OPTIGA™ Trust M Host Library for Python
The optigatrust
python module is a ctypes based Python wrapper to work with the OPTIGA™ Trust M security solutions.
Introduction
This Python module is based on the OPTIGA™ Trust M Host Library for C. The host library is pre-compiled for different communication interfaces and operating systems and integrated via ctypes.
For an overview on the features of the OPTIGA™ Trust M security solutions, please also visit the OPTIGA™ Trust M Overview Repository.
Currently, the following combinations of communiation interfaces and and operating systems are supported.
Interface/OS |
Windows |
Linux |
---|---|---|
I2C |
No |
Yes |
UART |
Yes |
Yes |
LibUSB |
Yes |
Yes |
Required Hardware
The following hardware is used for the respective communication interfaces
Interface |
Host Hardware |
Adapter |
---|---|---|
I2C |
||
UART |
||
LibUSB |
PC |
OPTIGA™ Trust Personalisation Board, or any FTDI USB-HID/I2C Converter board |
I2C
This variant is available in combination of host hardware and adapter as OPTIGA™ Trust M1/M3/Charge EvalKit (see Provisioning mode for details).
UART
This variant is tested with Raspberry Pi 3.
NOTE: If you use any of the embedded Linux as a Host, please don’t forget to enable i2c support in your kernel (RPi3: via `raspi-config` command), as well as add your user to the gpio group (RPi3: via `sudo adduser pi gpio`) `RaspberryPi3 Connection Example`_.
LibUSB
This variant can run directly from a normal host (Windows or Linux) and depends on the LibUSB library.
Installation
$ pip install optigatrust
Testing
Tests are written using pytest and oscrypto and require these packages to be installed:
$ pip3 install pytest oscrypto
$ git clone --recurse-submodules https://github.com/Infineon/python-optiga-trust
...
$ cd python-optiga-trust
$ cd tests
$ pytest
To run only some tests, pass a regular expression as a parameter to tests.
$ pytest test_rand.py
Dependencies
Python 3.7+
CSR and X509 Handling - asn1crypto
For tests - oscrypto, cryptography
XML handling in export module jinja2
Keys wrap/unwrap operations cryptography