{"id":38603226,"url":"https://github.com/polhenarejos/pycvc","last_synced_at":"2026-01-17T08:35:37.178Z","repository":{"id":57750613,"uuid":"524752265","full_name":"polhenarejos/pycvc","owner":"polhenarejos","description":"Card Verifiable Certificates (CVC) tools for Python","archived":false,"fork":false,"pushed_at":"2024-04-17T12:18:42.000Z","size":224,"stargazers_count":17,"open_issues_count":2,"forks_count":4,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-09-29T05:04:15.180Z","etag":null,"topics":["certification","cryptography","cvc","eidas"],"latest_commit_sha":null,"homepage":"https://www.picokeys.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/polhenarejos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null},"funding":{"github":"polhenarejos","custom":["https://www.paypal.me/polhenarejos"]}},"created_at":"2022-08-14T18:42:23.000Z","updated_at":"2025-08-16T14:34:07.000Z","dependencies_parsed_at":"2022-08-26T09:30:21.828Z","dependency_job_id":null,"html_url":"https://github.com/polhenarejos/pycvc","commit_stats":{"total_commits":59,"total_committers":2,"mean_commits":29.5,"dds":0.06779661016949157,"last_synced_commit":"7291c80e73e46b6421ccb79b96a5d75af3219486"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/polhenarejos/pycvc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polhenarejos%2Fpycvc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polhenarejos%2Fpycvc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polhenarejos%2Fpycvc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polhenarejos%2Fpycvc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/polhenarejos","download_url":"https://codeload.github.com/polhenarejos/pycvc/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polhenarejos%2Fpycvc/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28504367,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T06:57:29.758Z","status":"ssl_error","status_checked_at":"2026-01-17T06:56:03.931Z","response_time":85,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certification","cryptography","cvc","eidas"],"created_at":"2026-01-17T08:35:37.088Z","updated_at":"2026-01-17T08:35:37.162Z","avatar_url":"https://github.com/polhenarejos.png","language":"Python","funding_links":["https://github.com/sponsors/polhenarejos","https://www.paypal.me/polhenarejos"],"categories":[],"sub_categories":[],"readme":"# pycvc\nCard Verifiable Certificates (CVC) tools for Python\n\n## Introduction\n\nCard Verifiable Certificates are an specification of storing electronic certificates, signed by RSA or Elliptic Curves algorithms.\n\nIn contrast to X509 certificates, CVC are more compact and are widely used by HSM cards or personal USB tokens.\n\npycvc implements the specifications of BSI TR 03110 to create CV certificates and requests.\n\npycvc can be used to make a CV request and deploy a PKI based on CVC.\n\npycvc also supports ECDH keys such as Curve25519 and Curve448.\n\n## Install\n\n```\npip install pycvc\n```\n\n## Usage\n\npycvc can be used by importing the package or calling the command line tools `cvc-create`, for CVC generation, and `cvc-print`, for displaying CVC information and verification.\n\nFor more information, execute `cvc-create` or `cvc-print` with `--help` flag.\n\n**Supported algorithms**\n- RSA\n- ECDSA\n- EdDSA\n\n**Supported curves**\n- secp192r1 (prime192v1)\n- secp224r1\n- secp256r1 (prime256v1)\n- secp384r1\n- secp521r1\n- brainpoolP256r1\n- brainpoolP384r1\n- brainpoolP512r1\n- secp256k1\n- ed25519\n- ed448\n\n**Supported schemes**\n- ECDSA_SHA_1\n- ECDSA_SHA_224\n- ECDSA_SHA_256\n- ECDSA_SHA_384\n- ECDSA_SHA_512\n- RSA_v1_5_SHA_1\n- RSA_v1_5_SHA_256\n- RSA_v1_5_SHA_512\n- RSA_PSS_SHA_1\n- RSA_PSS_SHA_256\n- RSA_PSS_SHA_512\n- EDDSA\n\nHere some examples.\n\n### Create a PKI with ECDSA\n\n`cvc-create` is the tool to create certificates or requests. Call `cvc-create --help` for a complete list of parameters.\n\n1- Setup the CA:\n```bash\nopenssl ecparam -out ZZATCVCA00001.pem -name prime256v1 -genkey\nopenssl pkcs8 -topk8 -nocrypt -in ZZATCVCA00001.pem -outform DER -out ZZATCVCA00001.pkcs8\ncvc-create --role=cvca --type=at --chr=ZZATCVCA00001 --days=365 --sign-key=ZZATCVCA00001.pkcs8 --scheme=ECDSA_SHA_256\n```\n\n2- Setup the DV:\n```bash\nopenssl ecparam -out ZZATDVCA00001.pem -name prime256v1 -genkey\nopenssl pkcs8 -topk8 -nocrypt -in ZZATDVCA00001.pem -outform DER -out ZZATDVCA00001.pkcs8\nopenssl ec -in ZZATDVCA00001.pem -out ZZATDVCA00001.pub -pubout -outform DER\ncvc-create --role=dv_domestic --type=at --chr=ZZATDVCA00001 --days=180 --sign-key=ZZATCVCA00001.pkcs8 --scheme=ECDSA_SHA_256 --sign-as=ZZATCVCA00001.cvcert --public-key=ZZATDVCA00001.pub\n```\n\n3- Create a certificate request\n```bash\nopenssl ecparam -out ZZATTERM00001.pem -name prime256v1 -genkey\nopenssl pkcs8 -topk8 -nocrypt -in ZZATTERM00001.pem -outform DER -out ZZATTERM00001.pkcs8\ncvc-create --chr=ZZATTERM00001 --scheme=ECDSA_SHA_256 --sign-key=ZZATTERM00001.pkcs8 --out-cert=ZZATTERM00001.cvreq --req-car=ZZATDVCA00001\n```\n\n4- Sign a certificate request\n```bash\ncvc-create --role=terminal --type=at --days=60 --sign-key=ZZATDVCA00001.pkcs8 --sign-as=ZZATDVCA00001.cvcert --request=ZZATTERM00001.cvreq\n```\n\n### Create a PKI with RSA\n\n`cvc-create` is the tool to create certificates or requests. Call `cvc-create --help` for a complete list of parameters.\n\n1- Setup the CA:\n```bash\nopenssl genrsa -out ZZATCVCA00001.pem 3072\nopenssl pkcs8 -topk8 -nocrypt -in ZZATCVCA00001.pem -outform DER -out ZZATCVCA00001.pkcs8\ncvc-create --role=cvca --type=at --chr=ZZATCVCA00001 --days=365 --sign-key=ZZATCVCA00001.pkcs8 --scheme=RSA_v1_5_SHA_256\n```\n\n2- Setup the DV:\n```bash\nopenssl genrsa -out ZZATDVCA00001.pem 2048\nopenssl pkcs8 -topk8 -nocrypt -in ZZATDVCA00001.pem -outform DER -out ZZATDVCA00001.pkcs8\nopenssl rsa -in ZZATDVCA00001.pem -out ZZATDVCA00001.pub -pubout -outform DER\ncvc-create --role=dv_domestic --type=at --chr=ZZATDVCA00001 --days=180 --sign-key=ZZATCVCA00001.pkcs8 --scheme=RSA_v1_5_SHA_256 --sign-as=ZZATCVCA00001.cvcert --public-key=ZZATDVCA00001.pub\n```\n\n3- Create a certificate request\n```bash\nopenssl genrsa -out ZZATTERM00001.pem 2048\nopenssl pkcs8 -topk8 -nocrypt -in ZZATTERM00001.pem -outform DER -out ZZATTERM00001.pkcs8\ncvc-create --chr=ZZATTERM00001 --scheme=RSA_v1_5_SHA_256 --sign-key=ZZATTERM00001.pkcs8 --out-cert=ZZATTERM00001.cvreq --req-car=ZZATDVCA00001\n```\n\n4- Sign a certificate request\n```bash\ncvc-create --role=terminal --type=at --days=60 --sign-key=ZZATDVCA00001.pkcs8 --sign-as=ZZATDVCA00001.cvcert --request=ZZATTERM00001.cvreq\n```\n\n### Create a PKI with EdDSA\n\n`cvc-create` is the tool to create certificates or requests. Call `cvc-create --help` for a complete list of parameters.\n\n1- Setup the CA:\n```bash\nopenssl genpkey -algorithm Ed25519 -out ZZATCVCA00001.pem\nopenssl pkcs8 -topk8 -nocrypt -in ZZATCVCA00001.pem -outform DER -out ZZATCVCA00001.pkcs8\ncvc-create --role=cvca --type=at --chr=ZZATCVCA00001 --days=365 --sign-key=ZZATCVCA00001.pkcs8\n```\n\n2- Setup the DV:\n```bash\nopenssl genpkey -algorithm Ed25519 -out ZZATDVCA00001.pem\nopenssl pkcs8 -topk8 -nocrypt -in ZZATDVCA00001.pem -outform DER -out ZZATDVCA00001.pkcs8\nopenssl pkey -in ZZATDVCA00001.pem -out ZZATDVCA00001.pub -pubout -outform DER 2\u003e/dev/null\ncvc-create --role=dv_domestic --type=at --chr=ZZATDVCA00001 --days=180 --sign-key=ZZATCVCA00001.pkcs8 --sign-as=ZZATCVCA00001.cvcert --public-key=ZZATDVCA00001.pub\n```\n\n3- Create a certificate request\n```bash\nopenssl genpkey -algorithm Ed25519 -out ZZATTERM00001.pem\nopenssl pkcs8 -topk8 -nocrypt -in ZZATTERM00001.pem -outform DER -out ZZATTERM00001.pkcs8\ncvc-create --chr=ZZATTERM00001 --sign-key=ZZATTERM00001.pkcs8 --out-cert=ZZATTERM00001.cvreq --req-car=ZZATDVCA00001\n```\n\n4- Sign a certificate request\n```bash\ncvc-create --role=terminal --type=at --days=60 --sign-key=ZZATDVCA00001.pkcs8 --sign-as=ZZATDVCA00001.cvcert --request=ZZATTERM00001.cvreq\n```\n\n### Validate certificates and requests\n\n`cvc-print` is the tool for certificate validation and verification. Call `cvc-print --help` for a complete list of parameters.\n\nThe validation is performed by veryfing all signatures in the certificate chain.\n\n1- Setup trust directory\n```bash\nmkdir certs\ncp ZZATCVCA00001.cvcert certs/ZZATCVCA00001\ncp ZZATDVCA00001.cvcert certs/ZZATDVCA00001\n```\n\n2- Validate certificates\n```bash\n$ cvc-print -d certs ZZATCVCA00001.cvcert\nCertificate:\n  Profile Identifier: 00\n  CAR: ZZATCVCA00001\n  Public Key:\n    Scheme: ECDSA_SHA_256\n    Public Point: 040e5e4d5f20ee36ac920132f7f448da353d826156e9cfd3075f9d877f9c172111a689953b9accd5011248be50ccf47480ab703b42382a7a45484fccdc738a82e7\n  CHR: ZZATCVCA00001\n  CHAT:\n    Role:  TypeAT\n    Bytes: c000000000\n  Since:   2022-08-23\n  Expires: 2023-08-23\nInner signature is VALID\nCertificate VALID\n\n$ cvc-print -d certs ZZATDVCA00001.cvcert\nCertificate:\n  Profile Identifier: 00\n  CAR: ZZATCVCA00001\n  Public Key:\n    Scheme: ECDSA_SHA_256\n    Public Point: 04b37a6588e55e9db3ea72837f4b4347028a51b1c5964ee54878bf2f856ee4abe06f1465e917c8d9ecf7170dbd61c2bc1fc37a1fa36698a33669daa6fa4c1e7400\n  CHR: ZZATDVCA00001\n  CHAT:\n    Role:  TypeAT\n    Bytes: 8000000000\n  Since:   2022-08-23\n  Expires: 2023-02-19\nInner signature is VALID\nCertificate VALID\n\n$ cvc-print -d certs ZZATTERM00001.cvreq\nCertificate:\n  Profile Identifier: 00\n  CAR: ZZATTERM00001\n  Public Key:\n    Scheme: ECDSA_SHA_256\n    Public Point: 0406358861bc93173b3931a07595eba2bbcc88b852ed0a7139067047ab8abdba9b28eb07344f4f4e8f375bdc886c86d32060e92541b4d73178f9c9c53d3d98a765\n  CHR: ZZATTERM00001\nInner signature is VALID\nCertificate VALID\n\n$ cvc-print -d certs ZZATTERM00001.cvcert\nCertificate:\n  Profile Identifier: 00\n  CAR: ZZATDVCA00001\n  Public Key:\n    Scheme: ECDSA_SHA_256\n    Public Point: 0406358861bc93173b3931a07595eba2bbcc88b852ed0a7139067047ab8abdba9b28eb07344f4f4e8f375bdc886c86d32060e92541b4d73178f9c9c53d3d98a765\n  CHR: ZZATTERM00001\n  CHAT:\n    Role:  TypeAT\n    Bytes: 00\n  Since:   2022-08-23\n  Expires: 2022-10-22\nInner signature is VALID\nCertificate VALID\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpolhenarejos%2Fpycvc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpolhenarejos%2Fpycvc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpolhenarejos%2Fpycvc/lists"}