python-beid-plugin
==================
Introduction
^^^^^^^^^^^^
This package provides a plugin for `pyHanko <https://github.com/MatthiasValvekens/pyHanko>`_'s
PDF signing CLI. The implementation is a very thin convenience wrapper around the PKCS#11
functionality included within the "core" pyHanko library.
It used to be part of pyHanko's core feature set until version 0.22.0 for historical reasons.
Installation
^^^^^^^^^^^^
Assuming you are installing with ``pip``, running
``pip install pyhanko-beid-plugin`` will install both pyHanko and the plugin.
If you already have a working pyHanko install, take care to ensure that
the plugin is installed in the same Python environment.
PyHanko makes use of Python's package entry point mechanism to discover
plugins, so installing both side-by-side should suffice. To test whether
everything works, run ``pyhanko sign addsig`` and verify that ``beid``
appears in the list of subcommands.
Installation troubleshooting
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you're having issues getting the plugin autodection to work, you can
also add the following snippet to your PyHanko configuration file:
.. code-block:: yaml
plugins:
- pyhanko_beid.cli:BEIDPlugin
This will work as long as you ensure that ``pyhanko_beid`` is importable.
Signing a PDF file using a Belgian eID card
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
To sign a PDF file using your eID card and pyHanko's CLI (with this plugin),
use the ``beid`` subcommand to ``addsig``, with the ``--lib`` parameter to
tell pyHanko where to look for the eID PKCS#11 library.
.. note::
Of course, you can also use the ``pkcs11`` subcommand, but ``beid`` provides an extra layer
of convenience.
On Linux, it is named ``libbeidpkcs11.so`` and can usually be found under
``/usr/lib`` or ``/usr/local/lib``.
On macOS, it is named ``libbeidpkcs11.dylib``, and can similarly be found under
``/usr/local/lib``.
The Windows version is typically installed to ``C:\Windows\System32`` and is
called ``beidpkcs11.dll``.
On Linux, this boils down to the following:
.. code-block:: bash
pyhanko sign addsig --field Sig1 beid \
--lib /path/to/libbeidpkcs11.so input.pdf output.pdf
On all platforms, the eID middleware will prompt you to enter your PIN to create
the signature.
.. warning::
This command will produce a non-repudiable signature using the 'Signature'
certificate on your eID card (as opposed to the 'Authentication'
certificate). These signatures are legally equivalent to
a normal "wet" signature wherever they are allowed, so use them with care.
In particular, you should only allow software you trust\ [#disclaimer]_
to use the 'Signature' certificate!
.. warning::
You should also be aware that your national registry number
(rijksregisternummer, no. de registre national) is embedded into the
metadata of the signature certificate on your eID card\ [#nnserial]_.
As such, it can also be **read off from any digital signature you create**.
While national registry numbers aren't secret per se, they are nevertheless
often considered sensitive personal information, so you may want to be
careful where you send documents containing your eID signature or that
of someone else.
.. [#disclaimer]
This obviously also applies to pyHanko itself.
.. [#nnserial]
In the current implementation, the certificate's serial number is in fact
equal to the holder's national registry number.
Raw data
{
"_id": null,
"home_page": "",
"name": "pyhanko-beid-plugin",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": "Matthias Valvekens <dev@mvalvekens.be>",
"keywords": "signature,pdf,digital-signature,pkcs11",
"author": "",
"author_email": "Matthias Valvekens <dev@mvalvekens.be>",
"download_url": "https://files.pythonhosted.org/packages/63/6d/955cf1824153418016abee7a6f9823ffb9220a86c6e96aca5488358a5d6e/pyhanko-beid-plugin-0.1.0.tar.gz",
"platform": null,
"description": "python-beid-plugin\n==================\n\n\nIntroduction\n^^^^^^^^^^^^\n\nThis package provides a plugin for `pyHanko <https://github.com/MatthiasValvekens/pyHanko>`_'s\nPDF signing CLI. The implementation is a very thin convenience wrapper around the PKCS#11\nfunctionality included within the \"core\" pyHanko library.\n\nIt used to be part of pyHanko's core feature set until version 0.22.0 for historical reasons.\n\n\nInstallation\n^^^^^^^^^^^^\n\nAssuming you are installing with ``pip``, running\n``pip install pyhanko-beid-plugin`` will install both pyHanko and the plugin.\nIf you already have a working pyHanko install, take care to ensure that\nthe plugin is installed in the same Python environment.\n\nPyHanko makes use of Python's package entry point mechanism to discover\nplugins, so installing both side-by-side should suffice. To test whether\neverything works, run ``pyhanko sign addsig`` and verify that ``beid``\nappears in the list of subcommands.\n\n\nInstallation troubleshooting\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nIf you're having issues getting the plugin autodection to work, you can\nalso add the following snippet to your PyHanko configuration file:\n\n.. code-block:: yaml\n\n plugins:\n - pyhanko_beid.cli:BEIDPlugin\n\n\nThis will work as long as you ensure that ``pyhanko_beid`` is importable.\n\n\n\nSigning a PDF file using a Belgian eID card\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nTo sign a PDF file using your eID card and pyHanko's CLI (with this plugin),\nuse the ``beid`` subcommand to ``addsig``, with the ``--lib`` parameter to\ntell pyHanko where to look for the eID PKCS#11 library.\n\n.. note::\n Of course, you can also use the ``pkcs11`` subcommand, but ``beid`` provides an extra layer\n of convenience.\n\nOn Linux, it is named ``libbeidpkcs11.so`` and can usually be found under\n``/usr/lib`` or ``/usr/local/lib``.\nOn macOS, it is named ``libbeidpkcs11.dylib``, and can similarly be found under\n``/usr/local/lib``.\nThe Windows version is typically installed to ``C:\\Windows\\System32`` and is\ncalled ``beidpkcs11.dll``.\n\n\nOn Linux, this boils down to the following:\n\n.. code-block:: bash\n\n pyhanko sign addsig --field Sig1 beid \\\n --lib /path/to/libbeidpkcs11.so input.pdf output.pdf\n\nOn all platforms, the eID middleware will prompt you to enter your PIN to create\nthe signature.\n\n\n.. warning::\n This command will produce a non-repudiable signature using the 'Signature'\n certificate on your eID card (as opposed to the 'Authentication'\n certificate). These signatures are legally equivalent to\n a normal \"wet\" signature wherever they are allowed, so use them with care.\n\n In particular, you should only allow software you trust\\ [#disclaimer]_\n to use the 'Signature' certificate!\n\n\n.. warning::\n You should also be aware that your national registry number\n (rijksregisternummer, no. de registre national) is embedded into the\n metadata of the signature certificate on your eID card\\ [#nnserial]_.\n As such, it can also be **read off from any digital signature you create**.\n While national registry numbers aren't secret per se, they are nevertheless\n often considered sensitive personal information, so you may want to be\n careful where you send documents containing your eID signature or that\n of someone else.\n\n.. [#disclaimer]\n This obviously also applies to pyHanko itself.\n\n.. [#nnserial]\n In the current implementation, the certificate's serial number is in fact\n equal to the holder's national registry number.\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "pyHanko plugin for Belgian ID cards",
"version": "0.1.0",
"project_urls": {
"Homepage": "https://github.com/MatthiasValvekens/pyhanko-beid-plugin",
"Issue Tracker": "https://github.com/MatthiasValvekens/pyHanko/issues",
"Source Code": "https://github.com/MatthiasValvekens/pyhanko-beid-plugin"
},
"split_keywords": [
"signature",
"pdf",
"digital-signature",
"pkcs11"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "26a46fb1935463bf3603997d14bb2ad66f53cb5174f6b459e77c21aaad239437",
"md5": "4bffe9013c09bb6da2a30b78ec44eb51",
"sha256": "25704686436bf3b95fd2508d351c024ac06ccafb73531b3eb46fd19d7245eaa5"
},
"downloads": -1,
"filename": "pyhanko_beid_plugin-0.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "4bffe9013c09bb6da2a30b78ec44eb51",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 6604,
"upload_time": "2024-03-10T18:43:00",
"upload_time_iso_8601": "2024-03-10T18:43:00.460664Z",
"url": "https://files.pythonhosted.org/packages/26/a4/6fb1935463bf3603997d14bb2ad66f53cb5174f6b459e77c21aaad239437/pyhanko_beid_plugin-0.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "636d955cf1824153418016abee7a6f9823ffb9220a86c6e96aca5488358a5d6e",
"md5": "e9cfa1419e30ebf64c2f9127d79ac6a2",
"sha256": "2d12c102fb61fa09b512a0e97492be42cc97fbc427adc6adc5d552322c2b3e81"
},
"downloads": -1,
"filename": "pyhanko-beid-plugin-0.1.0.tar.gz",
"has_sig": false,
"md5_digest": "e9cfa1419e30ebf64c2f9127d79ac6a2",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 5983,
"upload_time": "2024-03-10T18:43:02",
"upload_time_iso_8601": "2024-03-10T18:43:02.147992Z",
"url": "https://files.pythonhosted.org/packages/63/6d/955cf1824153418016abee7a6f9823ffb9220a86c6e96aca5488358a5d6e/pyhanko-beid-plugin-0.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-10 18:43:02",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "MatthiasValvekens",
"github_project": "pyhanko-beid-plugin",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "pyhanko-beid-plugin"
}