Skip to content

Commit c6d442d

Browse files
author
Danielle Madeley
committed
Update documentation for move to asn1crypto
[skip ci]
1 parent 886ff57 commit c6d442d

File tree

5 files changed

+20
-22
lines changed

5 files changed

+20
-22
lines changed

docs/applied.rst

Lines changed: 7 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -321,7 +321,8 @@ PEM
321321
a standard for handling cryptographic objects. It is a base64 encoded version
322322
of the binary DER object. The label indicates the type of object, and thus
323323
what ASN.1 model to use. `python-pkcs11` does not include PEM parsing,
324-
you should include another package if required.
324+
you should include another package if required. :mod:`asn1crypto.pem` is a
325+
dependency of `python-pkcs11`.
325326

326327
Getting a Session
327328
-----------------
@@ -656,17 +657,16 @@ Both specifications are specified using the same `attribute`:
656657
public, private = parameters.generate_keypair()
657658

658659

659-
Named curves (e.g. `prime256v1`) can be specified like this:
660+
Named curves (e.g. `secp256r1`) can be specified like this:
660661

661662
::
662663

663664
from pkcs11 import Attribute
664665
from pkcs11.util.ec import encode_named_curve_parameters
665-
from pyasn1_modules.rfc3279 import prime256v1
666666

667667

668668
parameters = session.create_domain_parameters(KeyType.EC, {
669-
Attribute.EC_PARAMS: encode_named_curve_parameters(prime256v1)
669+
Attribute.EC_PARAMS: encode_named_curve_parameters('secp256r1')
670670
}, local=True)
671671

672672
Key pairs can be generated from the domain parameters:
@@ -702,11 +702,10 @@ DER-encoded into attributes that can be used with
702702
.. note::
703703

704704
PEM certificates are base64-encoded versions of the canonical DER-encoded
705-
forms used in `python-pkcs11`. Converting between PEM and DER is beyond the
706-
scope of `python-pkcs11`.
705+
forms used in `python-pkcs11`. Conversion between PEM and DER can be
706+
achieved using `asn1crypto.pem
707+
<https://github.com/wbond/asn1crypto/blob/master/docs/pem.md>`_.
707708

708-
:mod:`pyasn1` and :mod:`pyasn1_modules` are required to import and export
709-
DER-encoded objects.
710709

711710
AES/DES
712711
~~~~~~~

docs/opensc.rst

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -73,12 +73,10 @@ EC
7373

7474
::
7575

76-
from pyasn1_modules.rfc3279 import prime256v1
77-
7876
with token.open(user_pin='1234', rw=True) as session:
7977
ecparams = session.create_domain_parameters(
8078
pkcs11.KeyType.EC, {
81-
pkcs11.Attribute.EC_PARAMS: pkcs11.util.ec.encode_named_curve_parameters(prime256v1),
79+
pkcs11.Attribute.EC_PARAMS: pkcs11.util.ec.encode_named_curve_parameters('secp256r1'),
8280
}, local=True)
8381

8482
pub, priv = ecparams.generate_keypair(store=True,

pkcs11/constants.py

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -256,20 +256,20 @@ class Attribute(IntEnum):
256256
"""
257257
DER-encoded ANSI X9.62 Elliptic-Curve domain parameters (:class:`bytes`).
258258
259-
These can be output by OpenSSL (for named curves):
259+
These can packed using :mod:`pkcs11.util.ec.encode_named_curve_parameters`:
260260
261261
::
262262
263-
openssl ecparam -outform der -name <curve name> | base64
263+
from pkcs11.util.ec import encode_named_curve_parameters
264+
265+
ecParams = encode_named_curve_parameters('secp256r1')
264266
265-
Or packed using :mod:`pyasn1`:
267+
Or output by OpenSSL:
266268
267269
::
268270
269-
from pyasn1_modules.rfc3279 import prime256v1
270-
from pkcs11.ecutils import encode_named_curve_parameters
271+
openssl ecparam -outform der -name <curve name> | base64
271272
272-
ecParams = encode_named_curve_parameters(prime256v1)
273273
"""
274274

275275
EC_POINT = 0x00000181

pkcs11/util/__init__.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
def biginteger(value):
22
"""
33
Returns a PKCS#11 biginteger bytestream from a Python integer or
4-
similar type (e.g. :class:`pyasn1.type.univ.Integer`).
4+
similar type (e.g. :class:`asn1crypto.core.Integer`).
55
66
:param int value: Value
77
:rtype: bytes
88
"""
99

10-
value = int(value) # In case it's a PyASN1 type or similar
10+
value = int(value) # In case it's a asn1 type or similar
1111

1212
return value.to_bytes((value.bit_length() + 7) // 8,
1313
byteorder='big')

pkcs11/util/ec.py

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,10 +20,11 @@ def encode_named_curve_parameters(oid):
2020
"""
2121
Return DER-encoded ANSI X.62 EC parameters for a named curve.
2222
23-
Curve names are given by object identifier and can be found in
24-
:mod:`pyasn1_modules.rfc3279`.
23+
Curve names are given by object identifier or common name. Names come
24+
from `asn1crypto
25+
<https://github.com/wbond/asn1crypto/blob/master/asn1crypto/keys.py#L338>`_.
2526
26-
:param str curve: named curve
27+
:param str oid: OID or named curve
2728
:rtype: bytes
2829
"""
2930
return ECDomainParameters(

0 commit comments

Comments
 (0)