# Configuration file for OpenSC
# Example configuration file

# NOTE: All key-value pairs must be terminated by a semicolon.

# Default values for any application
# These can be overrided by an application
# specific configuration block.
app default {
	# Amount of debug info to print
	#
	# A greater value means more debug info.
	# Default: 0
	#
	debug = 0;

	# The file to which debug output will be written
	#
	# A special value of 'stdout' is recognized.
	# Default: stdout
	#
	# debug_file = /tmp/opensc-debug.log;

	# The file to which errors will be written
	#
	# A special value of 'stderr' is recognized.
	# Default: stderr
	#
	# error_file = /tmp/opensc-errors.log;

	# What reader drivers to load at start-up
	#
	# A special value of 'internal' will load all
	# statically linked drivers. If an unknown (ie. not
	# internal) driver is supplied, a separate configuration
	# configuration block has to be written for the driver.
	# Default: internal
	#
	# reader_drivers = openct, pcsc, ctapi;

	reader_driver ctapi {
		# module /usr/local/towitoko/lib/libtowitoko.so {
			# CT-API ports:
			# 0..3		COM1..4
			# 4		Printer
			# 5		Modem
			# 6..7		LPT1..2
			# ports = 0;
		# }
	}

	# Define parameters specific to your readers.
	# The following section shows definitions for PC/SC readers,
	# but the same set of variables are applicatable to ctapi and
	# openct readers, simply by using "reader_driver ctapi" and
	# "reader_driver openct", respectively.
	reader_driver pcsc {
		# Whether to transform some APDU's from one case to another
		# Possible values:
		#            none:   Don't transform any APDU's
		#        case4as3:   For T=0, send a case 4 APDU as case 3,
		#                    (no Lc byte) the card will send back
		# 		     a 61xx SW, and we will follow up with a
		#                    GetResponse command
		#                    The SCM SCR111, Sun SCF, and e-gate readers
		#                    seem to require this.
		#        case1as2:   For T=0, send a case 1 APDU as case 2.
		#                    (append an Le byte of 0)
		#                    The Sun SCF and e-gate readers seem to
		#                    require this
		# case1as2_always:   for any T=0/1, send a case 1 APDU as
		#		     case 2.
		#                    The Sun SCF reader may require this
		# Default: none
		#
		apdu_masquerade = none;
		#
		# This sets the maximum send and receive sizes.
		# Some IFD handlers do not properly handle APDUs with
		# large lc or le bytes.
		#
		max_send_size = 252;
		max_recv_size = 252;
	}

	# What card drivers to load at start-up
	#
	# A special value of 'internal' will load all
	# statically linked drivers. If an unknown (ie. not
	# internal) driver is supplied, a separate configuration
	# configuration block has to be written for the driver.
	# Default: internal
	#
	# card_drivers = internal, customcos;

	# Card driver configuration blocks. For card drivers loaded
	# from an external shared library/DLL, you need to specify
	# the path name of the module, and the name of the constructor
	# function.
	# WARNING: this is not implemented yet.
	#
	# For all drivers, you can specify ATRs of cards that
	# should be handled by this driver (in addition to the
	# list of compiled-in ATRs). To do so, specify
	#
	# card_driver foo {
	#	atr = 00:11:22:33:44;
	#	atr = 55:66:77:88:99:aa:bb;
	# }
	#
	# The card driver names are
	#  flex		Cryptoflex/Multiflex
	#  setcos	Setec
	#  etoken	Aladdin eToken and other CardOS based cards
	#  gpk		GPK 4K/8K/16K
	#  mcrd		MICARDO 2
	#  miocos	MioCOS 1.1
	#  openpgp	OpenPGP card
	#  tcos		TCOS 2.0
	#  emv		EMV compatible cards

	# card_driver customcos {
		# The location of the driver library
		#
		# module = /usr/lib/opensc/drivers/card_customcos.so
	# }

	# GPK card driver
	card_driver gpk {
		# atr = 00:11:22;
	}

	# Force using specific card driver
	#
	# If this option is present, OpenSC will use the supplied
	# driver with all inserted cards.
	#
	# Default: autodetect
	#
	# force_card_driver = miocos;

	# Below are the framework specific configuration blocks.

	# PKCS #15
	framework pkcs15 {
		# Whether to use the cache files in the user's
		# home directory.
		#
		# At the moment you have to 'teach' the card to the
		# system by:
		# pkcs15-tool -L
		#
		# WARNING: Caching shouldn't be used in setuid root
		# applications.
		# Default: false
		#
		use_caching = true;
		# Enable pkcs15 emulation
		# Default: yes
		enable_pkcs15_emulation = yes;
		# Try pkcs15 emulation code first (before the normal
		# pkcs15 processing).
		# Default: no
		try_emulation_first = no;
		# Enable builtin emulators
		# Default: yes
		enable_builtin_emulation = yes;
		# list of the builtin pkcs15 emulators to test
		# possible values: esteid, openpgp, netkey, netkey, starcert, infocamere
		builtin_emulators = esteid, openpgp, netkey, netkey, starcert, infocamere;

		# additional pkcs15 emulators (dynamic or builtin with
		# a different atr etc.) 
		# emulate foo {
			# module = builtin;
			# atr = 11:22:33:44;
		#}
	}
}

# For applications that use SCAM (pam_opensc, sia_opensc)
app scam {
	framework pkcs15 {
		use_caching = false;
	}
}

# Parameters for the OpenSC PKCS11 module
app opensc-pkcs11 {
	pkcs11 {
		# Maxmimum number of slots per smart card.
		# If the card has fewer keys than defined here,
		# the remaining number of slots will be empty.
		#
		# Note that there is currently a compile time
		# maximum on the overall number of slots
		# the pkcs11 module is able to handle.
		num_slots = 4;

		# Normally, the pkcs11 module will create
		# the full number of slots defined above by
		# num_slots. If there are fewer pins/keys on
		# the card, the remaining keys will be empty
		# (and you will be able to create new objects
		# within them).
		#
		# Set this option to true to hide these empty
		# slots.
		hide_empty_tokens = false;

		# By default, the OpenSC PKCS#11 module will
		# try to lock this card once you have authenticated
		# to the card via C_Login. This is done so that no
		# other user can connect to the card and perform
		# crypto operations (which may be possible because
		# you have already authenticated with the card).
		#
		# However, this also means that no other application
		# that _you_ run can use the card until your application
		# has done a C_Logout or C_Finalize. In the case of
		# Netscape or Mozilla, this does not happen until
		# you exit the browser.
		lock_login = true;

		# Normally, the pkcs11 module will not cache PINs
		# presented via C_Login. However, some cards
		# may not work properly with OpenSC; for instance
		# when you have two keys on your card that get
		# stored in two different directories.
		#
		# In this case, you can turn on PIN caching by setting
		# cache_pins = true
		#
		# Default: false
		cache_pins = false;

		# Set this value to false if you want to enfore on-card
		# keypair generation
		#
		# Default: true
		soft_keygen_allowed = true;
	}
}

# Parameters for the OpenSC PKCS11-Spy module, that logs all the
# communication between a pkcs11 module and it's calling application:
#    app <--> pkcs11-spy <--> pkcs11 module
app pkcs11-spy {
	spy {
		# Where to log to.
		#
		# By default, the value of the PKCS11SPY_OUTPUT environment
		# variable is used. And if that one isn't defined: stderr
		# is used.
		#
		#output = /tmp/pkcs11-spy.log;

		# Which PKCS11 module to load.
		#
		# By default, the value of the PKCS11SPY environment
		# variable is used. And if that one isn't defined,
		# opensc-pkcs11.so is used.
		#
		#module = opensc-pkcs11.so;
	}
}