pdftools_sdk.crypto.providers.pkcs11.module

Classes

Module(handle)

The PKCS#11 driver module

class pdftools_sdk.crypto.providers.pkcs11.module.Module(handle)

Bases: _NativeObject

The PKCS#11 driver module

The PKCS#11 driver module (middleware) manages the cryptographic devices of a particular type.

Note: The PKCS#11 interface requires special handling of the driver modules:

• In each application, the module can only be loaded once, so there can only be a single Module instance for each driver. Since this object is fully thread-safe, it might be used by multiple threads though.

• The object must be closed before the application terminates.

static load(library: str) → Module

Load a PKCS#11 driver module

Parameters:

library (str) –

The name or path to the driver module (middleware). This can be found in the documentation of your cryptographic device.

Examples:

• For Securosys SA Primus HSM or CloudsHSM use primusP11.dll on Windows and libprimusP11.so on Linux.

• For Google Cloud HSM (Cloud KMS) use libkmsp11.so and pdftools_sdk.crypto.providers.pkcs11.session.Session.create_signature_from_key_label()

• For SafeNet Luna HSM use cryptoki.dll on Windows or libCryptoki2_64.so on Linux/UNIX.

• The CardOS API from Atos (Siemens) uses siecap11.dll

• The IBM 4758 cryptographic coprocessor uses cryptoki.dll

• Devices from Aladdin Ltd. use etpkcs11.dll

Return type:

pdftools_sdk.crypto.providers.pkcs11.module.Module

Raises:

• pdftools_sdk.not_found_error.NotFoundError – The library cannot be found.

• pdftools_sdk.exists_error.ExistsError – The module has been loaded already by this application.

• ValueError – The given library is not a PKCS#11 driver module.

property enable_full_parallelization: bool

Enable full parallelization

The PKCS#11 standard specifies that “an application can specify that it will be accessing the library concurrently from multiple threads, and the library must […] ensure proper thread-safe behavior.” However, some PKCS#11 modules (middleware) implementations are not thread-safe. For this reason, the SDK synchronizes all access to the module. If the middleware is thread-safe, full parallel usage of the cryptographic device can be enabled by setting this property to True and thereby improving the performance.

Default is False

Returns:

bool

property devices: DeviceList

The list of devices managed by this module

Most often there is only a single device, so the method pdftools_sdk.crypto.providers.pkcs11.device_list.DeviceList.get_single() can be used.

Returns:

pdftools_sdk.crypto.providers.pkcs11.device_list.DeviceList