Welcome to infineon/python-optiga-trust
¶
optigatrust
python module is a ctypes based wrapper to work with the OPTIGA™ Trust security solutions.
Dependencies¶
Python 3.7+
CSR and X509 Handling - asn1crypto
For tests - oscrypto, cryptography
XML handling in export module jinja2
Keys wrap/unwrap operations cryptography
How does it work¶
This python module comes with a set of shared libraries, which are precompiled for different communication interfaces. The shared libraries are fully based on the official framework. This module doesn’t simply implement bindings for the library, but add many more things on top. See Documentation. In the end the module supports the following combinations
Interface/OS |
Windows |
Linux |
EvalKit |
Yes |
No |
PersoBoard |
Yes |
Yes |
Raw I2C |
No |
Yes |
Required Hardware¶
- Any of the following
OPTIGA™ Trust M1/M3/Charge EvalKit. See Provisioning mode for details.
OPTIGA™ Trust Personalisation Board, or any FTDI USB-HID/I2C Converter board
Raspberry Pi + Shield2Go RPi Adapter
OPTIGA™ Trust X/M/Charge sample or a Security Shield2Go
Note: If you use any of the embedded Linux as a Host, please don’t forget to enable i2c support in your kernel (RPi3: via raspi-config command), as well as add your user to the gpio group (RPi3: via sudo adduser pi gpio) RaspberryPi3 Connection Example.
Installation¶
$ pip install optigatrust
Testing¶
Tests are written using pytest and oscrypto and require these packages to be installed:
$ pip3 install pytest oscrypto
$ git clone --recurse-submodules https://github.com/Infineon/python-optiga-trust
...
$ cd python-optiga-trust
$ cd tests
$ pytest
To run only some tests, pass a regular expression as a parameter to tests.
$ pytest test_rand.py
- 1. OPTIGA™ Trust management
- 2. Object and Metadata management
- 3. Cryptography
- 3.1. True random number generation
- 3.2. Keypair generation (ECC, RSA)
- 3.3. Elliptic Curve Digital Signature Algorithm (ECDSA)
- 3.4. PKCS1 v1.5 Signature generation (RSA SSA)
- 3.5. Elliptic Curve Diffie-Hellman (ECDH)
- 3.6. Hash-based Message Authentication Code (HMAC)
- 3.7. Key Derivation (HKDF, TLS PRF)
- 3.8. API
- 4. CRS (Certificate Signing Request)
- 5. Export or Import Chip (Meta)Data
- 6. Porting to non-Raspberry Linux
- 7. Enable the provisioning mode on your Evaluation Kit
- 8. Copyrights and Licenses