https://github.com/space88man/cryptography_engine, prior to pyca/cryptography release 2.6, provided a relatively clean Python wrapper to access and utilize HSM objects through the PKCS11 interface.
https://github.com/pyca/cryptography/pull/4768/files removed the ENGINE_load_builtin_engines() binding, which appeared to be necessary for the wrapper's operation. OpenSSL still appears to have that function in its library. (Other required bindings may also have been removed; further research is needed.)
In #4446, it was suggested that having HSM support and upstreaming the wrapper code might be possible.
What might be the next steps to towards getting stable PKCS11-based HSM support in pyca/cryptography?
https://github.com/space88man/cryptography_engine, prior to pyca/cryptography release 2.6, provided a relatively clean Python wrapper to access and utilize HSM objects through the PKCS11 interface.
https://github.com/pyca/cryptography/pull/4768/files removed the ENGINE_load_builtin_engines() binding, which appeared to be necessary for the wrapper's operation. OpenSSL still appears to have that function in its library. (Other required bindings may also have been removed; further research is needed.)
In #4446, it was suggested that having HSM support and upstreaming the wrapper code might be possible.
What might be the next steps to towards getting stable PKCS11-based HSM support in pyca/cryptography?