updated documentation
This commit is contained in:
parent
75f24d2af7
commit
4ecb4b39ac
|
@ -43,7 +43,7 @@ span.errortext {
|
||||||
font-style: italic;
|
font-style: italic;
|
||||||
}
|
}
|
||||||
|
|
||||||
--></style></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book"><div class="titlepage"><div><div><h1 class="title"><a name="idm1"></a>OpenSC Manual Pages: Section 5</h1></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="refentrytitle"><a href="#opensc.conf">opensc.conf</a></span><span class="refpurpose"> — configuration file for OpenSC</span></dt><dt><span class="refentrytitle"><a href="#pkcs15-profile">pkcs15-profile</a></span><span class="refpurpose"> — format of profile for <span class="command"><strong>pkcs15-init</strong></span></span></dt></dl></div><div class="refentry"><a name="opensc.conf"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>opensc.conf — configuration file for OpenSC</p></div><div class="refsect1"><a name="idm13"></a><h2>Description</h2><p>
|
--></style></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book"><div class="titlepage"><div><div><h1 class="title"><a name="id-1"></a>OpenSC Manual Pages: Section 5</h1></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="refentrytitle"><a href="#opensc.conf">opensc.conf</a></span><span class="refpurpose"> — configuration file for OpenSC</span></dt><dt><span class="refentrytitle"><a href="#pkcs15-profile">pkcs15-profile</a></span><span class="refpurpose"> — format of profile for <span class="command"><strong>pkcs15-init</strong></span></span></dt></dl></div><div class="refentry"><a name="opensc.conf"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>opensc.conf — configuration file for OpenSC</p></div><div class="refsect1"><a name="id-1.2.3"></a><h2>Description</h2><p>
|
||||||
OpenSC obtains configuration data from the following sources in the following order
|
OpenSC obtains configuration data from the following sources in the following order
|
||||||
</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>
|
</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>
|
||||||
command-line options
|
command-line options
|
||||||
|
@ -122,7 +122,7 @@ app <em class="replaceable"><code>application</code></em> {
|
||||||
<code class="literal">westcos-tool</code>:
|
<code class="literal">westcos-tool</code>:
|
||||||
Configuration block for OpenSC tools
|
Configuration block for OpenSC tools
|
||||||
</p></li></ul></div><p>
|
</p></li></ul></div><p>
|
||||||
</p></div><div class="refsect1"><a name="idm103"></a><h2>Configuration Options</h2><div class="variablelist"><dl class="variablelist"><dt><a name="debug"></a><span class="term">
|
</p></div><div class="refsect1"><a name="id-1.2.4"></a><h2>Configuration Options</h2><div class="variablelist"><dl class="variablelist"><dt><a name="debug"></a><span class="term">
|
||||||
<code class="option">debug = <em class="replaceable"><code>num</code></em>;</code>
|
<code class="option">debug = <em class="replaceable"><code>num</code></em>;</code>
|
||||||
</span></dt><dd><p>
|
</span></dt><dd><p>
|
||||||
Amount of debug info to print (Default:
|
Amount of debug info to print (Default:
|
||||||
|
@ -153,6 +153,12 @@ app <em class="replaceable"><code>application</code></em> {
|
||||||
<code class="filename">Software\OpenSC
|
<code class="filename">Software\OpenSC
|
||||||
Project\OpenSC\ProfileDir</code> is
|
Project\OpenSC\ProfileDir</code> is
|
||||||
checked.
|
checked.
|
||||||
|
</p></dd><dt><span class="term">
|
||||||
|
<code class="option">disable_colors = <em class="replaceable"><code>bool</code></em>;</code>
|
||||||
|
</span></dt><dd><p>
|
||||||
|
Disable colors of log messages (Default:
|
||||||
|
<code class="literal">false</code> if attached to a console,
|
||||||
|
<code class="literal">true</code> otherwise).
|
||||||
</p></dd><dt><span class="term">
|
</p></dd><dt><span class="term">
|
||||||
<code class="option">disable_popups = <em class="replaceable"><code>bool</code></em>;</code>
|
<code class="option">disable_popups = <em class="replaceable"><code>bool</code></em>;</code>
|
||||||
</span></dt><dd><p>
|
</span></dt><dd><p>
|
||||||
|
@ -176,7 +182,7 @@ app <em class="replaceable"><code>application</code></em> {
|
||||||
default) will load all statically linked drivers.
|
default) will load all statically linked drivers.
|
||||||
</p><p>
|
</p><p>
|
||||||
If an unknown (i.e. not internal or old) driver is
|
If an unknown (i.e. not internal or old) driver is
|
||||||
supplied, a separate configuration configuration
|
supplied, a separate configuration
|
||||||
block has to be written for the driver. A special
|
block has to be written for the driver. A special
|
||||||
value <code class="literal">old</code> will load all
|
value <code class="literal">old</code> will load all
|
||||||
statically linked drivers that may be removed in
|
statically linked drivers that may be removed in
|
||||||
|
@ -227,6 +233,10 @@ app <em class="replaceable"><code>application</code></em> {
|
||||||
<code class="literal">npa</code>: See <a class="xref" href="#npa" title="Configuration Options for German ID Card">the section called “Configuration Options for German ID Card”</a>
|
<code class="literal">npa</code>: See <a class="xref" href="#npa" title="Configuration Options for German ID Card">the section called “Configuration Options for German ID Card”</a>
|
||||||
</p></li><li class="listitem"><p>
|
</p></li><li class="listitem"><p>
|
||||||
<code class="literal">dnie</code>: See <a class="xref" href="#dnie" title="Configuration Options for DNIe">the section called “Configuration Options for DNIe”</a>
|
<code class="literal">dnie</code>: See <a class="xref" href="#dnie" title="Configuration Options for DNIe">the section called “Configuration Options for DNIe”</a>
|
||||||
|
</p></li><li class="listitem"><p>
|
||||||
|
<code class="literal">edo</code>: See <a class="xref" href="#edo" title="Configuration Options for Polish eID Card">the section called “Configuration Options for Polish eID Card”</a>
|
||||||
|
</p></li><li class="listitem"><p>
|
||||||
|
<code class="literal">myeid</code>: See <a class="xref" href="#myeid" title="Configuration Options for MyEID Card">the section called “Configuration Options for MyEID Card”</a>
|
||||||
</p></li><li class="listitem"><p>
|
</p></li><li class="listitem"><p>
|
||||||
Any other value: Configuration block for an externally loaded card driver
|
Any other value: Configuration block for an externally loaded card driver
|
||||||
</p></li></ul></div><p>
|
</p></li></ul></div><p>
|
||||||
|
@ -332,7 +342,7 @@ app <em class="replaceable"><code>application</code></em> {
|
||||||
Parameters for the OpenSC PKCS11 module.
|
Parameters for the OpenSC PKCS11 module.
|
||||||
</p><p>
|
</p><p>
|
||||||
For details see <a class="xref" href="#pkcs11" title="Configuration of PKCS#11">the section called “Configuration of PKCS#11”</a>.
|
For details see <a class="xref" href="#pkcs11" title="Configuration of PKCS#11">the section called “Configuration of PKCS#11”</a>.
|
||||||
</p></dd></dl></div><div class="refsect2"><a name="reader_driver"></a><h3>Configuration of Smart Card Reader Driver</h3><div class="refsect3"><a name="idm330"></a><h4>Configuration Options for all Reader Drivers</h4><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
</p></dd></dl></div><div class="refsect2"><a name="reader_driver"></a><h3>Configuration of Smart Card Reader Driver</h3><div class="refsect3"><a name="id-1.2.4.3.2"></a><h4>Configuration Options for all Reader Drivers</h4><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||||
<code class="option">max_send_size = <em class="replaceable"><code>num</code></em>;</code>
|
<code class="option">max_send_size = <em class="replaceable"><code>num</code></em>;</code>
|
||||||
<code class="option">max_recv_size = <em class="replaceable"><code>num</code></em>;</code>
|
<code class="option">max_recv_size = <em class="replaceable"><code>num</code></em>;</code>
|
||||||
</span></dt><dd><p>
|
</span></dt><dd><p>
|
||||||
|
@ -429,7 +439,27 @@ app <em class="replaceable"><code>application</code></em> {
|
||||||
<code class="option">readers = <em class="replaceable"><code>num</code></em>;</code>
|
<code class="option">readers = <em class="replaceable"><code>num</code></em>;</code>
|
||||||
</span></dt><dd><p>
|
</span></dt><dd><p>
|
||||||
Virtual readers to allocate (Default: <code class="literal">2</code>).
|
Virtual readers to allocate (Default: <code class="literal">2</code>).
|
||||||
</p></dd></dl></div></div></div><div class="refsect2"><a name="npa"></a><h3>Configuration Options for German ID Card</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
</p></dd></dl></div></div></div><div class="refsect2"><a name="myeid"></a><h3>Configuration Options for MyEID Card</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||||
|
<code class="option">disable_hw_pkcs1_padding = <em class="replaceable"><code>bool</code></em>;</code>
|
||||||
|
</span></dt><dd><p>
|
||||||
|
The MyEID card can internally
|
||||||
|
encapsulate the data (hash code)
|
||||||
|
into a DigestInfo ASN.1 structure
|
||||||
|
according to the selected hash
|
||||||
|
algorithm (currently only for SHA1).
|
||||||
|
DigestInfo is padded to RSA key
|
||||||
|
modulus length according to PKCS#1
|
||||||
|
v1.5, block type 01h. Size of the
|
||||||
|
DigestInfo must not exceed 40%
|
||||||
|
of the RSA key modulus length. If
|
||||||
|
this limit is unsatisfactory (for
|
||||||
|
example someone needs RSA 1024
|
||||||
|
with SHA512), the user can disable
|
||||||
|
this feature. In this case, the
|
||||||
|
card driver will do everything
|
||||||
|
necessary before sending the data
|
||||||
|
(hash code) to the card.
|
||||||
|
</p></dd></dl></div></div><div class="refsect2"><a name="npa"></a><h3>Configuration Options for German ID Card</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||||
<code class="option">can = <em class="replaceable"><code>value</code></em>;</code>
|
<code class="option">can = <em class="replaceable"><code>value</code></em>;</code>
|
||||||
</span></dt><dd><p>
|
</span></dt><dd><p>
|
||||||
German ID card requires the CAN to
|
German ID card requires the CAN to
|
||||||
|
@ -478,6 +508,16 @@ app <em class="replaceable"><code>application</code></em> {
|
||||||
<code class="literal">/usr/bin/pinentry</code>).
|
<code class="literal">/usr/bin/pinentry</code>).
|
||||||
Only used if compiled with
|
Only used if compiled with
|
||||||
<code class="option">--enable-dnie-ui</code>
|
<code class="option">--enable-dnie-ui</code>
|
||||||
|
</p></dd></dl></div></div><div class="refsect2"><a name="edo"></a><h3>Configuration Options for Polish eID Card</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||||
|
<code class="option">can = <em class="replaceable"><code>value</code></em>;</code>
|
||||||
|
</span></dt><dd><p>
|
||||||
|
CAN (Card Access Number – 6 digit number
|
||||||
|
printed on the right bottom corner of the
|
||||||
|
front side of the document) is required
|
||||||
|
to establish connection with the card.
|
||||||
|
It might be overwritten by <code class="literal">EDO_CAN</code>
|
||||||
|
environment variable. Currently, it is not
|
||||||
|
possible to set it in any other way.
|
||||||
</p></dd></dl></div></div><div class="refsect2"><a name="card_atr"></a><h3>Configuration based on ATR</h3><p>
|
</p></dd></dl></div></div><div class="refsect2"><a name="card_atr"></a><h3>Configuration based on ATR</h3><p>
|
||||||
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||||
<code class="option">atrmask = <em class="replaceable"><code>hexstring</code></em>;</code>
|
<code class="option">atrmask = <em class="replaceable"><code>hexstring</code></em>;</code>
|
||||||
|
@ -554,10 +594,10 @@ app <em class="replaceable"><code>application</code></em> {
|
||||||
<code class="literal">raw</code>
|
<code class="literal">raw</code>
|
||||||
</p></li></ul></div><p>
|
</p></li></ul></div><p>
|
||||||
</p></dd><dt><span class="term">
|
</p></dd><dt><span class="term">
|
||||||
<code class="option">md_read_only = <em class="replaceable"><code>bool</code></em>;</code>
|
<code class="option">read_only = <em class="replaceable"><code>bool</code></em>;</code>
|
||||||
</span></dt><dd><p>
|
</span></dt><dd><p>
|
||||||
Mark card as read/only card in
|
Mark card as read/only card in
|
||||||
Minidriver/BaseCSP interface
|
PKCS#11/Minidriver/BaseCSP interface
|
||||||
(Default: <code class="literal">false</code>).
|
(Default: <code class="literal">false</code>).
|
||||||
</p></dd><dt><span class="term">
|
</p></dd><dt><span class="term">
|
||||||
<code class="option">md_supports_X509_enrollment = <em class="replaceable"><code>bool</code></em>;</code>
|
<code class="option">md_supports_X509_enrollment = <em class="replaceable"><code>bool</code></em>;</code>
|
||||||
|
@ -724,7 +764,7 @@ app <em class="replaceable"><code>application</code></em> {
|
||||||
</span></dt><dd><p>
|
</span></dt><dd><p>
|
||||||
Where to cache the card's files. The default values are:
|
Where to cache the card's files. The default values are:
|
||||||
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
|
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
|
||||||
<code class="filename"><code class="envar">$XDG_CACHE_HOME</code>/opensc/</code> (if defined)
|
<code class="filename"><code class="envar">$XDG_CACHE_HOME</code>/opensc/</code> (If <code class="envar">$XDG_CACHE_HOME</code> is defined)
|
||||||
</p></li><li class="listitem"><p>
|
</p></li><li class="listitem"><p>
|
||||||
<code class="filename"><code class="envar">$HOME</code>/.cache/opensc/</code> (Unix)
|
<code class="filename"><code class="envar">$HOME</code>/.cache/opensc/</code> (Unix)
|
||||||
</p></li><li class="listitem"><p>
|
</p></li><li class="listitem"><p>
|
||||||
|
@ -755,6 +795,26 @@ app <em class="replaceable"><code>application</code></em> {
|
||||||
<code class="literal">CKA_ALWAYS_AUTHENTICATE</code> may
|
<code class="literal">CKA_ALWAYS_AUTHENTICATE</code> may
|
||||||
need to set this to get signatures to work with
|
need to set this to get signatures to work with
|
||||||
some cards (Default: <code class="literal">false</code>).
|
some cards (Default: <code class="literal">false</code>).
|
||||||
|
</p><p>
|
||||||
|
It is recommended to enable also PIN caching using
|
||||||
|
<code class="literal">use_pin_caching</code> option for OpenSC
|
||||||
|
to be able to provide PIN for the card when needed.
|
||||||
|
</p></dd><dt><span class="term">
|
||||||
|
<code class="option">private_certificate = <em class="replaceable"><code>value</code></em>;</code>
|
||||||
|
</span></dt><dd><p>
|
||||||
|
How to handle a PIN-protected certificate. Known
|
||||||
|
parameters:
|
||||||
|
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
|
||||||
|
<code class="literal">protect</code>: The certificate stays PIN-protected.
|
||||||
|
</p></li><li class="listitem"><p>
|
||||||
|
<code class="literal">declassify</code>: Allow
|
||||||
|
reading the certificate without
|
||||||
|
enforcing verification of the PIN.
|
||||||
|
</p></li><li class="listitem"><p>
|
||||||
|
<code class="literal">ignore</code>: Ignore PIN-protected certificates.
|
||||||
|
</p></li></ul></div><p>
|
||||||
|
(Default: <code class="literal">ignore</code> in Tokend,
|
||||||
|
<code class="literal">protect</code> otherwise).
|
||||||
</p></dd><dt><span class="term">
|
</p></dd><dt><span class="term">
|
||||||
<code class="option">enable_pkcs15_emulation = <em class="replaceable"><code>bool</code></em>;</code>
|
<code class="option">enable_pkcs15_emulation = <em class="replaceable"><code>bool</code></em>;</code>
|
||||||
</span></dt><dd><p>
|
</span></dt><dd><p>
|
||||||
|
@ -856,13 +916,6 @@ app <em class="replaceable"><code>application</code></em> {
|
||||||
Score for <span class="application">OpenSC.tokend</span>
|
Score for <span class="application">OpenSC.tokend</span>
|
||||||
(Default: <code class="literal">300</code>). The tokend with
|
(Default: <code class="literal">300</code>). The tokend with
|
||||||
the highest score shall be used.
|
the highest score shall be used.
|
||||||
</p></dd><dt><span class="term">
|
|
||||||
<code class="option">ignore_private_certificate = <em class="replaceable"><code>bool</code></em>;</code>
|
|
||||||
</span></dt><dd><p>
|
|
||||||
Tokend ignore to read PIN protected certificate
|
|
||||||
that is set
|
|
||||||
<code class="literal">SC_PKCS15_CO_FLAG_PRIVATE</code> flag
|
|
||||||
(Default: <code class="literal">true</code>).
|
|
||||||
</p></dd></dl></div></div><div class="refsect2"><a name="pkcs11"></a><h3>Configuration of PKCS#11</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
</p></dd></dl></div></div><div class="refsect2"><a name="pkcs11"></a><h3>Configuration of PKCS#11</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||||
<code class="option">max_virtual_slots = <em class="replaceable"><code>num</code></em>;</code>
|
<code class="option">max_virtual_slots = <em class="replaceable"><code>num</code></em>;</code>
|
||||||
</span></dt><dd><p>
|
</span></dt><dd><p>
|
||||||
|
@ -1022,7 +1075,7 @@ app <em class="replaceable"><code>application</code></em> {
|
||||||
For the module to simulate the opensc-onepin module
|
For the module to simulate the opensc-onepin module
|
||||||
behavior the following option
|
behavior the following option
|
||||||
<code class="option">create_slots_for_pins = "user";</code>
|
<code class="option">create_slots_for_pins = "user";</code>
|
||||||
</p></dd></dl></div></div></div><div class="refsect1"><a name="idm971"></a><h2>Environment</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
</p></dd></dl></div></div></div><div class="refsect1"><a name="id-1.2.5"></a><h2>Environment</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||||
<code class="envar">OPENSC_CONF</code>
|
<code class="envar">OPENSC_CONF</code>
|
||||||
</span></dt><dd><p>
|
</span></dt><dd><p>
|
||||||
Filename for a user defined configuration file
|
Filename for a user defined configuration file
|
||||||
|
@ -1065,7 +1118,7 @@ app <em class="replaceable"><code>application</code></em> {
|
||||||
</span></dt><dd><p>
|
</span></dt><dd><p>
|
||||||
PIV configuration during initialization with
|
PIV configuration during initialization with
|
||||||
<span class="application">piv-tool</span>.
|
<span class="application">piv-tool</span>.
|
||||||
</p></dd></dl></div></div><div class="refsect1"><a name="idm1012"></a><h2>Files</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
</p></dd></dl></div></div><div class="refsect1"><a name="id-1.2.6"></a><h2>Files</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||||
<code class="filename">/usr/etc/opensc.conf</code>
|
<code class="filename">/usr/etc/opensc.conf</code>
|
||||||
</span></dt><dd><p>
|
</span></dt><dd><p>
|
||||||
System-wide configuration file
|
System-wide configuration file
|
||||||
|
@ -1073,7 +1126,7 @@ app <em class="replaceable"><code>application</code></em> {
|
||||||
<code class="filename">/usr/share/doc/opensc/opensc.conf</code>
|
<code class="filename">/usr/share/doc/opensc/opensc.conf</code>
|
||||||
</span></dt><dd><p>
|
</span></dt><dd><p>
|
||||||
Extended example configuration file
|
Extended example configuration file
|
||||||
</p></dd></dl></div></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="pkcs15-profile"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pkcs15-profile — format of profile for <span class="command"><strong>pkcs15-init</strong></span></p></div><div class="refsect1"><a name="idm1036"></a><h2>Description</h2><p>
|
</p></dd></dl></div></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="pkcs15-profile"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pkcs15-profile — format of profile for <span class="command"><strong>pkcs15-init</strong></span></p></div><div class="refsect1"><a name="id-1.3.3"></a><h2>Description</h2><p>
|
||||||
The <span class="command"><strong>pkcs15-init</strong></span> utility for PKCS #15 smart card
|
The <span class="command"><strong>pkcs15-init</strong></span> utility for PKCS #15 smart card
|
||||||
personalization is controlled via profiles. When starting, it will read two
|
personalization is controlled via profiles. When starting, it will read two
|
||||||
such profiles at the moment, a generic application profile, and a card
|
such profiles at the moment, a generic application profile, and a card
|
||||||
|
@ -1089,10 +1142,10 @@ app <em class="replaceable"><code>application</code></em> {
|
||||||
The card specific profile contains additional information required during
|
The card specific profile contains additional information required during
|
||||||
card initialization, such as location of PIN files, key references etc.
|
card initialization, such as location of PIN files, key references etc.
|
||||||
Profiles currently reside in <code class="filename">@pkgdatadir@</code>
|
Profiles currently reside in <code class="filename">@pkgdatadir@</code>
|
||||||
</p></div><div class="refsect1"><a name="idm1044"></a><h2>Syntax</h2><p>
|
</p></div><div class="refsect1"><a name="id-1.3.4"></a><h2>Syntax</h2><p>
|
||||||
This section should contain information about the profile syntax. Will add
|
This section should contain information about the profile syntax. Will add
|
||||||
this soonishly.
|
this soonishly.
|
||||||
</p></div><div class="refsect1"><a name="idm1047"></a><h2>See also</h2><p>
|
</p></div><div class="refsect1"><a name="id-1.3.5"></a><h2>See also</h2><p>
|
||||||
<span class="citerefentry"><span class="refentrytitle">pkcs15-init</span>(1)</span>,
|
<span class="citerefentry"><span class="refentrytitle">pkcs15-init</span>(1)</span>,
|
||||||
<span class="citerefentry"><span class="refentrytitle">pkcs15-crypt</span>(1)</span>
|
<span class="citerefentry"><span class="refentrytitle">pkcs15-crypt</span>(1)</span>
|
||||||
</p></div></div></div></body></html>
|
</p></div></div></div></body></html>
|
||||||
|
|
1002
doc/tools/tools.html
1002
doc/tools/tools.html
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue