How do I make a TLS request using a smart card from python?
I tried using python library "requests" to communicate with a smart card protected site. This means strong authentication in SSL: you must provide a client-side certificate (certificate and private key).
Since I am using a smart card, I cannot read the private key (module only), which is normal security. I can read smart card using python library PyKCS11: all certificates, public key and private key module after getting the pin.
How to mix both requests and PyKCS11?
How do I make an SSL request with a client side certificate in a smart card?
EDIT 2017/08/04
On my Mac:
- brew install openssl
- brew install opensc
- brew install engine_pkcs11
- OpenSSL
- engine dynamic -pre SO_PATH: /usr/local/Cellar/engine_pkcs11/0.1.8/lib/engines/engine_pkcs11.so -pre ID: pkcs11 -pre LIST_ADD: 1 -pre LOAD -pre MODULE_PATH: / usr / local / lib / (my specific Pkcs11 lib) .dylib
- Loaded: (pkcs11) pkcs11 engine
- s_client -engine pkcs11 -key '(slot) :( id)' -keyform engine -cert 'pem.cer' -connect (host): 443 -state -debug
- SSL confirmation ok
- engine dynamic -pre SO_PATH: /usr/local/Cellar/engine_pkcs11/0.1.8/lib/engines/engine_pkcs11.so -pre ID: pkcs11 -pre LIST_ADD: 1 -pre LOAD -pre MODULE_PATH: / usr / local / lib / (my specific Pkcs11 lib) .dylib
Now my problem is that pyOpenSSl doesn't have a function in the API to select the mechanism (like pkcs11). So I stopped. I cannot use python.
+3
source to share
1 answer
I would try using:
- OpenSSL with PKCS # 11 (possibly using the pkcs11 engine https://github.com/OpenSC/libp11 )
- pyOpenSSL
0
source to share