Hello,
I'm testing a softHSM2 setup with the following code on rhel 9.4 system
running in FIPS mode:
import pkcs11
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
lib = pkcs11.lib("/usr/local/lib/softhsm/libsofthsm2.so")
token = lib.get_token(token_label='MyToken')
with token.open(rw=True, user_pin="your_pin") as session:
key = session.generate_key(pkcs11.KeyType.AES, 256,
label="MySymmetricKey", template={Attribute.SENSITIVE: False,
Attribute.EXTRACTABLE: True,}, store=True)
data = b"Hello, world!"
iv = os.urandom(16)
cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
encryptor = cipher.encryptor()
ciphertext = encryptor.update(data) + encryptor.finalize()
decryptor = cipher.decryptor()
plaintext = decryptor.update(ciphertext) + decryptor.finalize()
print("Plaintext:", plaintext)
When I run the above code, I get the following key type error:
TypeError: memoryview: a bytes-like object is required, not 'SecretKey'
While I understand that the AES Cipher() method doesn't like the key
format, I don't know how to convert the key from session.generate_key()
method to a format that's acceptable.
I also tried using the key[Attribute.VALUE] but no luck!
Thanks in advance!
Best,
PE
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev
