larry

Table of contents

Installation

• MacOS
• Linux

Setup

• Testing

Running the web app

Installation

MacOS

Using brew (homepage)

$ brew install softhsm python
$ pip3 install python-pkcs11
# To make this permanent, add to .bash_profile or .bashrc
$ export PKCS11_LIBRARY_PATH=$(brew --prefix softhsm)/lib/softhsm/libsofthsm2.so

Linux

apt-get update
apt-get install -y softhsm2 git-core build-essential cmake libssl-dev libseccomp-dev

Setup

Setup environment (if not done already):

# To make this permanent, add to .bash_profile or .bashrc
$ export PKCS11_LIBRARY_PATH=<PATH TO SOFTHSM LIBRARY>

Create a softhsm token:

$ softhsm2-util --init-token --slot 0 --label larry --pin 1234 --so-pin 0000

Testing (source)

import pkcs11
import os

# Setup HSM
# Note that, you can supply the full path of the library instead of using os.environ.
lib = pkcs11.lib(os.environ['PKCS11_LIBRARY_PATH'])
token = lib.get_token(token_label='larry')

# Test encryption/decryption
with token.open(user_pin='1234') as session:
    # Setup key
    key = session.generate_key(pkcs11.KeyType.AES, 256)
    iv = session.generate_random(128)  # AES blocks are fixed at 128 bits

    # Encrypt/decrypt
    ciphertext = key.encrypt(b'INPUT DATA', mechanism_param=iv)
    plaintext = key.decrypt(ciphertext, mechanism_param=iv)

    # Print the stuff!
    print("Cipher text: ", end="")
    print(ciphertext)
    print("Plain text: " + plaintext.decode("utf-8"))

Running the web app

Clone and start web2py by doing,

$ git clone https://github.com/pjwoodard/larry
$ cd larry
$ ./start.sh

The web app should be running at, 127.0.0.1:8080/larry/default/index. The default admin password is password.

Credits

This project made heavy use of the MIT licensed AdminLTE template for its good looks.

AdminLTE offers Admin Dashboard templates for websites and applications, both free and pair versions are available.

More information about AdminLTE can be found at https://adminlte.io/