use one configuration file for all systems
This commit is contained in:
parent
a4ca19019e
commit
1480a4ef4a
15
configure.ac
15
configure.ac
|
@ -114,13 +114,19 @@ esac
|
|||
|
||||
case "${host}" in
|
||||
*-mingw*|*-winnt*|*-cygwin*)
|
||||
DEBUG_FILE="%TEMP%\opensc-debug.log"
|
||||
DEBUG_FILE="%TEMP%\\\opensc-debug.log"
|
||||
PROFILE_DIR_DEFAULT="obtained from windows registers"
|
||||
PROFILE_DIR="\"\""
|
||||
;;
|
||||
*)
|
||||
DEBUG_FILE="/tmp/opensc-debug.log"
|
||||
PROFILE_DIR="\$(pkgdatadir)"
|
||||
PROFILE_DIR_DEFAULT="\$(pkgdatadir)"
|
||||
;;
|
||||
esac
|
||||
AC_DEFINE_UNQUOTED([DEBUG_FILE], ["${DEBUG_FILE}"], [Debug file])
|
||||
AC_DEFINE_UNQUOTED([PROFILE_DIR], ["${PROFILE_DIR}"], [Directory of profiles])
|
||||
AC_DEFINE_UNQUOTED([PROFILE_DIR_DEFAULT], ["${PROFILE_DIR_DEFAULT}"], [Default directory of profiles])
|
||||
|
||||
AC_ARG_ENABLE(
|
||||
[strict],
|
||||
|
@ -512,15 +518,19 @@ if test "${enable_sm}" = "yes"; then
|
|||
case "${host}" in
|
||||
*-mingw*|*-winnt*|*-cygwin*)
|
||||
DEFAULT_SM_MODULE="smm-local.dll"
|
||||
DEFAULT_SM_MODULE_PATH="\# module_path = \"\";"
|
||||
;;
|
||||
*-apple-*)
|
||||
DEFAULT_SM_MODULE="libsmm-local.3.dylib"
|
||||
DEFAULT_SM_MODULE_PATH="module_path = \$(libdir);"
|
||||
;;
|
||||
*)
|
||||
DEFAULT_SM_MODULE="libsmm-local.so.3"
|
||||
DEFAULT_SM_MODULE_PATH="module_path = \$(libdir);"
|
||||
;;
|
||||
esac
|
||||
AC_DEFINE_UNQUOTED([DEFAULT_SM_MODULE], ["${DEFAULT_SM_MODULE}"], [Default SM module])
|
||||
AC_DEFINE_UNQUOTED([DEFAULT_SM_MODULE_PATH], ["${DEFAULT_SM_MODULE_PATH}"], [Default SM module path])
|
||||
fi
|
||||
|
||||
if test "${enable_openct}" = "yes"; then
|
||||
|
@ -697,7 +707,10 @@ AC_SUBST([OPTIONAL_OPENCT_LIBS])
|
|||
AC_SUBST([OPTIONAL_PCSC_CFLAGS])
|
||||
AC_SUBST([LIBRARY_BITNESS])
|
||||
AC_SUBST([DEFAULT_SM_MODULE])
|
||||
AC_SUBST([DEFAULT_SM_MODULE_PATH])
|
||||
AC_SUBST([DEBUG_FILE])
|
||||
AC_SUBST([PROFILE_DIR])
|
||||
AC_SUBST([PROFILE_DIR_DEFAULT])
|
||||
|
||||
AM_CONDITIONAL([ENABLE_MAN], [test "${enable_man}" = "yes"])
|
||||
AM_CONDITIONAL([ENABLE_ZLIB], [test "${enable_zlib}" = "yes"])
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in $(srcdir)/opensc.conf.win
|
||||
DISTCLEANFILES = opensc.conf opensc.conf.win
|
||||
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
|
||||
DISTCLEANFILES = opensc.conf
|
||||
|
||||
EXTRA_DIST = Makefile.mak
|
||||
|
||||
SUFFIXES = .in
|
||||
|
||||
dist_noinst_DATA = opensc.conf.in opensc.conf.win.in
|
||||
nodist_noinst_DATA = opensc.conf opensc.conf.win # For Windows MSVC build
|
||||
dist_noinst_DATA = opensc.conf.in
|
||||
nodist_noinst_DATA = opensc.conf
|
||||
|
||||
# Make sure we build this every time
|
||||
# as there is no dependency for this.
|
||||
|
@ -18,9 +18,12 @@ opensc.conf: opensc.conf.in force
|
|||
@sed \
|
||||
-e 's|@pkgdatadir[@]|$(pkgdatadir)|g' \
|
||||
-e 's|@libdir[@]|$(libdir)|g' \
|
||||
-e 's|@DEBUG_FILE[@]|$(DEBUG_FILE)|g' \
|
||||
-e 's|@DEFAULT_PCSC_PROVIDER[@]|$(DEFAULT_PCSC_PROVIDER)|g' \
|
||||
-e 's|@DEFAULT_SM_MODULE[@]|$(DEFAULT_SM_MODULE)|g' \
|
||||
-e 's|@DEBUG_FILE[@]|$(DEBUG_FILE)|g' \
|
||||
-e 's|@DEFAULT_SM_MODULE_PATH[@]|$(DEFAULT_SM_MODULE_PATH)|g' \
|
||||
-e 's|@PROFILE_DIR[@]|$(PROFILE_DIR)|g' \
|
||||
-e 's|@PROFILE_DIR_DEFAULT[@]|$(PROFILE_DIR_DEFAULT)|g' \
|
||||
< $< > $@
|
||||
|
||||
install-exec-hook: opensc.conf
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
all: opensc.conf.win
|
||||
|
||||
opensc.conf.win: opensc.conf.win.in
|
||||
copy /y opensc.conf.win.in opensc.conf.win
|
||||
|
||||
clean::
|
||||
del /Q opensc.conf.win
|
||||
|
|
@ -32,9 +32,9 @@ app default {
|
|||
|
||||
# PKCS#15 initialization / personalization
|
||||
# profiles directory for pkcs15-init.
|
||||
# Default: @pkgdatadir@
|
||||
# Default: @PROFILE_DIR_DEFAULT@
|
||||
#
|
||||
# profile_dir = @pkgdatadir@;
|
||||
# profile_dir = @PROFILE_DIR@;
|
||||
|
||||
# Paranoid memory allocation.
|
||||
#
|
||||
|
@ -335,12 +335,11 @@ app default {
|
|||
}
|
||||
|
||||
secure_messaging local_authentic {
|
||||
#path to ans name of external SM module
|
||||
#module_name = @DEFAULT_SM_MODULE@;
|
||||
#module_path = @libdir@;
|
||||
# name of external SM module
|
||||
# module_name = @DEFAULT_SM_MODULE@;
|
||||
# directory with external SM module
|
||||
# Default: defined by windows register
|
||||
# module_path = "";
|
||||
@DEFAULT_SM_MODULE_PATH@
|
||||
|
||||
# specific data to tune the module initialization
|
||||
# module_data = "Here can be your SM module init data";
|
||||
|
@ -363,8 +362,8 @@ app default {
|
|||
|
||||
secure_messaging local_gemalto_iam {
|
||||
module_name = @DEFAULT_SM_MODULE@;
|
||||
module_path = @libdir@;
|
||||
#module_data = "";
|
||||
@DEFAULT_SM_MODULE_PATH@
|
||||
# module_data = "";
|
||||
type = acl; # transmit, acl
|
||||
|
||||
ifd_serial = "11:22:33:44:55:66:77:88";
|
||||
|
@ -382,7 +381,8 @@ app default {
|
|||
|
||||
secure_messaging local_amos {
|
||||
module_name = @DEFAULT_SM_MODULE@;
|
||||
module_path = @libdir@;
|
||||
@DEFAULT_SM_MODULE_PATH@
|
||||
# module_data = "";
|
||||
mode = acl;
|
||||
ifd_serial = "11:22:33:44:55:66:77:88";
|
||||
keyset_02_enc = "ENCROECHANTILLON";
|
||||
|
@ -391,7 +391,8 @@ app default {
|
|||
|
||||
secure_messaging local_amos_eid {
|
||||
module_name = @DEFAULT_SM_MODULE@;
|
||||
module_path = @libdir@;
|
||||
@DEFAULT_SM_MODULE_PATH@
|
||||
# module_data = "";
|
||||
mode = acl;
|
||||
ifd_serial = "11:22:33:44:55:66:77:88";
|
||||
keyset_E828BD080FD2504543432D654944_03_enc = "RW_PUBL_ENC_TEST";
|
||||
|
@ -400,8 +401,8 @@ app default {
|
|||
|
||||
secure_messaging local_adele {
|
||||
module_name = @DEFAULT_SM_MODULE@;
|
||||
module_path = @libdir@;
|
||||
#module_data = "";
|
||||
@DEFAULT_SM_MODULE_PATH@
|
||||
# module_data = "";
|
||||
type = acl; # transmit, acl
|
||||
|
||||
ifd_serial = "11:22:33:44:55:66:77:88";
|
||||
|
|
|
@ -1,684 +0,0 @@
|
|||
# Configuration file for OpenSC
|
||||
# Example configuration file
|
||||
|
||||
# NOTE: All key-value pairs must be terminated by a semicolon.
|
||||
|
||||
# Default values for any application
|
||||
# These can be overridden by an application
|
||||
# specific configuration block.
|
||||
app default {
|
||||
# Amount of debug info to print
|
||||
#
|
||||
# A greater value means more debug info.
|
||||
# Default: 0
|
||||
#
|
||||
debug = 0;
|
||||
|
||||
# The file to which debug output will be written
|
||||
#
|
||||
# Special values 'stdout' and 'stderr' are recognized.
|
||||
# Default: stderr
|
||||
#
|
||||
# debug_file = %TEMP%\opensc-debug.log
|
||||
|
||||
# Re-open debug file (used in WIN32)
|
||||
#
|
||||
# In Windows, file handles can not be shared between DLL-s,
|
||||
# each DLL has a separate file handle table.
|
||||
# For that reason reopen debug file before every debug message.
|
||||
#
|
||||
# Default: true
|
||||
# reopen_debug_file = false;
|
||||
|
||||
# PKCS#15 initialization / personalization
|
||||
# profiles directory for pkcs15-init.
|
||||
# Default: obtained from windows registers
|
||||
#
|
||||
# profile_dir = "";
|
||||
|
||||
# Paranoid memory allocation.
|
||||
#
|
||||
# If set to 'true', then refuse to continue when locking of non-pageable
|
||||
# memory fails. This can cause subtle failures but is more secure when
|
||||
# you have a swap disk.
|
||||
# Default: false
|
||||
#
|
||||
# paranoid_memory = false;
|
||||
|
||||
# Enable default card driver
|
||||
# Default card driver is explicitely enabled for the 'opensc-explorer' and 'opensc-tool'.
|
||||
#
|
||||
# Default: false
|
||||
# enable_default_driver = true;
|
||||
|
||||
# CT-API module configuration.
|
||||
reader_driver ctapi {
|
||||
# module @libdir@/libtowitoko.so {
|
||||
# CT-API ports:
|
||||
# 0..3 COM1..4
|
||||
# 4 Printer
|
||||
# 5 Modem
|
||||
# 6..7 LPT1..2
|
||||
# ports = 0;
|
||||
# }
|
||||
}
|
||||
|
||||
# The following section shows definitions for PC/SC readers.
|
||||
reader_driver pcsc {
|
||||
# Limit command and response sizes.
|
||||
# Default: n/a
|
||||
# max_send_size = 255;
|
||||
# max_recv_size = 256;
|
||||
#
|
||||
# Connect to reader in exclusive mode?
|
||||
# Default: false
|
||||
# connect_exclusive = true;
|
||||
#
|
||||
# What to do when disconnecting from a card (SCardDisconnect)
|
||||
# Valid values: leave, reset, unpower.
|
||||
# Default: reset
|
||||
# disconnect_action = unpower;
|
||||
#
|
||||
# What to do at the end of a transaction (SCardEndTransaction)
|
||||
# Valid values: leave, reset, unpower.
|
||||
# Default: leave
|
||||
# transaction_end_action = reset;
|
||||
#
|
||||
# What to do when reconnection to a card (SCardReconnect)
|
||||
# Valid values: leave, reset, unpower.
|
||||
# Note that this affects only the internal reconnect (after a SCARD_W_RESET_CARD).
|
||||
# A forced reset via sc_reset() always does a full powerup.
|
||||
# Default: leave
|
||||
# reconnect_action = reset;
|
||||
#
|
||||
# Enable pinpad if detected (PC/SC v2.0.2 Part 10)
|
||||
# Default: true
|
||||
# enable_pinpad = false;
|
||||
#
|
||||
# Use specific pcsc provider.
|
||||
# Default: winscard.dll
|
||||
# provider_library = winscard.dll
|
||||
}
|
||||
|
||||
# Options for OpenCT support
|
||||
reader_driver openct {
|
||||
# Virtual readers to allocate.
|
||||
# Default: 2
|
||||
# readers = 5;
|
||||
#
|
||||
# Limit command and response sizes.
|
||||
# Default: n/a
|
||||
# max_send_size = 255;
|
||||
# max_recv_size = 256;
|
||||
};
|
||||
|
||||
# Whitelist of card drivers to load at start-up
|
||||
#
|
||||
# The supported internal card driver names can be retrieved
|
||||
# from the output of:
|
||||
# $ opensc-tool --list-drivers
|
||||
#
|
||||
# A special value of 'internal' will load all
|
||||
# statically linked drivers. If an unknown (ie. not
|
||||
# internal) driver is supplied, a separate configuration
|
||||
# configuration block has to be written for the driver.
|
||||
# Default: internal
|
||||
# NOTE: When "internal" keyword is used, must be last entry
|
||||
#
|
||||
# card_drivers = customcos, internal;
|
||||
|
||||
# Card driver configuration blocks.
|
||||
|
||||
# For card drivers loaded from an external shared library/DLL,
|
||||
# you need to specify the path name of the module
|
||||
#
|
||||
# card_driver customcos {
|
||||
# The location of the driver library
|
||||
# module = @libdir@/card_customcos.so;
|
||||
# }
|
||||
|
||||
# Force using specific card driver
|
||||
#
|
||||
# If this option is present, OpenSC will use the supplied
|
||||
# driver with all inserted cards.
|
||||
#
|
||||
# Default: autodetect
|
||||
#
|
||||
# force_card_driver = customcos;
|
||||
|
||||
# In addition to the built-in list of known cards in the
|
||||
# card driver, you can configure a new card for the driver
|
||||
# using the card_atr block. The goal is to centralize
|
||||
# everything related to a certain card to card_atr.
|
||||
#
|
||||
# The supported internal card driver names can be retrieved
|
||||
# from the output of:
|
||||
# $ opensc-tool --list-drivers
|
||||
|
||||
# Generic format: card_atr <hex encoded ATR (case-sensitive!)>
|
||||
|
||||
# New card entry for the flex card driver
|
||||
# card_atr 3b:f0:0d:ca:fe {
|
||||
# All parameters for the context are
|
||||
# optional unless specified otherwise.
|
||||
|
||||
# Context: global, card driver
|
||||
#
|
||||
# ATR mask value
|
||||
#
|
||||
# The mask is logically AND'd with an
|
||||
# card ATR prior to comparison with the
|
||||
# ATR reference value above. Using mask
|
||||
# allows identifying and configuring
|
||||
# multiple ATRs as the same card model.
|
||||
# atrmask = "ff:ff:ff:ff:ff";
|
||||
|
||||
# Context: card driver
|
||||
#
|
||||
# Specify used card driver (REQUIRED).
|
||||
#
|
||||
# When enabled, overrides all possible
|
||||
# settings from the card drivers built-in
|
||||
# card configuration list.
|
||||
# driver = "flex";
|
||||
|
||||
# Set card name for card drivers that allows it.
|
||||
# name = "My CryptoFlex card";
|
||||
|
||||
# Card type as an integer value.
|
||||
#
|
||||
# Depending on card driver, this allows
|
||||
# tuning the behaviour of the card driver
|
||||
# for your card.
|
||||
# type = "2002";
|
||||
|
||||
# Card flags as an hex value.
|
||||
# Multiple values are OR'd together.
|
||||
#
|
||||
# Depending on card driver, this allows
|
||||
# fine-tuning the capabilities in
|
||||
# the card driver for your card.
|
||||
#
|
||||
# Optionally, some known parameters
|
||||
# can be specified as strings:
|
||||
#
|
||||
# rng - On-board random number source
|
||||
#
|
||||
# flags = "rng", "0x80000000";
|
||||
|
||||
# Enable pkcs11 initialization.
|
||||
# Default: no
|
||||
# pkcs11_enable_InitToken = yes;
|
||||
|
||||
#
|
||||
# Context: PKCS#15 emulation layer
|
||||
#
|
||||
# When using PKCS#15 emulation, force
|
||||
# the emulation driver for specific cards.
|
||||
#
|
||||
# Required for external drivers, but can
|
||||
# be used with built-in drivers, too.
|
||||
# pkcs15emu = "custom";
|
||||
|
||||
#
|
||||
# Context: reader driver
|
||||
#
|
||||
# Force protocol selection for specific cards.
|
||||
# Known parameters: t0, t1, raw
|
||||
# force_protocol = "t0";
|
||||
# }
|
||||
|
||||
# PIV cards need an entry similar to this one:
|
||||
# card_atr 3B:7D:96:00:00:80:31:80:65:B0:83:11:00:AC:83:00:90:00 {
|
||||
# name = "PIV-II";
|
||||
# driver = "piv";
|
||||
# }
|
||||
|
||||
# Estonian ID card and Micardo driver sometimes only play together with T=0
|
||||
# In theory only the 'cold' ATR should be specified, as T=0 will
|
||||
# be the preferred protocol once you boot it up with T=0, but be
|
||||
# paranoid.
|
||||
#
|
||||
# Warm ATR v1
|
||||
card_atr 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
|
||||
force_protocol = t0;
|
||||
}
|
||||
# Cold ATR v1
|
||||
card_atr 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 {
|
||||
force_protocol = t0;
|
||||
}
|
||||
# Warm ATR v2
|
||||
card_atr 3b:5e:11:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
|
||||
force_protocol = t0;
|
||||
}
|
||||
# Cold ATR v2
|
||||
card_atr 3b:de:18:ff:c0:80:b1:fe:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:2b {
|
||||
force_protocol = t0;
|
||||
}
|
||||
# Digi-ID cold ATR. The same card has the same warm ATR as "Cold ATR v1" above
|
||||
# The card is claimed to only support T=0 but in fact (sometimes) works with T=1, even if not advertised in ATR.
|
||||
card_atr 3b:6e:00:00:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
|
||||
force_protocol = t0;
|
||||
}
|
||||
|
||||
# D-Trust cards are also based on micardo and need T=0 for some reason
|
||||
card_atr 3b:ff:94:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:23 {
|
||||
force_protocol = t0;
|
||||
}
|
||||
card_atr 3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6 {
|
||||
force_protocol = t0;
|
||||
}
|
||||
|
||||
# Oberthur's AuthentIC v3.2.2
|
||||
card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:00:70:0A:90:00:8B {
|
||||
type = 11100;
|
||||
driver = "authentic";
|
||||
name = "AuthentIC v3.1";
|
||||
|
||||
# Name of SM configuration sub-section
|
||||
# secure_messaging = local_authentic;
|
||||
}
|
||||
|
||||
# IAS/ECC cards
|
||||
card_atr 3B:7F:96:00:00:00:31:B9:64:40:70:14:10:73:94:01:80:82:90:00 {
|
||||
type = 25001;
|
||||
driver = "iasecc";
|
||||
name = "Gemalto MultiApp IAS/ECC v1.0.1";
|
||||
secure_messaging = local_gemalto_iam;
|
||||
# secure_messaging = local_adele;
|
||||
md_read_only = false;
|
||||
md_supports_X509_enrollment = true;
|
||||
}
|
||||
card_atr 3B:7F:96:00:00:00:31:B8:64:40:70:14:10:73:94:01:80:82:90:00 {
|
||||
type = 25001;
|
||||
driver = "iasecc";
|
||||
name = "Gemalto MultiApp IAS/ECC v1.0.1";
|
||||
secure_messaging = local_gemalto_iam;
|
||||
md_read_only = false;
|
||||
md_supports_X509_enrollment = true;
|
||||
}
|
||||
#card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:08:00:07:90:00:FE {
|
||||
# type = 25002;
|
||||
# driver = "iasecc";
|
||||
# name = "Oberthur IAS/ECC v1.0.1";
|
||||
# # No 'admin' application for this card -- no secure messaging
|
||||
#}
|
||||
#card_atr 3B:7F:18:00:00:00:31:B8:64:50:23:EC:C1:73:94:01:80:82:90:00 {
|
||||
# type = 25003;
|
||||
# driver = "iasecc";
|
||||
# name = "Morpho YpsID S3 IAS/ECC";
|
||||
# # secure_messaging = local_morpho_YpsID_S3;
|
||||
#}
|
||||
#card_atr 3B:DF:96:00:80:31:FE:45:00:31:B8:64:04:1F:EC:C1:73:94:01:80:82:90:00:EC {
|
||||
# type = 25005;
|
||||
# driver = "iasecc";
|
||||
# name = "Morpho MI IAS/ECC v1.0.1";
|
||||
# md_read_only = false;
|
||||
# md_supports_X509_enrollment = true;
|
||||
# secure_messaging = local_morpho_mi;
|
||||
#}
|
||||
card_atr 3B:DF:18:FF:81:91:FE:1F:C3:00:31:B8:64:0C:01:EC:C1:73:94:01:80:82:90:00:B3 {
|
||||
type = 25004;
|
||||
driver = "iasecc";
|
||||
name = "Amos IAS/ECC v1.0.1";
|
||||
md_read_only = false;
|
||||
md_supports_X509_enrollment = true;
|
||||
secure_messaging = local_amos;
|
||||
}
|
||||
card_atr 3B:DC:18:FF:81:91:FE:1F:C3:80:73:C8:21:13:66:01:0B:03:52:00:05:38 {
|
||||
type = 25004;
|
||||
driver = "iasecc";
|
||||
name = "Amos IAS/ECC v1.0.1";
|
||||
md_read_only = false;
|
||||
md_supports_X509_enrollment = true;
|
||||
secure_messaging = local_amos_eid;
|
||||
}
|
||||
|
||||
secure_messaging local_authentic {
|
||||
# name of external SM module
|
||||
# module_name = smm-local.dll;
|
||||
|
||||
# directory with external SM module
|
||||
# Default: defined by windows register
|
||||
# module_path = "";
|
||||
|
||||
# specific data to tune the module initialization
|
||||
# module_data = "Here can be your SM module init data";
|
||||
|
||||
# SM mode:
|
||||
# 'transmit' -- in this mode the procedure to securize an APDU is called by the OpenSC general
|
||||
# APDU transmit procedure.
|
||||
# In this mode all APDUs, except the ones filtered by the card specific procedure,
|
||||
# are securized.
|
||||
# 'acl' -- in this mode APDU are securized only if needed by the ACLs of the command to be executed.
|
||||
#
|
||||
#mode = transmit;
|
||||
|
||||
# SM type specific flags
|
||||
# flags = 0x78; # 0x78 -- level 3, channel 0
|
||||
|
||||
# Default KMC of the GP Card Manager for the Oberthur's Java cards
|
||||
# kmc = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00";
|
||||
}
|
||||
|
||||
secure_messaging local_gemalto_iam {
|
||||
module_name = smm-local.dll;
|
||||
# module_path = "";
|
||||
# module_data = "";
|
||||
type = acl; # transmit, acl
|
||||
|
||||
ifd_serial = "11:22:33:44:55:66:77:88";
|
||||
|
||||
# Keyset values from IAM profiles of the Gemalto IAS/ECC cards
|
||||
keyset_02_enc = "RW_PRIV_ENC_TEST";
|
||||
keyset_02_mac = "RW_PRIV_MAC_TEST";
|
||||
|
||||
keyset_E828BD080FD2504543432D654944_01_enc = "RO_ENC_TEST_KEY_";
|
||||
keyset_E828BD080FD2504543432D654944_01_mac = "RO_MAC_TEST_KEY_";
|
||||
|
||||
keyset_E828BD080FD2504543432D654944_03_enc = "RW_PUBL_ENC_TEST";
|
||||
keyset_E828BD080FD2504543432D654944_03_mac = "RW_PUBL_MAC_TEST";
|
||||
}
|
||||
|
||||
secure_messaging local_amos {
|
||||
module_name = smm-local.dll;
|
||||
# module_path = "";
|
||||
# module_data = "";
|
||||
mode = acl;
|
||||
ifd_serial = "11:22:33:44:55:66:77:88";
|
||||
keyset_02_enc = "ENCROECHANTILLON";
|
||||
keyset_02_mac = "MACROECHANTILLON";
|
||||
}
|
||||
|
||||
secure_messaging local_amos_eid {
|
||||
module_name = smm-local.dll;
|
||||
# module_path = "";
|
||||
# module_data = "";
|
||||
mode = acl;
|
||||
ifd_serial = "11:22:33:44:55:66:77:88";
|
||||
keyset_E828BD080FD2504543432D654944_03_enc = "RW_PUBL_ENC_TEST";
|
||||
keyset_E828BD080FD2504543432D654944_03_mac = "RW_PUBL_MAC_TEST";
|
||||
}
|
||||
|
||||
secure_messaging local_adele {
|
||||
module_name = smm-local.dll;
|
||||
# module_path = "";
|
||||
# module_data = "";
|
||||
type = acl; # transmit, acl
|
||||
|
||||
ifd_serial = "11:22:33:44:55:66:77:88";
|
||||
|
||||
# Keyset values from 'Adele' profiles of the IAS/ECC cards
|
||||
keyset_01_enc = "EMENCECHANTILLON";
|
||||
keyset_01_mac = "EMMACECHANTILLON";
|
||||
|
||||
keyset_02_enc = "AAENCECHANTILLON";
|
||||
keyset_02_mac = "AAMACECHANTILLON";
|
||||
|
||||
keyset_E828BD080FD2500000040301_02_enc = "E2ENCECHANTILLON";
|
||||
keyset_E828BD080FD2500000040301_02_mac = "E2MACECHANTILLON";
|
||||
|
||||
keyset_D2500000044164E86C650101_02_enc = "E1ENCECHANTILLON";
|
||||
keyset_D2500000044164E86C650101_02_mac = "E1MACECHANTILLON";
|
||||
|
||||
keyset_D2500000044164E86C650101_03_enc = "SIENCECHANTILLON";
|
||||
keyset_D2500000044164E86C650101_03_mac = "SIMACECHANTILLON";
|
||||
}
|
||||
|
||||
# Below are the framework specific configuration blocks.
|
||||
|
||||
# PKCS #15
|
||||
framework pkcs15 {
|
||||
# Whether to use the cache files in the user's
|
||||
# home directory.
|
||||
#
|
||||
# At the moment you have to 'teach' the card
|
||||
# to the system by running command: pkcs15-tool -L
|
||||
#
|
||||
# WARNING: Caching shouldn't be used in setuid root
|
||||
# applications.
|
||||
# Default: false
|
||||
# use_file_caching = true;
|
||||
#
|
||||
# Use PIN caching?
|
||||
# Default: true
|
||||
# use_pin_caching = false;
|
||||
#
|
||||
# How many times to use a PIN from cache before re-authenticating it?
|
||||
# Default: 10
|
||||
# pin_cache_counter = 3;
|
||||
#
|
||||
# Older PKCS#11 applications not supporting CKA_ALWAYS_AUTHENTICATE
|
||||
# may need to set this to get signatures to work with some cards.
|
||||
# Default: false
|
||||
# pin_cache_ignore_user_consent = true;
|
||||
#
|
||||
# Enable pkcs15 emulation.
|
||||
# Default: yes
|
||||
# enable_pkcs15_emulation = no;
|
||||
#
|
||||
# Prefer pkcs15 emulation code before
|
||||
# the normal pkcs15 processing.
|
||||
# Some cards (like esteid and pteid) work in emu-only mode,
|
||||
# and do not depend on this option.
|
||||
#
|
||||
# Default: no
|
||||
# try_emulation_first = yes;
|
||||
|
||||
# Enable builtin emulators.
|
||||
# Default: yes
|
||||
# enable_builtin_emulation = no;
|
||||
#
|
||||
# List of the builtin pkcs15 emulators to test
|
||||
# Default: esteid, openpgp, tcos, starcert, itacns, infocamere, postecert, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II;
|
||||
# builtin_emulators = openpgp;
|
||||
|
||||
# additional settings per driver
|
||||
#
|
||||
# For pkcs15 emulators loaded from an external shared
|
||||
# library/DLL, you need to specify the path name of the module
|
||||
# and customize the card_atr example above correctly.
|
||||
#
|
||||
# emulate custom {
|
||||
# The location of the driver library
|
||||
# module = p15emu_custom.dll;
|
||||
# }
|
||||
|
||||
# some additional application parameters:
|
||||
# - type (generic, protected) used to distinguish the common access application
|
||||
# and application for which authentication to perform some operation cannot be
|
||||
# obtained with the common procedures (ex. object creation protected by secure messaging).
|
||||
# Used by PKCS#11 module configurated to expose restricted number of slots.
|
||||
# (for ex. configurated to expose only User PIN slot, User and Sign PINs slots, ...)
|
||||
application E828BD080FD25047656E65726963 {
|
||||
type = generic;
|
||||
model = "ECC Generic PKI";
|
||||
}
|
||||
|
||||
application E828BD080FD2500000040301 {
|
||||
type = generic;
|
||||
model = "Adèle Générique";
|
||||
}
|
||||
|
||||
application E828BD080FD2504543432D654944 {
|
||||
type = protected;
|
||||
model = "ECC eID";
|
||||
}
|
||||
|
||||
application E828BD080FD2500000040201 {
|
||||
type = protected;
|
||||
model = "Adèle Admin-2";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Parameters for the OpenSC PKCS11 module
|
||||
app opensc-pkcs11 {
|
||||
pkcs11 {
|
||||
# Should the module support hotplug of readers as per PKCS#11 v2.20?
|
||||
# This affects slot changes and PC/SC PnP, as v2.11 applications
|
||||
# are not allowed to change the length of the slot list.
|
||||
# Default: true
|
||||
# plug_and_play = false;
|
||||
|
||||
# Maximum Number of virtual slots.
|
||||
# If there are more slots than defined here,
|
||||
# the remaining slots will be hidden from PKCS#11.
|
||||
# Default: 16
|
||||
# max_virtual_slots = 32;
|
||||
|
||||
# Maximum number of slots per smart card.
|
||||
# If the card has fewer keys than defined here,
|
||||
# the remaining number of slots will be empty.
|
||||
# Default: 4
|
||||
# slots_per_card = 2;
|
||||
|
||||
# (max_virtual_slots/slots_per_card) limits the number of readers
|
||||
# that can be used on the system. Default is then 16/4=4 readers.
|
||||
|
||||
# Normally, the pkcs11 module will create
|
||||
# the full number of slots defined above by
|
||||
# num_slots. If there are fewer pins/keys on
|
||||
# the card, the remaining keys will be empty
|
||||
# (and you will be able to create new objects
|
||||
# within them).
|
||||
# Default: true
|
||||
# hide_empty_tokens = false;
|
||||
|
||||
# By default, the OpenSC PKCS#11 module will not lock your card
|
||||
# once you authenticate to the card via C_Login.
|
||||
#
|
||||
# Thus the other users or other applications is not prevented
|
||||
# from connecting to the card and perform crypto operations
|
||||
# (which may be possible because you have already authenticated
|
||||
# with the card). This setting is not very secure.
|
||||
#
|
||||
# Also, if your card is not locked, you can enconter problems
|
||||
# due to limitation of the OpenSC framework, that still is not
|
||||
# thoroughly tested in the multi threads environment.
|
||||
#
|
||||
# Your settings will be more secure if you choose to lock your
|
||||
# card. Nevertheless this behavior is a known violation of PKCS#11
|
||||
# specification. Now once one application has started using your
|
||||
# card with C_Login, no other application can use it, until
|
||||
# the first is done and calls C_Logout or C_Finalize. In the case
|
||||
# of many PKCS#11 application this does not happen until you exit
|
||||
# the application.
|
||||
# Thus it is impossible to use several smart card aware applications
|
||||
# at the same time, e.g. you cannot run both Firefox and Thunderbird at
|
||||
# the same time, if both are configured to use your smart card.
|
||||
#
|
||||
# Default: false
|
||||
# lock_login = true;
|
||||
|
||||
# With this setting disabled, the OpenSC PKCS#11 module will initialize
|
||||
# the slots available when the application calls `C_GetSlotList`. With
|
||||
# this setting enabled, the slots will also get initialized when
|
||||
# C_GetSlotInfo is called.
|
||||
#
|
||||
# This setting is a workaround for Java which does not call
|
||||
# `C_GetSlotList` when configured with a static `slot` instead of
|
||||
# `slotListIndex`.
|
||||
#
|
||||
# Default: true
|
||||
# init_sloppy = false;
|
||||
|
||||
# User PIN unblock style
|
||||
# none: PIN unblock is not possible with PKCS#11 API;
|
||||
# set_pin_in_unlogged_session: C_SetPIN() in unlogged session:
|
||||
# PUK is passed as the 'OldPin' argument of the C_SetPIN() call.
|
||||
# set_pin_in_specific_context: C_SetPIN() in the CKU_SPECIFIC_CONTEXT logged session:
|
||||
# PUK is passed as the 'OldPin' argument of the C_SetPIN() call.
|
||||
# init_pin_in_so_session: C_InitPIN() in CKU_SO logged session:
|
||||
# User PIN 'UNBLOCK' is protected by SOPIN. (PUK == SOPIN).
|
||||
# # Actually this style works only for the PKCS15 contents without SOPIN.
|
||||
# # For those with SOPIN, this mode will be usefull for the cards without
|
||||
# # modes 00 and 01 of ISO command 'RESET RETRY COUNTER'. --vt
|
||||
#
|
||||
# Default: none
|
||||
# user_pin_unblock_style = set_pin_in_unlogged_session;
|
||||
|
||||
# Create slot for unblocking PIN with PUK
|
||||
# This way PKCS#11 API can be used to login with PUK and
|
||||
# change a PIN.
|
||||
# Warning: causes problems with some applications like
|
||||
# firefox and thunderbird. Thus turned off by default
|
||||
#
|
||||
# Default: false
|
||||
# create_puk_slot = true;
|
||||
|
||||
# Report as 'zero' the CKA_ID attribute of CA certificate
|
||||
# For the unknown reason the middleware of the manufacturer of gemalto (axalto, gemplus)
|
||||
# card reports as '0' the CKA_ID of CA cartificates.
|
||||
# Maybe someone else will need it. (Would be nice to know who and what for -- VTA)
|
||||
#
|
||||
# Default: false
|
||||
# zero_ckaid_for_ca_certs = true;
|
||||
|
||||
# List of readers to ignore
|
||||
# If any of the strings listed below is matched (case sensitive) in a reader name,
|
||||
# the reader is ignored by the PKCS#11 module.
|
||||
#
|
||||
# Default: empty
|
||||
# ignored_readers = "CardMan 1021", "SPR 532";
|
||||
|
||||
# Symbolic names of PINs for which slots are created
|
||||
# Card can contain more then one PINs or more then one on-card application with
|
||||
# its own PINs. Normally, to access all of them with the PKCS#11 API a slot has to be
|
||||
# created for all of them. Many slots could be ennoying for some of widely used application,
|
||||
# like FireFox. This configuration parameter allows to select the PINs or on-card application
|
||||
# for which PKCS#11 slot will be created.
|
||||
# Actually recognised following symbolic names:
|
||||
# 'user', 'sign', 'application', all
|
||||
# Only PINs initialised, non-SoPIN, non-unblocking are associated with symbolic name.
|
||||
# 'user' is identified as first global or first local PIN.
|
||||
# 'sign' is identified as second PIN: first local, second global or second local.
|
||||
# 'application' slot created for each on-card application,
|
||||
# even if they use a common global PIN.
|
||||
# 'all' slot created for all non-sopin, non-unblocking PINs,
|
||||
# optionally for PUK (see option 'create_puk_slot')
|
||||
#
|
||||
# Default: all
|
||||
# create_slots_for_pins = "user,sign";
|
||||
# create_slots_for_pins = application;
|
||||
# create_slots_for_pins = "application,sign";
|
||||
#
|
||||
# For the module to simulate the opensc-onepin module behavior the following option
|
||||
# must be set:
|
||||
# create_slots_for_pins = "user"
|
||||
}
|
||||
}
|
||||
|
||||
app onepin-opensc-pkcs11 {
|
||||
pkcs11 {
|
||||
slots_per_card = 1;
|
||||
}
|
||||
}
|
||||
|
||||
# Used by OpenSC.tokend on Mac OS X only.
|
||||
app tokend {
|
||||
# The file to which debug log will be written
|
||||
# Default: /tmp/opensc-tokend.log
|
||||
#
|
||||
# debug_file = /Library/Logs/OpenSC.tokend.log
|
||||
|
||||
framework tokend {
|
||||
# Score for OpenSC.tokend
|
||||
# The tokend with the highest score shall be used.
|
||||
# Default: 300
|
||||
#
|
||||
# score = 10;
|
||||
}
|
||||
}
|
||||
|
||||
# XXX: remove cardmod pseudodriver
|
||||
app cardmod {
|
||||
# cardmod app name use special pcsc reader subset
|
||||
# fix options for this reader driver here.
|
||||
|
||||
reader_driver cardmod {
|
||||
# Enable pinpad if detected (PC/SC v2.0.2 Part 10)
|
||||
# Default: true
|
||||
# enable_pinpad = false;
|
||||
}
|
||||
}
|
|
@ -97,7 +97,7 @@
|
|||
<Directory Id="INSTALLDIR" Name="OpenSC">
|
||||
<!-- opensc.conf sample goes to installation directory -->
|
||||
<Component Id="opensc.conf" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\etc\opensc.conf.win" Name="opensc.conf" KeyPath="yes"/>
|
||||
<File Source="$(var.SOURCE_DIR)\etc\opensc.conf" Name="opensc.conf" KeyPath="yes"/>
|
||||
<!-- -->
|
||||
<RegistryKey Id="OpenscRegs" Root="HKLM" Key="Software\[Manufacturer]\OpenSC" Action="createAndRemoveOnUninstall">
|
||||
<RegistryValue Type="string" Name="ConfigFile" Value="[INSTALLDIR]opensc.conf"/>
|
||||
|
|
Loading…
Reference in New Issue