diff --git a/doc/files/files.html b/doc/files/files.html index 49ce0c4e..f536af6e 100644 --- a/doc/files/files.html +++ b/doc/files/files.html @@ -43,7 +43,7 @@ span.errortext { font-style: italic; } - -->
Table of Contents
opensc.conf — configuration file for OpenSC
+ -->
Table of Contents
opensc.conf — configuration file for OpenSC
OpenSC obtains configuration data from the following sources in the following order
command-line options
@@ -122,7 +122,7 @@ app application
{
westcos-tool
:
Configuration block for OpenSC tools
-
debug = num
;
Amount of debug info to print (Default:
@@ -153,6 +153,12 @@ app application
{
Software\OpenSC
Project\OpenSC\ProfileDir
is
checked.
+
disable_colors = bool
;
+
+ Disable colors of log messages (Default:
+ false
if attached to a console,
+ true
otherwise).
disable_popups = bool
;
@@ -176,7 +182,7 @@ app application
{
default) will load all statically linked drivers.
If an unknown (i.e. not internal or old) driver is
- supplied, a separate configuration configuration
+ supplied, a separate configuration
block has to be written for the driver. A special
value old
will load all
statically linked drivers that may be removed in
@@ -227,6 +233,10 @@ app application
{
npa
: See the section called “Configuration Options for German ID Card”
dnie
: See the section called “Configuration Options for DNIe”
+
+ edo
: See the section called “Configuration Options for Polish eID Card”
+
+ myeid
: See the section called “Configuration Options for MyEID Card”
Any other value: Configuration block for an externally loaded card driver
@@ -332,7 +342,7 @@ app application
{
Parameters for the OpenSC PKCS11 module.
For details see the section called “Configuration of PKCS#11”. -
disable_hw_pkcs1_padding = bool
;
+ + The MyEID card can internally + encapsulate the data (hash code) + into a DigestInfo ASN.1 structure + according to the selected hash + algorithm (currently only for SHA1). + DigestInfo is padded to RSA key + modulus length according to PKCS#1 + v1.5, block type 01h. Size of the + DigestInfo must not exceed 40% + of the RSA key modulus length. If + this limit is unsatisfactory (for + example someone needs RSA 1024 + with SHA512), the user can disable + this feature. In this case, the + card driver will do everything + necessary before sending the data + (hash code) to the card. +
can = value
;
German ID card requires the CAN to
@@ -478,6 +508,16 @@ app application
{
/usr/bin/pinentry
).
Only used if compiled with
--enable-dnie-ui
+
can = value
;
+
+ CAN (Card Access Number – 6 digit number
+ printed on the right bottom corner of the
+ front side of the document) is required
+ to establish connection with the card.
+ It might be overwritten by EDO_CAN
+ environment variable. Currently, it is not
+ possible to set it in any other way.
atrmask = hexstring
;
@@ -554,10 +594,10 @@ app application
{
raw
md_read_only = bool
;
+ read_only = bool
;
Mark card as read/only card in
- Minidriver/BaseCSP interface
+ PKCS#11/Minidriver/BaseCSP interface
(Default: false
).
md_supports_X509_enrollment = bool
;
@@ -724,7 +764,7 @@ app application
{
Where to cache the card's files. The default values are:
-
(if defined)
+ $XDG_CACHE_HOME
/opensc/
(If $XDG_CACHE_HOME
/opensc/$XDG_CACHE_HOME
is defined)
(Unix)
$HOME
/.cache/opensc/
@@ -755,6 +795,26 @@ app application
{
CKA_ALWAYS_AUTHENTICATE
may
need to set this to get signatures to work with
some cards (Default: false
).
+
+ It is recommended to enable also PIN caching using
+ use_pin_caching
option for OpenSC
+ to be able to provide PIN for the card when needed.
+
private_certificate = value
;
+ + How to handle a PIN-protected certificate. Known + parameters: +
+ protect
: The certificate stays PIN-protected.
+
+ declassify
: Allow
+ reading the certificate without
+ enforcing verification of the PIN.
+
+ ignore
: Ignore PIN-protected certificates.
+
+ (Default: ignore
in Tokend,
+ protect
otherwise).
enable_pkcs15_emulation = bool
;
@@ -777,7 +837,7 @@ app application
{
builtin_emulators =
emulators
;
List of the builtin pkcs15 emulators to test
- (Default: westcos, openpgp,
+ (Default:
westcos, openpgp,
starcert, tcos, esteid, itacns,
PIV-II, cac, gemsafeGPK, gemsafeV1, actalis,
atrust-acos, tccardos, entersafe, pteid,
@@ -856,13 +916,6 @@ app
application
{
Score for OpenSC.tokend
(Default: 300
). The tokend with
the highest score shall be used.
-
ignore_private_certificate = bool
;
-
- Tokend ignore to read PIN protected certificate
- that is set
- SC_PKCS15_CO_FLAG_PRIVATE
flag
- (Default: true
).
pkcs15-profile — format of profile for pkcs15-init
The pkcs15-init utility for PKCS #15 smart card
personalization is controlled via profiles. When starting, it will read two
such profiles at the moment, a generic application profile, and a card
@@ -1089,10 +1142,10 @@ app application
{
The card specific profile contains additional information required during
card initialization, such as location of PIN files, key references etc.
Profiles currently reside in @pkgdatadir@
-