3

I am setting up a rest client that must be trusted by a remote server using client certificate. Client written in python, running on windows 10. How can I use YubiKey 5 to store private key to encrypt SSL connection?

It seems like there is no off-the-shelf solution / python package that supports using pkcs11 for ssl context. We were able to use https://github.com/square/ghostunnel with yubikeys with client certificates, but it makes solution less secure and more complicated to deploy.

Avihai B
  • 31
  • 2
  • FWIW SSL connections are not encrypted with a private key. A session key is chosen by a key exchange protocol and used with symmetric encryption. The client certificate and its private key are used for authentication (identity verification) not for encryption. – Ben Voigt May 20 '19 at 18:05
  • @BenVoigt, thank you for the info. Can one do it in python using pkcs11? – Avihai B May 21 '19 at 19:41

0 Answers0