2002-03-24 14:12:38 +00:00
# Configuration file for OpenSC
# Example configuration file
2002-03-24 22:47:35 +00:00
# NOTE: All key-value pairs must be terminated by a semicolon.
2002-03-24 16:57:39 +00:00
# Default values for any application
2006-07-18 20:37:07 +00:00
# These can be overridden by an application
2002-03-24 16:57:39 +00:00
# specific configuration block.
2004-01-08 13:04:10 +00:00
app default {
2002-03-24 22:47:35 +00:00
# Amount of debug info to print
#
# A greater value means more debug info.
# Default: 0
#
2015-11-12 16:49:35 +00:00
#debug = 3;
2002-03-24 22:47:35 +00:00
# The file to which debug output will be written
#
2009-09-14 08:46:59 +00:00
# Special values 'stdout' and 'stderr' are recognized.
# Default: stderr
2002-03-24 22:47:35 +00:00
#
2012-06-07 16:52:03 +00:00
# debug_file = @DEBUG_FILE@
tools: fix segfault with verbose log into 'stderr'
Issue #824
In Windows, file handles (including 'stderr', 'stdout') can not be shared
between DLL-s, and so, the log handle (File *), defined in one module, cannot
be reused in another.
That is the situation when, for example, the SM is processed
in external, dynamically loadable module as it currently implemented for
IAS/ECC card.
That's for the configuration option 're-open of log file on each message' was
introduced.
This 're-open' logic has not been tested in the particular case of opensc-*
tools used with verbose log into 'stderr' -- in dynamically loaded module the
'stderr' handle, defined in the 'main' module, was not recognized as 'stderr'
and there was an attempt to close it.
closes #910
2016-11-23 10:24:41 +00:00
# Reopen debug file at the every debug message.
2012-06-07 16:52:03 +00:00
#
tools: fix segfault with verbose log into 'stderr'
Issue #824
In Windows, file handles (including 'stderr', 'stdout') can not be shared
between DLL-s, and so, the log handle (File *), defined in one module, cannot
be reused in another.
That is the situation when, for example, the SM is processed
in external, dynamically loadable module as it currently implemented for
IAS/ECC card.
That's for the configuration option 're-open of log file on each message' was
introduced.
This 're-open' logic has not been tested in the particular case of opensc-*
tools used with verbose log into 'stderr' -- in dynamically loaded module the
'stderr' handle, defined in the 'main' module, was not recognized as 'stderr'
and there was an attempt to close it.
closes #910
2016-11-23 10:24:41 +00:00
# For Windows it's forced to 'true'. The reason is that
# in Windows file handles can not be shared between DLL-s,
# each DLL has a separate file handle table.
2012-06-07 16:52:03 +00:00
#
tools: fix segfault with verbose log into 'stderr'
Issue #824
In Windows, file handles (including 'stderr', 'stdout') can not be shared
between DLL-s, and so, the log handle (File *), defined in one module, cannot
be reused in another.
That is the situation when, for example, the SM is processed
in external, dynamically loadable module as it currently implemented for
IAS/ECC card.
That's for the configuration option 're-open of log file on each message' was
introduced.
This 're-open' logic has not been tested in the particular case of opensc-*
tools used with verbose log into 'stderr' -- in dynamically loaded module the
'stderr' handle, defined in the 'main' module, was not recognized as 'stderr'
and there was an attempt to close it.
closes #910
2016-11-23 10:24:41 +00:00
# Default: false
# reopen_debug_file = true;
2002-03-24 22:47:35 +00:00
2005-03-07 14:00:31 +00:00
# PKCS#15 initialization / personalization
# profiles directory for pkcs15-init.
2015-09-30 06:20:19 +00:00
# Default: @PROFILE_DIR_DEFAULT@
2009-01-16 21:27:46 +00:00
#
2015-09-30 06:20:19 +00:00
# profile_dir = @PROFILE_DIR@;
2005-03-07 14:00:31 +00:00
2011-12-14 12:14:14 +00:00
# Paranoid memory allocation.
#
# If set to 'true', then refuse to continue when locking of non-pageable
# memory fails. This can cause subtle failures but is more secure when
# you have a swap disk.
# Default: false
#
# paranoid_memory = false;
2016-12-09 11:54:06 +00:00
# Dsiable pop-ups of built-in GUI
#
# Default: false
# disable_popups = true;
2015-09-25 07:22:56 +00:00
# Enable default card driver
# Default card driver is explicitely enabled for the 'opensc-explorer' and 'opensc-tool'.
#
# Default: false
# enable_default_driver = true;
2013-08-02 20:01:51 +00:00
2010-09-11 13:00:47 +00:00
# CT-API module configuration.
2004-01-08 13:04:10 +00:00
reader_driver ctapi {
2015-11-12 19:57:04 +00:00
# module @LIBDIR@@LIB_PRE@towitoko@DYN_LIB_EXT@ {
2002-03-26 11:38:40 +00:00
# CT-API ports:
# 0..3 COM1..4
# 4 Printer
# 5 Modem
# 6..7 LPT1..2
2004-01-08 13:04:10 +00:00
# ports = 0;
2002-03-26 11:38:40 +00:00
# }
2004-01-08 13:04:10 +00:00
}
2010-09-11 13:00:47 +00:00
# The following section shows definitions for PC/SC readers.
2004-01-08 13:04:10 +00:00
reader_driver pcsc {
2016-10-07 12:11:36 +00:00
# Limit command and response sizes. Some Readers don't propagate their
# transceive capabilities correctly. max_send_size and max_recv_size
# allow setting the limits manually, for example to enable extended
# length capabilities.
2016-04-19 11:24:09 +00:00
# Default: max_send_size = 255, max_recv_size = 256;
2016-10-07 12:11:36 +00:00
# max_send_size = 65535;
# max_recv_size = 65536;
2010-12-14 01:30:03 +00:00
#
2010-11-29 13:56:19 +00:00
# Connect to reader in exclusive mode?
2005-09-08 11:35:26 +00:00
# Default: false
2005-12-27 13:39:51 +00:00
# connect_exclusive = true;
2005-09-08 11:35:26 +00:00
#
2010-11-29 13:56:19 +00:00
# What to do when disconnecting from a card (SCardDisconnect)
# Valid values: leave, reset, unpower.
# Default: reset
# disconnect_action = unpower;
2005-09-08 11:35:26 +00:00
#
2010-11-29 13:56:19 +00:00
# What to do at the end of a transaction (SCardEndTransaction)
# Valid values: leave, reset, unpower.
# Default: leave
# transaction_end_action = reset;
#
# What to do when reconnection to a card (SCardReconnect)
# Valid values: leave, reset, unpower.
# Note that this affects only the internal reconnect (after a SCARD_W_RESET_CARD).
# A forced reset via sc_reset() always does a full powerup.
# Default: leave
# reconnect_action = reset;
2005-09-08 11:35:26 +00:00
#
2005-08-13 13:26:46 +00:00
# Enable pinpad if detected (PC/SC v2.0.2 Part 10)
2009-09-14 09:48:56 +00:00
# Default: true
# enable_pinpad = false;
2008-03-06 16:06:59 +00:00
#
2015-11-10 23:28:16 +00:00
# Detect reader capabilities with escape commands (wrapped APDUs with
# CLA=0xFF as defined by PC/SC pt. 3 and BSI TR-03119, e.g. for getting
# the UID, escaped PIN commands and the reader's firmware version)
# Default: false
# enable_escape = true;
#
2008-04-02 05:44:12 +00:00
# Use specific pcsc provider.
# Default: @DEFAULT_PCSC_PROVIDER@
# provider_library = @DEFAULT_PCSC_PROVIDER@
2004-01-08 13:04:10 +00:00
}
2002-06-14 11:52:20 +00:00
2009-01-16 16:12:50 +00:00
# Options for OpenCT support
2005-09-18 12:33:31 +00:00
reader_driver openct {
2009-01-16 16:12:50 +00:00
# Virtual readers to allocate.
# Default: 2
# readers = 5;
2007-03-07 21:26:47 +00:00
#
2010-12-14 03:16:37 +00:00
# Limit command and response sizes.
2010-12-14 01:30:03 +00:00
# Default: n/a
2010-09-01 11:50:35 +00:00
# max_send_size = 255;
# max_recv_size = 256;
2017-02-07 14:45:10 +00:00
}
# Options for CryptoTokenKit support
reader_driver cryptotokenkit {
# Limit command and response sizes. Some Readers don't propagate their
# transceive capabilities correctly. max_send_size and max_recv_size
# allow setting the limits manually, for example to enable extended
# length capabilities.
# Default: autodetect
# max_send_size = 65535;
# max_recv_size = 65536;
}
2005-09-18 12:33:31 +00:00
2015-09-25 07:25:09 +00:00
# Whitelist of card drivers to load at start-up
#
# The supported internal card driver names can be retrieved
# from the output of:
# $ opensc-tool --list-drivers
2002-03-24 22:47:35 +00:00
#
# A special value of 'internal' will load all
# statically linked drivers. If an unknown (ie. not
# internal) driver is supplied, a separate configuration
# configuration block has to be written for the driver.
# Default: internal
2005-02-20 08:26:27 +00:00
# NOTE: When "internal" keyword is used, must be last entry
2002-03-24 22:47:35 +00:00
#
2015-11-06 07:24:16 +00:00
card_drivers = npa, internal;
2004-10-18 08:24:12 +00:00
2005-02-20 08:26:27 +00:00
# Card driver configuration blocks.
2002-03-24 22:47:35 +00:00
2005-02-20 08:26:27 +00:00
# For card drivers loaded from an external shared library/DLL,
2004-10-18 08:24:12 +00:00
# you need to specify the path name of the module
#
# card_driver customcos {
# The location of the driver library
2015-11-12 19:57:04 +00:00
# module = @LIBDIR@@LIB_PRE@card_customcos@DYN_LIB_EXT@;
2004-10-18 08:24:12 +00:00
# }
2015-11-06 07:24:16 +00:00
card_driver npa {
# German ID card requires the CAN to be verified before QES PIN. This,
# however, is not part of the PKCS#15 profile of the card. So for
# verifying the QES PIN we actually need both. The CAN may be given
# here. If the CAN is not given here, it will be prompted on the
# command line or on the reader (depending on the reader's
# capabilities).
#
#can = 222222;
# QES is only possible with a Comfort Reader (CAT-K), which holds a
# cryptographic key to authenticate itself as signature terminal (ST).
# We usually will use the reader's capability to sign the data.
# However, during developement you may specify soft certificates and
# keys for a ST below.
# The following example EAC PKI can be found in vicc's example data:
# https://github.com/frankmorgner/vsmartcard/tree/master/virtualsmartcard/npa-example-data
#
#st_dv_certificate = ZZSTDVCA00001.cvcert;
#st_certificate = ZZSTTERM00001.cvcert;
#st_key = ZZSTTERM00001.pkcs8;
}
2004-10-18 08:24:12 +00:00
2002-04-19 20:07:56 +00:00
# Force using specific card driver
#
# If this option is present, OpenSC will use the supplied
# driver with all inserted cards.
#
# Default: autodetect
#
2005-02-20 08:26:27 +00:00
# force_card_driver = customcos;
2002-04-19 20:07:56 +00:00
2015-11-10 08:37:39 +00:00
# Configuration block for DNIe
#
# Card DNIe has an option to show an extra warning before
# issuing a signature.
card_driver dnie {
# Disable / enable warning message when performing a
# signature operation with the DNIe.
# Only used if compiled with --enable-dnie-ui
# user_consent_enabled = yes;
# Specify the pinentry application to use if warning
# is configured to be displayed using pinentry.
# Default: /usr/bin/pinentry
# Only used if compiled with --enable-dnie-ui
# user_consent_app = "/usr/bin/pinentry";
}
2005-02-22 07:59:42 +00:00
# In addition to the built-in list of known cards in the
# card driver, you can configure a new card for the driver
# using the card_atr block. The goal is to centralize
# everything related to a certain card to card_atr.
#
2008-05-26 11:35:56 +00:00
# The supported internal card driver names can be retrieved
# from the output of:
# $ opensc-tool --list-drivers
2005-02-22 07:59:42 +00:00
# Generic format: card_atr <hex encoded ATR (case-sensitive!)>
# New card entry for the flex card driver
# card_atr 3b:f0:0d:ca:fe {
# All parameters for the context are
# optional unless specified otherwise.
# Context: global, card driver
#
# ATR mask value
#
# The mask is logically AND'd with an
# card ATR prior to comparison with the
# ATR reference value above. Using mask
# allows identifying and configuring
# multiple ATRs as the same card model.
# atrmask = "ff:ff:ff:ff:ff";
# Context: card driver
#
# Specify used card driver (REQUIRED).
#
# When enabled, overrides all possible
# settings from the card drivers built-in
# card configuration list.
# driver = "flex";
# Set card name for card drivers that allows it.
# name = "My CryptoFlex card";
# Card type as an integer value.
#
# Depending on card driver, this allows
# tuning the behaviour of the card driver
# for your card.
# type = "2002";
# Card flags as an hex value.
# Multiple values are OR'd together.
#
# Depending on card driver, this allows
# fine-tuning the capabilities in
# the card driver for your card.
#
# Optionally, some known parameters
# can be specified as strings:
#
# rng - On-board random number source
#
2011-04-08 13:30:32 +00:00
# flags = "rng", "0x80000000";
2005-02-22 07:59:42 +00:00
2015-07-27 17:10:34 +00:00
# Enable pkcs11 initialization.
# Default: no
# pkcs11_enable_InitToken = yes;
2005-02-22 07:59:42 +00:00
#
# Context: PKCS#15 emulation layer
#
# When using PKCS#15 emulation, force
# the emulation driver for specific cards.
#
# Required for external drivers, but can
# be used with built-in drivers, too.
# pkcs15emu = "custom";
#
# Context: reader driver
#
# Force protocol selection for specific cards.
# Known parameters: t0, t1, raw
# force_protocol = "t0";
2016-03-09 08:53:29 +00:00
# Context: minidriver
#
# md_read_only: Mark card as read/only card in Minidriver/BaseCSP interface (Default: false)
# md_supports_X509_enrollment: Indicate X509 enrollment support at Minidriver/BaseCSP interface (Default: false)
# md_guid_as_id: Use the GUID generated for the key as id in the PKCS#15 structure (Default: false - auto generated)
# md_guid_as_label: Use the GUID generated for the key as label in the PKCS#15 structure (Default: false - no label set)
# md_supports_container_key_gen: Card allows generating key pairs on the card (Default: false)
# md_supports_container_key_import: Card allows importing private keys (Default: false)
2017-05-24 10:46:25 +00:00
#
# Window title of the PIN pad dialog
# Default: "Windows Security"
# md_pinpad_dlg_title = "Title";
#
# Filename of the icon for the PIN pad dialog; use "" for no icon
# Default: Built-in smart card icon
# md_pinpad_dlg_icon = "";
#
# Main instruction of the PIN pad dialog
# Default: "OpenSC Smart Card Provider"
# md_pinpad_dlg_main = "Main";
#
# Content of the PIN pad dialog for role "user"
2017-10-17 07:38:19 +00:00
# Default: "Please verify your fingerprint or PIN on the card."
2017-05-24 10:46:25 +00:00
# md_pinpad_dlg_content_user = "Content User";
#
2017-10-17 07:38:19 +00:00
# Content of the PIN pad dialog for role "user+signature"
# Default: "Please verify your fingerprint or PIN for the digital signature PIN on the card."
# md_pinpad_dlg_content_user_sign = "Content User+Sign";
#
2017-05-24 10:46:25 +00:00
# Content of the PIN pad dialog for role "admin"
# Default: "Please enter your PIN to unblock the user PIN on the PINPAD."
# md_pinpad_dlg_content_admin = "Content Admin";
#
# Content of the PIN pad dialog after pressing "Cancel", when the reader doesn't respond to SCardCancel
# md_pinpad_dlg_content_cancel = "Content Cancel";
#
# Expanded information of the PIN pad dialog
# Default: "This window will be closed automatically after the PIN has been submitted on the PINPAD (timeout typically after 30 seconds)."
# md_pinpad_dlg_expanded = "Expanded Information";
#
# Expanded information of the PIN pad dialog after pressing "Cancel", when the reader doesn't respond to SCardCancel
# Default: "Some readers only support canceling the operation on the PIN pad. Press Cancel or remove the card."
# md_pinpad_dlg_expanded_cancel = "Expanded Information Cancel";
#
# Allow the user to cancel the PIN pad dialog
# Default: false
# md_pinpad_dlg_enable_cancel = true;
#
# Time in seconds for the progress bar of the PIN pad dialog to tick. "0" removes the progress bar.
# Default: 30
# md_pinpad_dlg_timeout = 0;
# Notification title and text when card was inserted
2017-07-13 07:09:14 +00:00
# Default: "Smart card detected"
# notify_card_inserted = "inserted title";
# Default: ATR of the card
# notify_card_inserted_text = "inserted text";
2017-05-24 10:46:25 +00:00
#
# Notification title and text when card was removed
2017-07-13 07:09:14 +00:00
# Default: "Smart card removed"
2017-05-24 10:46:25 +00:00
# notify_card_removed = "card removed";
2017-07-13 07:09:14 +00:00
# Default: Name of smart card reader
2017-05-24 10:46:25 +00:00
# notify_card_removed_text = "removed text";
#
# Notification title and text when PIN was verified
2017-07-13 07:09:14 +00:00
# Default: "PIN verified"
2017-05-24 10:46:25 +00:00
# notify_pin_good = "good PIN";
2017-07-13 07:09:14 +00:00
# Default: "Smart card is unlocked"
2017-05-24 10:46:25 +00:00
# notify_pin_good_text = "good text";
#
# Notification title and text when PIN was wrong
2017-07-13 07:09:14 +00:00
# Default: "PIN not verified"
2017-05-24 10:46:25 +00:00
# notify_pin_bad = "bad PIN";
2017-07-13 07:09:14 +00:00
# Default: "Smart card is locked"
2017-05-24 10:46:25 +00:00
# notify_pin_bad_text = "bad text";
2005-02-22 07:59:42 +00:00
# }
2006-02-23 11:49:22 +00:00
# PIV cards need an entry similar to this one:
# card_atr 3B:7D:96:00:00:80:31:80:65:B0:83:11:00:AC:83:00:90:00 {
# name = "PIV-II";
2012-05-21 17:19:38 +00:00
# driver = "piv";
2006-02-23 11:49:22 +00:00
# }
2010-10-22 15:48:04 +00:00
# Estonian ID card and Micardo driver sometimes only play together with T=0
# In theory only the 'cold' ATR should be specified, as T=0 will
2006-07-18 20:37:07 +00:00
# be the preferred protocol once you boot it up with T=0, but be
# paranoid.
2012-05-21 17:19:38 +00:00
#
2010-10-28 05:30:09 +00:00
# Warm ATR v1
2010-10-28 13:11:13 +00:00
card_atr 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
force_protocol = t0;
}
2010-10-28 05:30:09 +00:00
# Cold ATR v1
2010-10-28 13:11:13 +00:00
card_atr 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 {
force_protocol = t0;
}
2010-10-28 05:30:09 +00:00
# Warm ATR v2
2010-10-28 13:11:13 +00:00
card_atr 3b:5e:11:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
force_protocol = t0;
}
2010-10-28 05:30:09 +00:00
# Cold ATR v2
2010-10-28 13:11:13 +00:00
card_atr 3b:de:18:ff:c0:80:b1:fe:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:2b {
force_protocol = t0;
}
2010-10-28 05:30:09 +00:00
# Digi-ID cold ATR. The same card has the same warm ATR as "Cold ATR v1" above
2010-10-28 13:11:13 +00:00
# The card is claimed to only support T=0 but in fact (sometimes) works with T=1, even if not advertised in ATR.
card_atr 3b:6e:00:00:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
force_protocol = t0;
}
2010-11-29 14:22:01 +00:00
2006-05-01 10:12:36 +00:00
# D-Trust cards are also based on micardo and need T=0 for some reason
card_atr 3b:ff:94:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:23 {
force_protocol = t0;
}
card_atr 3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6 {
force_protocol = t0;
}
2012-05-21 17:19:38 +00:00
2012-06-07 16:52:03 +00:00
# Oberthur's AuthentIC v3.2.2
card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:00:70:0A:90:00:8B {
type = 11100;
driver = "authentic";
name = "AuthentIC v3.1";
# Name of SM configuration sub-section
# secure_messaging = local_authentic;
}
2011-02-16 11:01:46 +00:00
# IAS/ECC cards
2012-06-07 16:52:03 +00:00
card_atr 3B:7F:96:00:00:00:31:B9:64:40:70:14:10:73:94:01:80:82:90:00 {
2015-09-25 07:22:56 +00:00
type = 25001;
driver = "iasecc";
name = "Gemalto MultiApp IAS/ECC v1.0.1";
secure_messaging = local_gemalto_iam;
2012-06-07 16:52:03 +00:00
# secure_messaging = local_adele;
md_read_only = false;
md_supports_X509_enrollment = true;
2015-09-25 07:22:56 +00:00
}
2012-06-07 16:52:03 +00:00
card_atr 3B:7F:96:00:00:00:31:B8:64:40:70:14:10:73:94:01:80:82:90:00 {
2015-09-25 07:22:56 +00:00
type = 25001;
driver = "iasecc";
name = "Gemalto MultiApp IAS/ECC v1.0.1";
secure_messaging = local_gemalto_iam;
md_read_only = false;
md_supports_X509_enrollment = true;
}
#card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:08:00:07:90:00:FE {
# type = 25002;
# driver = "iasecc";
# name = "Oberthur IAS/ECC v1.0.1";
# # No 'admin' application for this card -- no secure messaging
#}
#card_atr 3B:7F:18:00:00:00:31:B8:64:50:23:EC:C1:73:94:01:80:82:90:00 {
# type = 25003;
# driver = "iasecc";
# name = "Morpho YpsID S3 IAS/ECC";
# # secure_messaging = local_morpho_YpsID_S3;
#}
#card_atr 3B:DF:96:00:80:31:FE:45:00:31:B8:64:04:1F:EC:C1:73:94:01:80:82:90:00:EC {
# type = 25005;
# driver = "iasecc";
# name = "Morpho MI IAS/ECC v1.0.1";
# md_read_only = false;
# md_supports_X509_enrollment = true;
# secure_messaging = local_morpho_mi;
#}
card_atr 3B:DF:18:FF:81:91:FE:1F:C3:00:31:B8:64:0C:01:EC:C1:73:94:01:80:82:90:00:B3 {
type = 25004;
driver = "iasecc";
name = "Amos IAS/ECC v1.0.1";
md_read_only = false;
md_supports_X509_enrollment = true;
secure_messaging = local_amos;
}
card_atr 3B:DC:18:FF:81:91:FE:1F:C3:80:73:C8:21:13:66:01:0B:03:52:00:05:38 {
type = 25004;
driver = "iasecc";
name = "Amos IAS/ECC v1.0.1";
2012-06-07 16:52:03 +00:00
md_read_only = false;
md_supports_X509_enrollment = true;
2015-09-25 07:22:56 +00:00
secure_messaging = local_amos_eid;
}
2012-06-07 16:52:03 +00:00
2016-03-08 14:13:36 +00:00
# SmartCard-HSM with contact-based interface or USB-Stick
card_atr 3B:FE:18:00:00:81:31:FE:45:80:31:81:54:48:53:4D:31:73:80:21:40:81:07:FA {
2016-03-09 08:53:29 +00:00
driver = "sc-hsm";
2016-03-08 14:13:36 +00:00
md_read_only = false;
md_supports_X509_enrollment = true;
2016-03-09 08:53:29 +00:00
md_supports_container_key_gen = true;
2016-03-08 14:13:36 +00:00
md_guid_as_label = true;
2016-03-09 08:53:29 +00:00
}
2016-03-08 14:13:36 +00:00
# SmartCard-HSM with contact-less interface
card_atr 3B:8E:80:01:80:31:81:54:48:53:4D:31:73:80:21:40:81:07:18 {
2016-03-09 08:53:29 +00:00
driver = "sc-hsm";
2016-03-08 14:13:36 +00:00
md_read_only = false;
md_supports_X509_enrollment = true;
2016-03-09 08:53:29 +00:00
md_supports_container_key_gen = true;
2016-03-08 14:13:36 +00:00
md_guid_as_label = true;
2016-03-09 08:53:29 +00:00
}
2016-03-08 14:13:36 +00:00
2017-05-24 10:46:25 +00:00
# SmartCard-HSM with fingerprint sensor and PIN pad
card_atr 3B:80:80:01:01 {
2017-07-13 07:18:08 +00:00
force_protocol = "t1";
md_read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
2017-10-17 07:38:19 +00:00
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
2017-07-13 07:18:08 +00:00
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte.";
md_pinpad_dlg_allow_cancel = false;
md_pinpad_dlg_timeout = 30;
notify_card_inserted = "GoID erkannt";
notify_card_inserted_text = "";
notify_card_removed = "GoID entfernt";
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
notify_pin_good_text = "GoID ist entsperrt";
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
notify_pin_bad_text = "GoID ist gesperrt";
}
# GoID with fingerprint sensor and PIN pad
card_atr 3B:84:80:01:47:6f:49:44:00 {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
2017-10-17 07:38:19 +00:00
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
2017-07-13 07:18:08 +00:00
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte.";
md_pinpad_dlg_allow_cancel = false;
md_pinpad_dlg_timeout = 30;
notify_card_inserted = "GoID erkannt";
notify_card_inserted_text = "";
notify_card_removed = "GoID entfernt";
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
notify_pin_good_text = "GoID ist entsperrt";
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
notify_pin_bad_text = "GoID ist gesperrt";
}
# GoID with fingerprint sensor and PIN pad
card_atr 3B:85:80:01:47:6f:49:44:00:00 {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
2017-10-17 07:38:19 +00:00
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
2017-07-13 07:18:08 +00:00
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte.";
md_pinpad_dlg_allow_cancel = false;
md_pinpad_dlg_timeout = 30;
notify_card_inserted = "GoID erkannt";
notify_card_inserted_text = "";
notify_card_removed = "GoID entfernt";
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
notify_pin_good_text = "GoID ist entsperrt";
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
notify_pin_bad_text = "GoID ist gesperrt";
}
# GoID with fingerprint sensor and PIN pad
card_atr 3B:86:80:01:47:6f:49:44:00:00:00 {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
2017-10-17 07:38:19 +00:00
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
2017-07-13 07:18:08 +00:00
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte.";
md_pinpad_dlg_allow_cancel = false;
md_pinpad_dlg_timeout = 30;
notify_card_inserted = "GoID erkannt";
notify_card_inserted_text = "";
notify_card_removed = "GoID entfernt";
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
notify_pin_good_text = "GoID ist entsperrt";
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
notify_pin_bad_text = "GoID ist gesperrt";
}
# GoID with fingerprint sensor and PIN pad
card_atr 3B:87:80:01:47:6f:49:44:00:00:00:00 {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
2017-10-17 07:38:19 +00:00
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
2017-07-13 07:18:08 +00:00
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte.";
md_pinpad_dlg_allow_cancel = false;
md_pinpad_dlg_timeout = 30;
notify_card_inserted = "GoID erkannt";
notify_card_inserted_text = "";
notify_card_removed = "GoID entfernt";
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
notify_pin_good_text = "GoID ist entsperrt";
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
notify_pin_bad_text = "GoID ist gesperrt";
}
# GoID with fingerprint sensor and PIN pad
card_atr 3B:88:80:01:47:6f:49:44:00:00:00:00:00 {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
2017-10-17 07:38:19 +00:00
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
2017-07-13 07:18:08 +00:00
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte.";
md_pinpad_dlg_allow_cancel = false;
md_pinpad_dlg_timeout = 30;
notify_card_inserted = "GoID erkannt";
notify_card_inserted_text = "";
notify_card_removed = "GoID entfernt";
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
notify_pin_good_text = "GoID ist entsperrt";
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
notify_pin_bad_text = "GoID ist gesperrt";
}
# GoID with fingerprint sensor and PIN pad
card_atr 3B:89:80:01:47:6f:49:44:00:00:00:00:00:00 {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
2017-10-17 07:38:19 +00:00
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
2017-07-13 07:18:08 +00:00
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte.";
md_pinpad_dlg_allow_cancel = false;
md_pinpad_dlg_timeout = 30;
notify_card_inserted = "GoID erkannt";
notify_card_inserted_text = "";
notify_card_removed = "GoID entfernt";
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
notify_pin_good_text = "GoID ist entsperrt";
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
notify_pin_bad_text = "GoID ist gesperrt";
}
# GoID with fingerprint sensor and PIN pad
card_atr 3B:8A:80:01:47:6f:49:44:00:00:00:00:00:00:00 {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
2017-10-17 07:38:19 +00:00
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
2017-07-13 07:18:08 +00:00
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte.";
md_pinpad_dlg_allow_cancel = false;
md_pinpad_dlg_timeout = 30;
notify_card_inserted = "GoID erkannt";
notify_card_inserted_text = "";
notify_card_removed = "GoID entfernt";
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
notify_pin_good_text = "GoID ist entsperrt";
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
notify_pin_bad_text = "GoID ist gesperrt";
}
# GoID with fingerprint sensor and PIN pad
card_atr 3B:8B:80:01:47:6f:49:44:00:00:00:00:00:00:00:00 {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
2017-10-17 07:38:19 +00:00
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
2017-07-13 07:18:08 +00:00
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte.";
md_pinpad_dlg_allow_cancel = false;
md_pinpad_dlg_timeout = 30;
notify_card_inserted = "GoID erkannt";
notify_card_inserted_text = "";
notify_card_removed = "GoID entfernt";
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
notify_pin_good_text = "GoID ist entsperrt";
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
notify_pin_bad_text = "GoID ist gesperrt";
}
# GoID with fingerprint sensor and PIN pad
card_atr 3B:8C:80:01:47:6f:49:44:00:00:00:00:00:00:00:00:00 {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
2017-10-17 07:38:19 +00:00
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
2017-07-13 07:18:08 +00:00
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte.";
md_pinpad_dlg_allow_cancel = false;
md_pinpad_dlg_timeout = 30;
notify_card_inserted = "GoID erkannt";
notify_card_inserted_text = "";
notify_card_removed = "GoID entfernt";
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
notify_pin_good_text = "GoID ist entsperrt";
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
notify_pin_bad_text = "GoID ist gesperrt";
}
# GoID with fingerprint sensor and PIN pad
card_atr 3B:8D:80:01:47:6f:49:44:00:00:00:00:00:00:00:00:00:00 {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
2017-10-17 07:38:19 +00:00
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
2017-07-13 07:18:08 +00:00
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte.";
md_pinpad_dlg_allow_cancel = false;
md_pinpad_dlg_timeout = 30;
notify_card_inserted = "GoID erkannt";
notify_card_inserted_text = "";
notify_card_removed = "GoID entfernt";
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
notify_pin_good_text = "GoID ist entsperrt";
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
notify_pin_bad_text = "GoID ist gesperrt";
}
# GoID with fingerprint sensor and PIN pad
card_atr 3B:8E:80:01:47:6f:49:44:00:00:00:00:00:00:00:00:00:00:00 {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
2017-10-17 07:38:19 +00:00
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
2017-07-13 07:18:08 +00:00
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte.";
md_pinpad_dlg_allow_cancel = false;
md_pinpad_dlg_timeout = 30;
notify_card_inserted = "GoID erkannt";
notify_card_inserted_text = "";
notify_card_removed = "GoID entfernt";
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
notify_pin_good_text = "GoID ist entsperrt";
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
notify_pin_bad_text = "GoID ist gesperrt";
}
# GoID with fingerprint sensor and PIN pad
card_atr 3B:8F:80:01:47:6f:49:44:00:00:00:00:00:00:00:00:00:00:00:00 {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00:00:00:00";
2017-05-24 10:46:25 +00:00
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
2017-10-17 07:38:19 +00:00
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
2017-05-24 10:46:25 +00:00
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
md_pinpad_dlg_expanded_cancel = "Die Karte unterstützt das Abbrechen ausschließlich am PIN-Pad. Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen oder entfernen Sie die Karte.";
md_pinpad_dlg_allow_cancel = false;
md_pinpad_dlg_timeout = 30;
2017-07-13 07:18:08 +00:00
notify_card_inserted = "GoID erkannt";
notify_card_inserted_text = "";
notify_card_removed = "GoID entfernt";
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
notify_pin_good_text = "GoID ist entsperrt";
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
notify_pin_bad_text = "GoID ist gesperrt";
2017-05-24 10:46:25 +00:00
}
2012-06-07 16:52:03 +00:00
secure_messaging local_authentic {
2015-09-30 06:20:19 +00:00
# name of external SM module
# module_name = @DEFAULT_SM_MODULE@;
2015-09-16 05:16:21 +00:00
# directory with external SM module
# Default: defined by windows register
2015-09-30 06:20:19 +00:00
@DEFAULT_SM_MODULE_PATH@
2012-06-07 16:52:03 +00:00
# specific data to tune the module initialization
2015-09-16 05:16:21 +00:00
# module_data = "Here can be your SM module init data";
2012-06-07 16:52:03 +00:00
# SM mode:
# 'transmit' -- in this mode the procedure to securize an APDU is called by the OpenSC general
2015-09-25 07:22:56 +00:00
# APDU transmit procedure.
2012-06-07 16:52:03 +00:00
# In this mode all APDUs, except the ones filtered by the card specific procedure,
2015-09-25 07:22:56 +00:00
# are securized.
# 'acl' -- in this mode APDU are securized only if needed by the ACLs of the command to be executed.
#
2012-06-07 16:52:03 +00:00
#mode = transmit;
# SM type specific flags
2015-09-25 07:22:56 +00:00
# flags = 0x78; # 0x78 -- level 3, channel 0
2012-06-07 16:52:03 +00:00
# Default KMC of the GP Card Manager for the Oberthur's Java cards
# kmc = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00";
}
2015-09-25 07:22:56 +00:00
secure_messaging local_gemalto_iam {
2012-06-07 16:52:03 +00:00
module_name = @DEFAULT_SM_MODULE@;
2015-09-30 06:20:19 +00:00
@DEFAULT_SM_MODULE_PATH@
# module_data = "";
2015-09-25 07:22:56 +00:00
type = acl; # transmit, acl
2012-06-07 16:52:03 +00:00
2015-09-25 07:22:56 +00:00
ifd_serial = "11:22:33:44:55:66:77:88";
2012-06-07 16:52:03 +00:00
2015-09-25 07:22:56 +00:00
# Keyset values from IAM profiles of the Gemalto IAS/ECC cards
keyset_02_enc = "RW_PRIV_ENC_TEST";
keyset_02_mac = "RW_PRIV_MAC_TEST";
2012-06-07 16:52:03 +00:00
2015-09-25 07:22:56 +00:00
keyset_E828BD080FD2504543432D654944_01_enc = "RO_ENC_TEST_KEY_";
keyset_E828BD080FD2504543432D654944_01_mac = "RO_MAC_TEST_KEY_";
2012-06-07 16:52:03 +00:00
2015-09-25 07:22:56 +00:00
keyset_E828BD080FD2504543432D654944_03_enc = "RW_PUBL_ENC_TEST";
keyset_E828BD080FD2504543432D654944_03_mac = "RW_PUBL_MAC_TEST";
}
2012-06-07 16:52:03 +00:00
secure_messaging local_amos {
module_name = @DEFAULT_SM_MODULE@;
2015-09-30 06:20:19 +00:00
@DEFAULT_SM_MODULE_PATH@
# module_data = "";
2012-06-07 16:52:03 +00:00
mode = acl;
ifd_serial = "11:22:33:44:55:66:77:88";
keyset_02_enc = "ENCROECHANTILLON";
keyset_02_mac = "MACROECHANTILLON";
}
2015-09-25 07:22:56 +00:00
secure_messaging local_amos_eid {
2012-06-07 16:52:03 +00:00
module_name = @DEFAULT_SM_MODULE@;
2015-09-30 06:20:19 +00:00
@DEFAULT_SM_MODULE_PATH@
# module_data = "";
2015-09-25 07:22:56 +00:00
mode = acl;
ifd_serial = "11:22:33:44:55:66:77:88";
keyset_E828BD080FD2504543432D654944_03_enc = "RW_PUBL_ENC_TEST";
keyset_E828BD080FD2504543432D654944_03_mac = "RW_PUBL_MAC_TEST";
}
2012-06-07 16:52:03 +00:00
2015-09-25 07:22:56 +00:00
secure_messaging local_adele {
2012-06-07 16:52:03 +00:00
module_name = @DEFAULT_SM_MODULE@;
2015-09-30 06:20:19 +00:00
@DEFAULT_SM_MODULE_PATH@
# module_data = "";
2015-09-25 07:22:56 +00:00
type = acl; # transmit, acl
2012-06-07 16:52:03 +00:00
ifd_serial = "11:22:33:44:55:66:77:88";
2015-09-25 07:22:56 +00:00
# Keyset values from 'Adele' profiles of the IAS/ECC cards
keyset_01_enc = "EMENCECHANTILLON";
keyset_01_mac = "EMMACECHANTILLON";
2012-06-07 16:52:03 +00:00
2015-09-25 07:22:56 +00:00
keyset_02_enc = "AAENCECHANTILLON";
keyset_02_mac = "AAMACECHANTILLON";
2012-06-07 16:52:03 +00:00
2015-09-25 07:22:56 +00:00
keyset_E828BD080FD2500000040301_02_enc = "E2ENCECHANTILLON";
keyset_E828BD080FD2500000040301_02_mac = "E2MACECHANTILLON";
2012-06-07 16:52:03 +00:00
2015-09-25 07:22:56 +00:00
keyset_D2500000044164E86C650101_02_enc = "E1ENCECHANTILLON";
keyset_D2500000044164E86C650101_02_mac = "E1MACECHANTILLON";
2012-06-07 16:52:03 +00:00
2015-09-25 07:22:56 +00:00
keyset_D2500000044164E86C650101_03_enc = "SIENCECHANTILLON";
keyset_D2500000044164E86C650101_03_mac = "SIMACECHANTILLON";
}
2005-02-22 07:59:42 +00:00
2002-03-24 22:47:35 +00:00
# Below are the framework specific configuration blocks.
# PKCS #15
2004-01-08 13:04:10 +00:00
framework pkcs15 {
2002-03-24 22:47:35 +00:00
# Whether to use the cache files in the user's
# home directory.
2002-04-19 20:07:56 +00:00
#
2005-02-20 08:26:27 +00:00
# At the moment you have to 'teach' the card
# to the system by running command: pkcs15-tool -L
2002-04-19 20:07:56 +00:00
#
# WARNING: Caching shouldn't be used in setuid root
2002-03-24 22:47:35 +00:00
# applications.
# Default: false
2009-10-22 08:59:59 +00:00
# use_file_caching = true;
#
2016-03-08 14:13:36 +00:00
# set a path for caching
2015-02-05 18:18:05 +00:00
# so you do not use the env variables and for pam_pkcs11
# (with certificate check) where $HOME is not set
# Default: path in user home
2016-03-08 14:13:36 +00:00
# file_cache_dir = /var/lib/opensc/cache
2015-02-05 18:18:05 +00:00
#
2009-10-22 08:59:59 +00:00
# Use PIN caching?
# Default: true
# use_pin_caching = false;
#
# How many times to use a PIN from cache before re-authenticating it?
# Default: 10
# pin_cache_counter = 3;
2002-03-24 22:47:35 +00:00
#
2012-08-07 18:53:44 +00:00
# Older PKCS#11 applications not supporting CKA_ALWAYS_AUTHENTICATE
# may need to set this to get signatures to work with some cards.
# Default: false
# pin_cache_ignore_user_consent = true;
#
2005-02-20 08:26:27 +00:00
# Enable pkcs15 emulation.
2004-10-13 18:57:54 +00:00
# Default: yes
2005-12-27 13:39:51 +00:00
# enable_pkcs15_emulation = no;
2009-01-15 21:08:30 +00:00
#
2005-02-20 08:26:27 +00:00
# Prefer pkcs15 emulation code before
# the normal pkcs15 processing.
2009-10-22 08:59:59 +00:00
# Some cards (like esteid and pteid) work in emu-only mode,
# and do not depend on this option.
#
2004-10-13 18:57:54 +00:00
# Default: no
2005-12-27 13:39:51 +00:00
# try_emulation_first = yes;
2012-05-21 17:19:38 +00:00
2005-02-20 08:26:27 +00:00
# Enable builtin emulators.
2004-10-13 18:57:54 +00:00
# Default: yes
2009-01-15 21:08:30 +00:00
# enable_builtin_emulation = no;
#
# List of the builtin pkcs15 emulators to test
2010-08-16 00:56:27 +00:00
# Default: esteid, openpgp, tcos, starcert, itacns, infocamere, postecert, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II;
2009-01-15 21:08:30 +00:00
# builtin_emulators = openpgp;
2004-10-13 18:57:54 +00:00
2005-02-20 08:26:27 +00:00
# additional settings per driver
#
2006-07-18 20:37:07 +00:00
# For pkcs15 emulators loaded from an external shared
# library/DLL, you need to specify the path name of the module
# and customize the card_atr example above correctly.
2005-02-20 08:26:27 +00:00
#
# emulate custom {
# The location of the driver library
2015-11-12 19:57:04 +00:00
# module = @LIBDIR@@LIB_PRE@p15emu_custom@DYN_LIB_EXT@;
2005-02-20 08:26:27 +00:00
# }
2012-06-07 16:52:03 +00:00
# some additional application parameters:
# - type (generic, protected) used to distinguish the common access application
# and application for which authentication to perform some operation cannot be
# obtained with the common procedures (ex. object creation protected by secure messaging).
# Used by PKCS#11 module configurated to expose restricted number of slots.
# (for ex. configurated to expose only User PIN slot, User and Sign PINs slots, ...)
2016-01-21 17:11:42 +00:00
#
# - disable: do not expose application in PKCS15 framework
# default 'false'
2015-09-25 07:22:56 +00:00
application E828BD080FD25047656E65726963 {
type = generic;
model = "ECC Generic PKI";
2016-01-21 17:11:42 +00:00
# disable = true
2015-09-25 07:22:56 +00:00
}
application E828BD080FD2500000040301 {
type = generic;
model = "Adèle Générique";
}
application E828BD080FD2504543432D654944 {
type = protected;
model = "ECC eID";
}
application E828BD080FD2500000040201 {
type = protected;
model = "Adèle Admin-2";
}
2004-01-08 13:04:10 +00:00
}
}
2002-03-24 16:57:39 +00:00
2002-12-21 16:45:37 +00:00
# Parameters for the OpenSC PKCS11 module
2004-01-08 13:04:10 +00:00
app opensc-pkcs11 {
pkcs11 {
2008-03-06 15:04:29 +00:00
# Maximum Number of virtual slots.
# If there are more slots than defined here,
# the remaining slots will be hidden from PKCS#11.
2009-01-16 16:44:35 +00:00
# Default: 16
# max_virtual_slots = 32;
2008-03-06 15:04:29 +00:00
2006-07-18 20:37:07 +00:00
# Maximum number of slots per smart card.
2002-12-21 16:45:37 +00:00
# If the card has fewer keys than defined here,
# the remaining number of slots will be empty.
2009-01-16 16:44:35 +00:00
# Default: 4
# slots_per_card = 2;
2003-01-03 10:49:07 +00:00
2009-01-16 16:44:35 +00:00
# (max_virtual_slots/slots_per_card) limits the number of readers
# that can be used on the system. Default is then 16/4=4 readers.
2008-10-10 09:42:36 +00:00
2002-12-22 11:50:41 +00:00
# Normally, the pkcs11 module will create
# the full number of slots defined above by
# num_slots. If there are fewer pins/keys on
# the card, the remaining keys will be empty
# (and you will be able to create new objects
# within them).
2009-01-23 09:30:42 +00:00
# Default: true
# hide_empty_tokens = false;
2003-01-03 10:49:07 +00:00
2011-01-18 04:43:32 +00:00
# By default, the OpenSC PKCS#11 module will not lock your card
2010-05-19 08:17:53 +00:00
# once you authenticate to the card via C_Login.
#
2011-01-18 04:43:32 +00:00
# Thus the other users or other applications is not prevented
# from connecting to the card and perform crypto operations
# (which may be possible because you have already authenticated
# with the card). This setting is not very secure.
2008-12-28 18:45:29 +00:00
#
2012-05-21 17:19:38 +00:00
# Also, if your card is not locked, you can enconter problems
# due to limitation of the OpenSC framework, that still is not
2010-05-19 08:17:53 +00:00
# thoroughly tested in the multi threads environment.
2011-01-18 04:43:32 +00:00
#
2012-05-21 17:19:38 +00:00
# Your settings will be more secure if you choose to lock your
# card. Nevertheless this behavior is a known violation of PKCS#11
# specification. Now once one application has started using your
# card with C_Login, no other application can use it, until
# the first is done and calls C_Logout or C_Finalize. In the case
# of many PKCS#11 application this does not happen until you exit
2011-01-18 04:43:32 +00:00
# the application.
2012-05-21 17:19:38 +00:00
# Thus it is impossible to use several smart card aware applications
# at the same time, e.g. you cannot run both Firefox and Thunderbird at
2010-05-19 08:17:53 +00:00
# the same time, if both are configured to use your smart card.
2011-01-18 04:43:32 +00:00
#
2010-05-19 08:17:53 +00:00
# Default: false
# lock_login = true;
2010-01-08 15:41:07 +00:00
2015-11-26 06:11:06 +00:00
# By default, interacting with the OpenSC PKCS#11 module may change the
# state of the token, e.g. whether a user is logged in or not.
#
# Thus other users or other applications may change or use the state of
# the token unknowingly. Other applications may create signatures
# abusing an existing login or they may logout unnoticed.
#
# With this setting enabled the login state of the token is tracked and
# cached (including the PIN). Every transaction is preceeded by
# restoring the login state. After every transaction a logout is
# performed. This setting by default also enables `lock_login` (see
# above) to disable access for other applications during the atomic
# transactions.
#
# Please note that any PIN-pad should be disabled (see `enable_pinpad`
# above), because the user would have to input his PIN for every
# transaction.
#
# Default: false
# atomic = true;
2015-09-16 05:16:21 +00:00
# With this setting disabled, the OpenSC PKCS#11 module will initialize
# the slots available when the application calls `C_GetSlotList`. With
# this setting enabled, the slots will also get initialized when
# C_GetSlotInfo is called.
#
# This setting is a workaround for Java which does not call
# `C_GetSlotList` when configured with a static `slot` instead of
# `slotListIndex`.
#
# Default: true
# init_sloppy = false;
2010-01-08 15:41:07 +00:00
# User PIN unblock style
# none: PIN unblock is not possible with PKCS#11 API;
# set_pin_in_unlogged_session: C_SetPIN() in unlogged session:
# PUK is passed as the 'OldPin' argument of the C_SetPIN() call.
# set_pin_in_specific_context: C_SetPIN() in the CKU_SPECIFIC_CONTEXT logged session:
# PUK is passed as the 'OldPin' argument of the C_SetPIN() call.
# init_pin_in_so_session: C_InitPIN() in CKU_SO logged session:
# User PIN 'UNBLOCK' is protected by SOPIN. (PUK == SOPIN).
# # Actually this style works only for the PKCS15 contents without SOPIN.
# # For those with SOPIN, this mode will be usefull for the cards without
# # modes 00 and 01 of ISO command 'RESET RETRY COUNTER'. --vt
#
# Default: none
# user_pin_unblock_style = set_pin_in_unlogged_session;
2010-01-28 12:17:05 +00:00
2010-01-28 14:53:36 +00:00
# Create slot for unblocking PIN with PUK
# This way PKCS#11 API can be used to login with PUK and
# change a PIN.
# Warning: causes problems with some applications like
2010-01-28 14:15:13 +00:00
# firefox and thunderbird. Thus turned off by default
2010-01-28 12:17:05 +00:00
#
# Default: false
2010-01-28 14:15:13 +00:00
# create_puk_slot = true;
2010-03-09 16:57:39 +00:00
# Report as 'zero' the CKA_ID attribute of CA certificate
2012-05-21 17:19:38 +00:00
# For the unknown reason the middleware of the manufacturer of gemalto (axalto, gemplus)
# card reports as '0' the CKA_ID of CA cartificates.
2010-03-09 16:57:39 +00:00
# Maybe someone else will need it. (Would be nice to know who and what for -- VTA)
2011-01-18 04:43:32 +00:00
#
2010-03-09 16:57:39 +00:00
# Default: false
# zero_ckaid_for_ca_certs = true;
2010-08-15 09:33:18 +00:00
# List of readers to ignore
2010-08-16 08:59:14 +00:00
# If any of the strings listed below is matched (case sensitive) in a reader name,
2010-08-15 09:33:18 +00:00
# the reader is ignored by the PKCS#11 module.
#
# Default: empty
2010-08-16 08:59:14 +00:00
# ignored_readers = "CardMan 1021", "SPR 532";
2012-05-21 17:19:38 +00:00
2013-12-25 22:13:44 +00:00
# Symbolic names of PINs for which slots are created
# Card can contain more then one PINs or more then one on-card application with
# its own PINs. Normally, to access all of them with the PKCS#11 API a slot has to be
# created for all of them. Many slots could be ennoying for some of widely used application,
2016-02-19 13:53:45 +00:00
# like FireFox. This configuration parameter allows to select the PIN(s)
2013-12-25 22:13:44 +00:00
# for which PKCS#11 slot will be created.
# Actually recognised following symbolic names:
2016-02-19 13:53:45 +00:00
# 'user', 'sign', 'all'
2013-12-25 22:13:44 +00:00
# Only PINs initialised, non-SoPIN, non-unblocking are associated with symbolic name.
# 'user' is identified as first global or first local PIN.
# 'sign' is identified as second PIN: first local, second global or second local.
# 'all' slot created for all non-sopin, non-unblocking PINs,
# optionally for PUK (see option 'create_puk_slot')
#
# Default: all
# create_slots_for_pins = "user,sign";
2016-02-19 13:53:45 +00:00
# create_slots_for_pins = "sign";
2014-03-17 12:34:33 +00:00
#
# For the module to simulate the opensc-onepin module behavior the following option
# must be set:
# create_slots_for_pins = "user"
2004-01-08 13:04:10 +00:00
}
}
2006-02-23 11:01:13 +00:00
2014-04-23 08:50:38 +00:00
app onepin-opensc-pkcs11 {
pkcs11 {
slots_per_card = 1;
}
}
2016-11-15 21:48:48 +00:00
# Used by OpenSC.tokend on Mac OS X only
2006-02-23 11:01:13 +00:00
app tokend {
2010-08-25 08:40:54 +00:00
# The file to which debug log will be written
# Default: /tmp/opensc-tokend.log
#
# debug_file = /Library/Logs/OpenSC.tokend.log
2006-02-23 11:01:13 +00:00
framework tokend {
2010-08-25 08:40:54 +00:00
# Score for OpenSC.tokend
2010-11-29 13:34:54 +00:00
# The tokend with the highest score shall be used.
# Default: 300
2010-08-25 08:40:54 +00:00
#
# score = 10;
2017-08-02 08:45:53 +00:00
# Tokend ignore to read PIN protected certificate that is set SC_PKCS15_CO_FLAG_PRIVATE flag.
# Default: true
#
# ignore_private_certificate = false;
2006-02-23 11:01:13 +00:00
}
}
2010-02-05 13:05:25 +00:00
2016-11-15 21:48:48 +00:00
# Used by OpenSC minidriver on Windows only
2010-02-05 13:05:25 +00:00
app cardmod {
}
