Skip to content

msetina/pyhanko-eoi-plugin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
.github
.github
 
 
pyhanko_eoi
pyhanko_eoi
 
 
pyhanko_eoi_tests
pyhanko_eoi_tests
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.rst
README.rst
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

pyhanko-eoi-plugin

Introduction

This package provides a plugin for pyHanko's PDF signing CLI. The implementation is a very thin convenience wrapper around the PKCS#11 functionality included within the "core" pyHanko library.

Installation

Assuming you are installing with pip, running pip install pyhanko-eoi-plugin will install both pyHanko and the plugin. If you already have a working pyHanko install, take care to ensure that the plugin is installed in the same Python environment.

PyHanko makes use of Python's package entry point mechanism to discover plugins, so installing both side-by-side should suffice. To test whether everything works, run pyhanko sign addsig and verify that eoi appears in the list of subcommands.

Installation troubleshooting

If you're having issues getting the plugin autodection to work, you can also add the following snippet to your PyHanko configuration file:

plugins:
  - pyhanko_eoi.cli:EOIPlugin

This will work as long as you ensure that pyhanko_eoi is importable.

Signing a PDF file using a Slovenian eOI card

To sign a PDF file using your eOI card and pyHanko's CLI (with this plugin), use the eoi subcommand to addsig, with the --lib parameter to tell pyHanko where to look for the eOI PKCS#11 library.

Note

Of course, you can also use the pkcs11 subcommand, but eoi provides an extra layer of convenience.

On Linux, it is named opensc-pkcs11.so and can usually be found under /usr/lib or /usr/local/lib. On macOS, it is named opensc-pkcs11.so, and can similarly be found under /Library/OpenSC/lib. The Windows version is typically installed to C:\Program Files\OpenSC Project\OpenSC\pkcs11 and is called opensc-pkcs11.dll. Official (IDProtect) typical install has its PKCS11 library in C:\Windows\System32 with a name asepkcs.dll

On Linux, this boils down to the following:

pyhanko sign addsig --field Sig1 eoi \
    --lib /path/to/opensc-pkcs11.so input.pdf output.pdf

Warning

This command will produce a non-repudiable signature using the 'Signature' certificate on your eOI card. These signatures are legally equivalent to a normal "wet" signature wherever they are allowed, so use them with care.

In particular, you should only allow software you trust[1] to use the 'Signature' certificate!

[1]This obviously also applies to pyHanko itself.

About

Plugin for pyHanko supporting Slovenian eOI

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Contributors 2

  •  
  •  

Languages