2002-03-24 14:12:38 +00:00
|
|
|
# Configuration file for OpenSC
|
|
|
|
# Example configuration file
|
|
|
|
|
2002-03-24 22:47:35 +00:00
|
|
|
# NOTE: All key-value pairs must be terminated by a semicolon.
|
|
|
|
|
2002-03-24 16:57:39 +00:00
|
|
|
# Default values for any application
|
2006-07-18 20:37:07 +00:00
|
|
|
# These can be overridden by an application
|
2002-03-24 16:57:39 +00:00
|
|
|
# specific configuration block.
|
2004-01-08 13:04:10 +00:00
|
|
|
app default {
|
2002-03-24 22:47:35 +00:00
|
|
|
# Amount of debug info to print
|
|
|
|
#
|
|
|
|
# A greater value means more debug info.
|
|
|
|
# Default: 0
|
|
|
|
#
|
2004-01-08 13:04:10 +00:00
|
|
|
debug = 0;
|
2002-03-24 22:47:35 +00:00
|
|
|
|
|
|
|
# The file to which debug output will be written
|
|
|
|
#
|
|
|
|
# A special value of 'stdout' is recognized.
|
|
|
|
# Default: stdout
|
|
|
|
#
|
|
|
|
# debug_file = /tmp/opensc-debug.log;
|
2005-12-23 11:23:29 +00:00
|
|
|
# debug_file = "C:\Documents and Settings\All Users\Documents\opensc-debug.log";
|
2002-03-24 22:47:35 +00:00
|
|
|
|
|
|
|
# The file to which errors will be written
|
|
|
|
#
|
|
|
|
# A special value of 'stderr' is recognized.
|
|
|
|
# Default: stderr
|
|
|
|
#
|
|
|
|
# error_file = /tmp/opensc-errors.log;
|
2005-12-23 11:23:29 +00:00
|
|
|
# error_file = "C:\Documents and Settings\All Users\Documents\opensc-errors.log";
|
2002-03-24 22:47:35 +00:00
|
|
|
|
2005-03-07 14:00:31 +00:00
|
|
|
# PKCS#15 initialization / personalization
|
|
|
|
# profiles directory for pkcs15-init.
|
2005-03-23 23:12:42 +00:00
|
|
|
|
2008-03-06 16:06:59 +00:00
|
|
|
profile_dir = @pkgdatadir@;
|
2005-03-07 14:00:31 +00:00
|
|
|
|
2002-03-24 22:47:35 +00:00
|
|
|
# What reader drivers to load at start-up
|
|
|
|
#
|
|
|
|
# A special value of 'internal' will load all
|
|
|
|
# statically linked drivers. If an unknown (ie. not
|
|
|
|
# internal) driver is supplied, a separate configuration
|
|
|
|
# configuration block has to be written for the driver.
|
|
|
|
# Default: internal
|
2005-02-20 08:26:27 +00:00
|
|
|
# NOTE: if "internal" keyword is used, must be the
|
2004-10-18 08:24:12 +00:00
|
|
|
# last entry in reader_drivers list
|
2002-03-24 22:47:35 +00:00
|
|
|
#
|
2004-01-08 13:04:10 +00:00
|
|
|
# reader_drivers = openct, pcsc, ctapi;
|
2002-03-24 22:47:35 +00:00
|
|
|
|
2004-01-08 13:04:10 +00:00
|
|
|
reader_driver ctapi {
|
|
|
|
# module /usr/local/towitoko/lib/libtowitoko.so {
|
2002-03-26 11:38:40 +00:00
|
|
|
# CT-API ports:
|
|
|
|
# 0..3 COM1..4
|
|
|
|
# 4 Printer
|
|
|
|
# 5 Modem
|
|
|
|
# 6..7 LPT1..2
|
2004-01-08 13:04:10 +00:00
|
|
|
# ports = 0;
|
2002-03-26 11:38:40 +00:00
|
|
|
# }
|
2004-01-08 13:04:10 +00:00
|
|
|
}
|
|
|
|
|
2004-01-23 09:27:41 +00:00
|
|
|
# Define parameters specific to your readers.
|
|
|
|
# The following section shows definitions for PC/SC readers,
|
2006-07-18 20:37:07 +00:00
|
|
|
# but the same set of variables are applicable to ctapi and
|
2004-01-23 09:27:41 +00:00
|
|
|
# openct readers, simply by using "reader_driver ctapi" and
|
|
|
|
# "reader_driver openct", respectively.
|
2004-01-08 13:04:10 +00:00
|
|
|
reader_driver pcsc {
|
2004-01-23 09:27:41 +00:00
|
|
|
# This sets the maximum send and receive sizes.
|
2007-03-07 21:26:47 +00:00
|
|
|
# Some reader drivers have limitations, so you need
|
|
|
|
# to set these values. For usb devices check the
|
|
|
|
# properties with lsusb -vv for dwMaxIFSD
|
2005-09-08 11:35:26 +00:00
|
|
|
#
|
2007-03-07 21:26:47 +00:00
|
|
|
#max_send_size = 252;
|
|
|
|
#max_recv_size = 252;
|
|
|
|
|
2005-09-08 11:35:26 +00:00
|
|
|
# Connect to reader in exclusive mode.
|
|
|
|
# Default: false
|
2005-12-27 13:39:51 +00:00
|
|
|
# connect_exclusive = true;
|
2005-09-08 11:35:26 +00:00
|
|
|
#
|
|
|
|
# Reset the card after disconnect.
|
|
|
|
# Default: true
|
2005-12-27 13:39:51 +00:00
|
|
|
# connect_reset = false;
|
2005-09-08 11:35:26 +00:00
|
|
|
#
|
|
|
|
# Reset the card after each transaction.
|
|
|
|
# Default: false
|
2006-07-18 20:37:07 +00:00
|
|
|
# transaction_reset = true;
|
2005-09-08 11:35:26 +00:00
|
|
|
#
|
2005-08-13 13:26:46 +00:00
|
|
|
# Enable pinpad if detected (PC/SC v2.0.2 Part 10)
|
|
|
|
# Default: false
|
2005-12-27 13:39:51 +00:00
|
|
|
# enable_pinpad = true;
|
2008-03-06 16:06:59 +00:00
|
|
|
#
|
2008-04-02 05:44:12 +00:00
|
|
|
# Use specific pcsc provider.
|
|
|
|
# Default: @DEFAULT_PCSC_PROVIDER@
|
|
|
|
# provider_library = @DEFAULT_PCSC_PROVIDER@
|
2004-01-08 13:04:10 +00:00
|
|
|
}
|
2002-06-14 11:52:20 +00:00
|
|
|
|
2005-09-18 12:33:31 +00:00
|
|
|
# options for openct support
|
|
|
|
reader_driver openct {
|
|
|
|
# virtual readers to allocate. default:5
|
|
|
|
readers = 5;
|
2007-03-07 21:26:47 +00:00
|
|
|
|
|
|
|
# This sets the maximum send and receive sizes.
|
|
|
|
# Some reader drivers have limitations, so you need
|
|
|
|
# to set these values. For usb devices check the
|
|
|
|
# properties with lsusb -vv for dwMaxIFSD
|
|
|
|
#
|
|
|
|
#max_send_size = 252;
|
|
|
|
#max_recv_size = 252;
|
2005-09-18 12:33:31 +00:00
|
|
|
};
|
|
|
|
|
2002-03-26 11:38:40 +00:00
|
|
|
# What card drivers to load at start-up
|
2002-03-24 22:47:35 +00:00
|
|
|
#
|
|
|
|
# A special value of 'internal' will load all
|
|
|
|
# statically linked drivers. If an unknown (ie. not
|
|
|
|
# internal) driver is supplied, a separate configuration
|
|
|
|
# configuration block has to be written for the driver.
|
|
|
|
# Default: internal
|
2005-02-20 08:26:27 +00:00
|
|
|
# NOTE: When "internal" keyword is used, must be last entry
|
2002-03-24 22:47:35 +00:00
|
|
|
#
|
2004-10-18 08:24:12 +00:00
|
|
|
# card_drivers = customcos, internal;
|
|
|
|
|
2005-02-20 08:26:27 +00:00
|
|
|
# Card driver configuration blocks.
|
2002-03-24 22:47:35 +00:00
|
|
|
|
2005-02-20 08:26:27 +00:00
|
|
|
# For card drivers loaded from an external shared library/DLL,
|
2004-10-18 08:24:12 +00:00
|
|
|
# you need to specify the path name of the module
|
|
|
|
#
|
|
|
|
# card_driver customcos {
|
|
|
|
# The location of the driver library
|
|
|
|
# module = /usr/lib/opensc/drivers/card_customcos.so;
|
|
|
|
# }
|
|
|
|
|
2002-04-19 20:07:56 +00:00
|
|
|
# Force using specific card driver
|
|
|
|
#
|
|
|
|
# If this option is present, OpenSC will use the supplied
|
|
|
|
# driver with all inserted cards.
|
|
|
|
#
|
|
|
|
# Default: autodetect
|
|
|
|
#
|
2005-02-20 08:26:27 +00:00
|
|
|
# force_card_driver = customcos;
|
2002-04-19 20:07:56 +00:00
|
|
|
|
2005-02-22 07:59:42 +00:00
|
|
|
# In addition to the built-in list of known cards in the
|
|
|
|
# card driver, you can configure a new card for the driver
|
|
|
|
# using the card_atr block. The goal is to centralize
|
|
|
|
# everything related to a certain card to card_atr.
|
|
|
|
#
|
|
|
|
# The supported internal card driver names are
|
|
|
|
# etoken Aladdin eToken and other Siemens CardOS cards
|
|
|
|
# flex Schlumberger Multiflex/Cryptoflex
|
|
|
|
# cyberflex Schlumberger Cyberflex
|
|
|
|
# gpk Gemplus GPK
|
|
|
|
# miocos MioCOS 1.1
|
|
|
|
# mcrd MICARDO 2.1
|
|
|
|
# setcos Setec cards
|
|
|
|
# starcos STARCOS SPK 2.3
|
|
|
|
# tcos TCOS 2.0
|
|
|
|
# openpgp OpenPGP card
|
|
|
|
# jcop JCOP cards with BlueZ PKCS#15 applet
|
|
|
|
# oberthur Oberthur AuthentIC.v2/CosmopolIC.v4
|
|
|
|
# belpic Belpic cards
|
|
|
|
# emv EMV compatible cards
|
2007-03-12 20:15:39 +00:00
|
|
|
# piv U.S. NIST 800-73-1 PIV
|
2005-02-22 07:59:42 +00:00
|
|
|
|
|
|
|
# Generic format: card_atr <hex encoded ATR (case-sensitive!)>
|
|
|
|
|
|
|
|
# New card entry for the flex card driver
|
|
|
|
# card_atr 3b:f0:0d:ca:fe {
|
|
|
|
# All parameters for the context are
|
|
|
|
# optional unless specified otherwise.
|
|
|
|
|
|
|
|
# Context: global, card driver
|
|
|
|
#
|
|
|
|
# ATR mask value
|
|
|
|
#
|
|
|
|
# The mask is logically AND'd with an
|
|
|
|
# card ATR prior to comparison with the
|
|
|
|
# ATR reference value above. Using mask
|
|
|
|
# allows identifying and configuring
|
|
|
|
# multiple ATRs as the same card model.
|
|
|
|
# atrmask = "ff:ff:ff:ff:ff";
|
|
|
|
|
|
|
|
# Context: card driver
|
|
|
|
#
|
|
|
|
# Specify used card driver (REQUIRED).
|
|
|
|
#
|
|
|
|
# When enabled, overrides all possible
|
|
|
|
# settings from the card drivers built-in
|
|
|
|
# card configuration list.
|
|
|
|
# driver = "flex";
|
|
|
|
|
|
|
|
# Set card name for card drivers that allows it.
|
|
|
|
# name = "My CryptoFlex card";
|
|
|
|
|
|
|
|
# Card type as an integer value.
|
|
|
|
#
|
|
|
|
# Depending on card driver, this allows
|
|
|
|
# tuning the behaviour of the card driver
|
|
|
|
# for your card.
|
|
|
|
# type = "2002";
|
|
|
|
|
|
|
|
# Card flags as an hex value.
|
|
|
|
# Multiple values are OR'd together.
|
|
|
|
#
|
|
|
|
# Depending on card driver, this allows
|
|
|
|
# fine-tuning the capabilities in
|
|
|
|
# the card driver for your card.
|
|
|
|
#
|
|
|
|
# Optionally, some known parameters
|
|
|
|
# can be specified as strings:
|
|
|
|
#
|
|
|
|
# keygen - On-board key generation capability
|
|
|
|
# rng - On-board random number source
|
|
|
|
#
|
|
|
|
# flags = "keygen", "rng", "0x80000000";
|
|
|
|
|
|
|
|
#
|
|
|
|
# Context: PKCS#15 emulation layer
|
|
|
|
#
|
|
|
|
# When using PKCS#15 emulation, force
|
|
|
|
# the emulation driver for specific cards.
|
|
|
|
#
|
|
|
|
# Required for external drivers, but can
|
|
|
|
# be used with built-in drivers, too.
|
|
|
|
# pkcs15emu = "custom";
|
|
|
|
|
|
|
|
#
|
|
|
|
# Context: reader driver
|
|
|
|
#
|
|
|
|
# Force protocol selection for specific cards.
|
|
|
|
# Known parameters: t0, t1, raw
|
|
|
|
# force_protocol = "t0";
|
|
|
|
# }
|
|
|
|
|
2006-02-23 11:49:22 +00:00
|
|
|
# PIV cards need an entry similar to this one:
|
|
|
|
# card_atr 3B:7D:96:00:00:80:31:80:65:B0:83:11:00:AC:83:00:90:00 {
|
|
|
|
# name = "PIV-II";
|
|
|
|
# driver = "piv";
|
|
|
|
# }
|
|
|
|
|
2006-07-18 20:37:07 +00:00
|
|
|
# Estonian ID card and Micardo driver currently play together with T=0
|
|
|
|
# only. In theory only the 'cold' ATR should be specified, as T=0 will
|
|
|
|
# be the preferred protocol once you boot it up with T=0, but be
|
|
|
|
# paranoid.
|
2005-02-22 07:59:42 +00:00
|
|
|
card_atr 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
|
|
|
|
force_protocol = t0;
|
|
|
|
}
|
|
|
|
card_atr 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 {
|
|
|
|
force_protocol = t0;
|
|
|
|
}
|
|
|
|
|
2006-05-01 10:12:36 +00:00
|
|
|
# D-Trust cards are also based on micardo and need T=0 for some reason
|
|
|
|
card_atr 3b:ff:94:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:23 {
|
|
|
|
force_protocol = t0;
|
|
|
|
}
|
|
|
|
card_atr 3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6 {
|
|
|
|
force_protocol = t0;
|
|
|
|
}
|
2005-02-22 07:59:42 +00:00
|
|
|
|
2002-03-24 22:47:35 +00:00
|
|
|
# Below are the framework specific configuration blocks.
|
|
|
|
|
|
|
|
# PKCS #15
|
2004-01-08 13:04:10 +00:00
|
|
|
framework pkcs15 {
|
2002-03-24 22:47:35 +00:00
|
|
|
# Whether to use the cache files in the user's
|
|
|
|
# home directory.
|
2002-04-19 20:07:56 +00:00
|
|
|
#
|
2005-02-20 08:26:27 +00:00
|
|
|
# At the moment you have to 'teach' the card
|
|
|
|
# to the system by running command: pkcs15-tool -L
|
2002-04-19 20:07:56 +00:00
|
|
|
#
|
|
|
|
# WARNING: Caching shouldn't be used in setuid root
|
2002-03-24 22:47:35 +00:00
|
|
|
# applications.
|
|
|
|
# Default: false
|
|
|
|
#
|
2004-01-08 13:04:10 +00:00
|
|
|
use_caching = true;
|
2005-02-20 08:26:27 +00:00
|
|
|
# Enable pkcs15 emulation.
|
2004-10-13 18:57:54 +00:00
|
|
|
# Default: yes
|
2005-12-27 13:39:51 +00:00
|
|
|
# enable_pkcs15_emulation = no;
|
2005-02-20 08:26:27 +00:00
|
|
|
# Prefer pkcs15 emulation code before
|
|
|
|
# the normal pkcs15 processing.
|
2004-10-13 18:57:54 +00:00
|
|
|
# Default: no
|
2005-12-27 13:39:51 +00:00
|
|
|
# try_emulation_first = yes;
|
2005-02-20 08:26:27 +00:00
|
|
|
# Enable builtin emulators.
|
2004-10-13 18:57:54 +00:00
|
|
|
# Default: yes
|
2005-10-24 15:19:51 +00:00
|
|
|
# enable_builtin_emulation = yes;
|
2004-10-13 18:57:54 +00:00
|
|
|
# list of the builtin pkcs15 emulators to test
|
2007-12-17 13:39:20 +00:00
|
|
|
builtin_emulators = esteid, openpgp, tcos, starcert, infocamere, postecert, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II, rutoken;
|
2004-10-13 18:57:54 +00:00
|
|
|
|
2005-02-20 08:26:27 +00:00
|
|
|
# additional settings per driver
|
|
|
|
#
|
2006-07-18 20:37:07 +00:00
|
|
|
# For pkcs15 emulators loaded from an external shared
|
|
|
|
# library/DLL, you need to specify the path name of the module
|
|
|
|
# and customize the card_atr example above correctly.
|
2005-02-20 08:26:27 +00:00
|
|
|
#
|
|
|
|
# emulate custom {
|
|
|
|
# The location of the driver library
|
2005-02-22 07:59:42 +00:00
|
|
|
# module = /usr/lib/opensc/drivers/p15emu_custom.so;
|
2005-02-20 08:26:27 +00:00
|
|
|
# }
|
2004-01-08 13:04:10 +00:00
|
|
|
}
|
|
|
|
}
|
2002-03-24 16:57:39 +00:00
|
|
|
|
2002-12-21 16:45:37 +00:00
|
|
|
# Parameters for the OpenSC PKCS11 module
|
2004-01-08 13:04:10 +00:00
|
|
|
app opensc-pkcs11 {
|
|
|
|
pkcs11 {
|
2008-03-06 15:04:29 +00:00
|
|
|
# Maximum Number of virtual slots.
|
|
|
|
# If there are more slots than defined here,
|
|
|
|
# the remaining slots will be hidden from PKCS#11.
|
|
|
|
max_virtual_slots = 8;
|
|
|
|
|
2006-07-18 20:37:07 +00:00
|
|
|
# Maximum number of slots per smart card.
|
2002-12-21 16:45:37 +00:00
|
|
|
# If the card has fewer keys than defined here,
|
|
|
|
# the remaining number of slots will be empty.
|
2004-01-08 13:04:10 +00:00
|
|
|
num_slots = 4;
|
2003-01-03 10:49:07 +00:00
|
|
|
|
2002-12-22 11:50:41 +00:00
|
|
|
# Normally, the pkcs11 module will create
|
|
|
|
# the full number of slots defined above by
|
|
|
|
# num_slots. If there are fewer pins/keys on
|
|
|
|
# the card, the remaining keys will be empty
|
|
|
|
# (and you will be able to create new objects
|
|
|
|
# within them).
|
|
|
|
#
|
2003-01-03 10:49:07 +00:00
|
|
|
# Set this option to true to hide these empty
|
2002-12-22 11:50:41 +00:00
|
|
|
# slots.
|
2005-07-24 14:06:02 +00:00
|
|
|
hide_empty_tokens = yes;
|
2003-01-03 10:49:07 +00:00
|
|
|
|
2008-01-03 09:44:40 +00:00
|
|
|
# By default, the OpenSC PKCS#11 module will not lock
|
|
|
|
# this card once you have authenticated to the card via
|
|
|
|
# C_Login. This may add some risk as other users may connect
|
|
|
|
# to the card and perform crypto operations (which may be
|
|
|
|
# possible because you have already authenticated with the
|
|
|
|
# card). You may consider changing it to true.
|
|
|
|
#
|
|
|
|
# However, if you do, this also means that no other
|
|
|
|
# application that _you_ run can use the card until your
|
|
|
|
# application has done a C_Logout or C_Finalize. In the case
|
|
|
|
# of Netscape or Mozilla, this does not happen until you exit
|
|
|
|
# the browser.
|
2005-12-27 13:39:51 +00:00
|
|
|
# Default: false
|
2005-10-24 15:19:51 +00:00
|
|
|
# lock_login = true;
|
2003-01-03 11:09:45 +00:00
|
|
|
|
|
|
|
# Normally, the pkcs11 module will not cache PINs
|
|
|
|
# presented via C_Login. However, some cards
|
|
|
|
# may not work properly with OpenSC; for instance
|
|
|
|
# when you have two keys on your card that get
|
|
|
|
# stored in two different directories.
|
|
|
|
#
|
|
|
|
# In this case, you can turn on PIN caching by setting
|
|
|
|
# cache_pins = true
|
|
|
|
#
|
2007-04-24 07:54:18 +00:00
|
|
|
# Default: true
|
|
|
|
# cache_pins = false;
|
2003-06-03 13:57:52 +00:00
|
|
|
|
2006-07-18 20:37:07 +00:00
|
|
|
# Set this value to false if you want to enforce on-card
|
2003-06-03 13:57:52 +00:00
|
|
|
# keypair generation
|
|
|
|
#
|
|
|
|
# Default: true
|
2005-12-27 13:39:51 +00:00
|
|
|
# soft_keygen_allowed = false;
|
2004-01-08 13:04:10 +00:00
|
|
|
}
|
|
|
|
}
|
2006-02-23 11:01:13 +00:00
|
|
|
|
|
|
|
app tokend {
|
|
|
|
# Score for OpenSC.tokend
|
|
|
|
framework tokend {
|
|
|
|
score = 10;
|
|
|
|
}
|
|
|
|
}
|