER_SELECTED.

Mechanisms that were on continue to stay on. Therefore, when the slot is enabled again via PK11Slot.user_enable(), it will remember what mechanisms needs to be turned on.

user_enable()

Allow all mechanisms that are ON before PK11Slot.user_disable() was called to be available again. Sets disable reason to PK11_DIS_NONE.

Class PK11Slot

__init__(...) (Constructor)

__new__(T, S, ...)

authenticate(load_certs=False, user_data1=..., ...)

generate_key_pair(...)

get_best_key_length(mechanism)

get_disabled_reason()

has_protected_authentication_path()

is_logged_in(user_data1=..., ...)

key_gen(...)

logout(...)

user_disable()

user_enable()

init(...)
(Constructor)

new(T, S, ...)