1137 lines
44 KiB
Plaintext
1137 lines
44 KiB
Plaintext
# Configuration file for OpenSC
|
|
# Example configuration file
|
|
|
|
# NOTE: All key-value pairs must be terminated by a semicolon.
|
|
|
|
# Default values for any application
|
|
# These can be overridden by an application
|
|
# specific configuration block.
|
|
app default {
|
|
# Amount of debug info to print
|
|
#
|
|
# A greater value means more debug info.
|
|
# Default: 0
|
|
#
|
|
#debug = 3;
|
|
|
|
# The file to which debug output will be written
|
|
#
|
|
# Special values 'stdout' and 'stderr' are recognized.
|
|
# Default: stderr
|
|
#
|
|
# debug_file = @DEBUG_FILE@
|
|
|
|
# PKCS#15 initialization / personalization
|
|
# profiles directory for pkcs15-init.
|
|
# Default: @PROFILE_DIR_DEFAULT@
|
|
#
|
|
# profile_dir = @PROFILE_DIR@;
|
|
|
|
# Disable pop-ups of built-in GUI
|
|
#
|
|
# Default: false
|
|
# disable_popups = true;
|
|
|
|
# Enable default card driver
|
|
# Default card driver is explicitly enabled for the 'opensc-explorer' and 'opensc-tool'.
|
|
#
|
|
# Default: false
|
|
# enable_default_driver = true;
|
|
|
|
# List of readers to ignore
|
|
# If any of the strings listed below is matched in a reader name (case
|
|
# sensitive, partial matching possible), the reader is ignored by OpenSC.
|
|
# Use `opensc-tool --list-readers` to see all currently connected readers.
|
|
#
|
|
# Default: empty
|
|
# ignored_readers = "CardMan 1021", "SPR 532";
|
|
|
|
# CT-API module configuration.
|
|
reader_driver ctapi {
|
|
# module @LIBDIR@@LIB_PRE@towitoko@DYN_LIB_EXT@ {
|
|
# CT-API ports:
|
|
# 0..3 COM1..4
|
|
# 4 Printer
|
|
# 5 Modem
|
|
# 6..7 LPT1..2
|
|
# ports = 0;
|
|
# }
|
|
}
|
|
|
|
# The following section shows definitions for PC/SC readers.
|
|
reader_driver pcsc {
|
|
# Limit command and response sizes. Some Readers don't propagate their
|
|
# transceive capabilities correctly. max_send_size and max_recv_size
|
|
# allow setting the limits manually, for example to enable extended
|
|
# length capabilities.
|
|
# Default: max_send_size = 255, max_recv_size = 256;
|
|
# max_send_size = 65535;
|
|
# max_recv_size = 65536;
|
|
#
|
|
# Connect to reader in exclusive mode?
|
|
# Default: false
|
|
# connect_exclusive = true;
|
|
#
|
|
# What to do when disconnecting from a card (SCardDisconnect)
|
|
# Valid values: leave, reset, unpower.
|
|
# Default: leave
|
|
# disconnect_action = reset;
|
|
#
|
|
# What to do at the end of a transaction (SCardEndTransaction)
|
|
# Valid values: leave, reset, unpower.
|
|
# Default: leave
|
|
# transaction_end_action = reset;
|
|
#
|
|
# What to do when reconnection to a card (SCardReconnect)
|
|
# Valid values: leave, reset, unpower.
|
|
# Note that this affects only the internal reconnect (after a SCARD_W_RESET_CARD).
|
|
# A forced reset via sc_reset() always does a full powerup.
|
|
# Default: leave
|
|
# reconnect_action = reset;
|
|
#
|
|
# Enable pinpad if detected (PC/SC v2.0.2 Part 10)
|
|
# Default: true
|
|
# enable_pinpad = false;
|
|
#
|
|
# Some pinpad readers can only handle one exact length of the PIN.
|
|
# fixed_pinlength sets this value so that OpenSC expands the padding to
|
|
# this length.
|
|
# Default: 0 (i.e. not fixed)
|
|
# fixed_pinlength = 6;
|
|
#
|
|
# Detect reader capabilities with escape commands (wrapped APDUs with
|
|
# CLA=0xFF as defined by PC/SC pt. 3 and BSI TR-03119, e.g. for getting
|
|
# the UID, escaped PIN commands and the reader's firmware version)
|
|
# Default: false
|
|
# enable_escape = true;
|
|
#
|
|
# Use specific pcsc provider.
|
|
# Default: @DEFAULT_PCSC_PROVIDER@
|
|
# provider_library = @DEFAULT_PCSC_PROVIDER@
|
|
}
|
|
|
|
# Options for OpenCT support
|
|
reader_driver openct {
|
|
# Virtual readers to allocate.
|
|
# Default: 2
|
|
# readers = 5;
|
|
#
|
|
# Limit command and response sizes.
|
|
# Default: n/a
|
|
# max_send_size = 255;
|
|
# max_recv_size = 256;
|
|
}
|
|
|
|
# Options for CryptoTokenKit support
|
|
reader_driver cryptotokenkit {
|
|
# Limit command and response sizes. Some Readers don't propagate their
|
|
# transceive capabilities correctly. max_send_size and max_recv_size
|
|
# allow setting the limits manually, for example to enable extended
|
|
# length capabilities.
|
|
# Default: autodetect
|
|
# max_send_size = 65535;
|
|
# max_recv_size = 65536;
|
|
}
|
|
|
|
# Whitelist of card drivers to load at start-up
|
|
#
|
|
# The supported internal card driver names can be retrieved
|
|
# from the output of:
|
|
# $ opensc-tool --list-drivers
|
|
#
|
|
# A special value of 'old' will load all
|
|
# statically linked drivers that may be removed in the future.
|
|
#
|
|
# A special value of 'internal' will load all
|
|
# statically linked drivers. If an unknown (i.e. not
|
|
# internal) driver is supplied, a separate configuration
|
|
# configuration block has to be written for the driver.
|
|
# Default: internal
|
|
# NOTE: When "internal" keyword is used, must be last entry
|
|
#
|
|
#card_drivers = old, internal;
|
|
|
|
# Card driver configuration blocks.
|
|
|
|
# For card drivers loaded from an external shared library/DLL,
|
|
# you need to specify the path name of the module
|
|
#
|
|
# card_driver customcos {
|
|
# The location of the driver library
|
|
# module = @LIBDIR@@LIB_PRE@card_customcos@DYN_LIB_EXT@;
|
|
# }
|
|
|
|
card_driver npa {
|
|
# German ID card requires the CAN to be verified before QES PIN. This,
|
|
# however, is not part of the PKCS#15 profile of the card. So for
|
|
# verifying the QES PIN we actually need both. The CAN may be given
|
|
# here. If the CAN is not given here, it will be prompted on the
|
|
# command line or on the reader (depending on the reader's
|
|
# capabilities).
|
|
#
|
|
#can = 222222;
|
|
|
|
# QES is only possible with a Comfort Reader (CAT-K), which holds a
|
|
# cryptographic key to authenticate itself as signature terminal (ST).
|
|
# We usually will use the reader's capability to sign the data.
|
|
# However, during development you may specify soft certificates and
|
|
# keys for a ST below.
|
|
# The following example EAC PKI can be found in vicc's example data:
|
|
# https://github.com/frankmorgner/vsmartcard/tree/master/virtualsmartcard/npa-example-data
|
|
#
|
|
#st_dv_certificate = ZZSTDVCA00001.cvcert;
|
|
#st_certificate = ZZSTTERM00001.cvcert;
|
|
#st_key = ZZSTTERM00001.pkcs8;
|
|
}
|
|
|
|
# Configuration block for DNIe
|
|
#
|
|
# Card DNIe has an option to show an extra warning before
|
|
# issuing a signature.
|
|
|
|
card_driver dnie {
|
|
# Disable / enable warning message when performing a
|
|
# signature operation with the DNIe.
|
|
# Only used if compiled with --enable-dnie-ui
|
|
# user_consent_enabled = yes;
|
|
|
|
# Specify the pinentry application to use if warning
|
|
# is configured to be displayed using pinentry.
|
|
# Default: /usr/bin/pinentry
|
|
# Only used if compiled with --enable-dnie-ui
|
|
# user_consent_app = "/usr/bin/pinentry";
|
|
}
|
|
|
|
card_driver edo {
|
|
# CAN is required to establish connection
|
|
# with the card. It might be overridden by
|
|
# EDO_CAN environment variable. Currently,
|
|
# it is not possible to set it in any other way.
|
|
#
|
|
#can = 123456;
|
|
}
|
|
|
|
# In addition to the built-in list of known cards in the
|
|
# card driver, you can configure a new card for the driver
|
|
# using the card_atr block. The goal is to centralize
|
|
# everything related to a certain card to card_atr.
|
|
#
|
|
# The supported internal card driver names can be retrieved
|
|
# from the output of:
|
|
# $ opensc-tool --list-drivers
|
|
|
|
# Generic format: card_atr <hex encoded ATR (case-sensitive!)>
|
|
|
|
# New card entry for the flex card driver
|
|
# card_atr 3b:f0:0d:ca:fe {
|
|
# All parameters for the context are
|
|
# optional unless specified otherwise.
|
|
|
|
# Context: global, card driver
|
|
#
|
|
# ATR mask value
|
|
#
|
|
# The mask is logically AND'd with an
|
|
# card ATR prior to comparison with the
|
|
# ATR reference value above. Using mask
|
|
# allows identifying and configuring
|
|
# multiple ATRs as the same card model.
|
|
# atrmask = "ff:ff:ff:ff:ff";
|
|
|
|
# Context: card driver
|
|
#
|
|
# Specify used card driver (REQUIRED).
|
|
#
|
|
# When enabled, overrides all possible
|
|
# settings from the card drivers built-in
|
|
# card configuration list.
|
|
# driver = "flex";
|
|
|
|
# Set card name for card drivers that allows it.
|
|
# name = "My CryptoFlex card";
|
|
|
|
# Card type as an integer value.
|
|
#
|
|
# Depending on card driver, this allows
|
|
# tuning the behaviour of the card driver
|
|
# for your card.
|
|
# type = "2002";
|
|
|
|
# Card flags as an hex value.
|
|
# Multiple values are OR'd together.
|
|
#
|
|
# Depending on card driver, this allows
|
|
# fine-tuning the capabilities in
|
|
# the card driver for your card.
|
|
#
|
|
# Optionally, some known parameters
|
|
# can be specified as strings:
|
|
#
|
|
# rng - On-board random number source
|
|
# keep_alive - Request the card driver to send a "keep alive" command before each transaction to make sure that the required applet is still selected.
|
|
#
|
|
# flags = "rng", "keep_alive", "0x80000000";
|
|
|
|
#
|
|
# Context: PKCS#15 emulation layer
|
|
#
|
|
# When using PKCS#15 emulation, force
|
|
# the emulation driver for specific cards.
|
|
#
|
|
# Required for external drivers, but can
|
|
# be used with built-in drivers, too.
|
|
# pkcs15emu = "custom";
|
|
|
|
#
|
|
# Context: reader driver
|
|
#
|
|
# Force protocol selection for specific cards.
|
|
# Known parameters: t0, t1, raw
|
|
# force_protocol = "t0";
|
|
|
|
# Context: minidriver
|
|
#
|
|
# read_only: Mark card as read/only card in Minidriver/BaseCSP interface (Default: false)
|
|
# md_supports_X509_enrollment: Indicate X509 enrollment support at Minidriver/BaseCSP interface (Default: false)
|
|
# md_guid_as_id: Use the GUID generated for the key as id in the PKCS#15 structure (Default: false, i.e. auto generated)
|
|
# md_guid_as_label: Use the GUID generated for the key as label in the PKCS#15 structure (Default: false, i.e. no label set)
|
|
# md_supports_container_key_gen: Card allows generating key pairs on the card (Default: false)
|
|
# md_supports_container_key_import: Card allows importing private keys (Default: false)
|
|
#
|
|
# Window title of the PIN pad dialog
|
|
# Default: "Windows Security"
|
|
# md_pinpad_dlg_title = "Title";
|
|
#
|
|
# Filename of the icon for the PIN pad dialog; use "" for no icon
|
|
# Default: Built-in smart card icon
|
|
# md_pinpad_dlg_icon = "";
|
|
#
|
|
# Main instruction of the PIN pad dialog
|
|
# Default: "OpenSC Smart Card Provider"
|
|
# md_pinpad_dlg_main = "Main";
|
|
#
|
|
# Content of the PIN pad dialog for role "user"
|
|
# Default: "Please verify your fingerprint or PIN on the card."
|
|
# md_pinpad_dlg_content_user = "Content User";
|
|
#
|
|
# Content of the PIN pad dialog for role "user+signature"
|
|
# Default: "Please verify your fingerprint or PIN for the digital signature PIN on the card."
|
|
# md_pinpad_dlg_content_user_sign = "Content User+Sign";
|
|
#
|
|
# Content of the PIN pad dialog for role "admin"
|
|
# Default: "Please enter your PIN to unblock the user PIN on the PINPAD."
|
|
# md_pinpad_dlg_content_admin = "Content Admin";
|
|
#
|
|
# Expanded information of the PIN pad dialog
|
|
# Default: "This window will be closed automatically after the PIN has been submitted on the PINPAD (timeout typically after 30 seconds)."
|
|
# md_pinpad_dlg_expanded = "Expanded Information";
|
|
#
|
|
# Allow the user to cancel the PIN pad dialog by not immediately requesting the PIN on the PIN pad
|
|
# Default: false
|
|
# md_pinpad_dlg_enable_cancel = true;
|
|
#
|
|
# Content of the verification of the PIN pad dialog
|
|
# Default: "Automatically request PIN immediately on PIN-Pad"
|
|
# md_pinpad_dlg_verification = "Verification";
|
|
#
|
|
# Time in seconds for the progress bar of the PIN pad dialog to tick. "0" removes the progress bar.
|
|
# Default: 30
|
|
# md_pinpad_dlg_timeout = 0;
|
|
|
|
# Notification title and text when card was inserted
|
|
# Default: "Smart card detected"
|
|
# notify_card_inserted = "inserted title";
|
|
# Default: ATR of the card
|
|
# notify_card_inserted_text = "inserted text";
|
|
#
|
|
# Notification title and text when card was removed
|
|
# Default: "Smart card removed"
|
|
# notify_card_removed = "card removed";
|
|
# Default: Name of smart card reader
|
|
# notify_card_removed_text = "removed text";
|
|
#
|
|
# Notification title and text when PIN was verified
|
|
# Default: "PIN verified"
|
|
# notify_pin_good = "good PIN";
|
|
# Default: "Smart card is unlocked"
|
|
# notify_pin_good_text = "good text";
|
|
#
|
|
# Notification title and text when PIN was wrong
|
|
# Default: "PIN not verified"
|
|
# notify_pin_bad = "bad PIN";
|
|
# Default: "Smart card is locked"
|
|
# notify_pin_bad_text = "bad text";
|
|
# }
|
|
|
|
# Yubikey is known to have the PIV applet and the OpenPGP applet. OpenSC
|
|
# can handle both to access keys and certificates, but only one at a time.
|
|
card_atr 3b:f8:13:00:00:81:31:fe:15:59:75:62:69:6b:65:79:34:d4 {
|
|
name = "Yubikey 4";
|
|
# Select the PKI applet to use ("PIV-II" or "openpgp")
|
|
driver = "PIV-II";
|
|
# Recover from other applications accessing a different applet
|
|
flags = "keep_alive";
|
|
}
|
|
card_atr 3b:fc:13:00:00:81:31:fe:15:59:75:62:69:6b:65:79:4e:45:4f:72:33:e1 {
|
|
name = "Yubikey Neo";
|
|
# Select the PKI applet to use ("PIV-II" or "openpgp")
|
|
driver = "PIV-II";
|
|
# Recover from other applications accessing a different applet
|
|
flags = "keep_alive";
|
|
}
|
|
card_atr 3b:8c:80:01:59:75:62:69:6b:65:79:4e:45:4f:72:33:58 {
|
|
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:00:00";
|
|
name = "Yubikey Neo";
|
|
# Select the PKI applet to use ("PIV-II" or "openpgp")
|
|
driver = "PIV-II";
|
|
# Recover from other applications accessing a different applet
|
|
flags = "keep_alive";
|
|
}
|
|
|
|
# Oberthur's AuthentIC v3.2.2
|
|
card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:00:70:0A:90:00:8B {
|
|
type = 11100;
|
|
driver = "authentic";
|
|
name = "AuthentIC v3.1";
|
|
|
|
# Name of SM configuration sub-section
|
|
# secure_messaging = local_authentic;
|
|
}
|
|
|
|
# IAS/ECC cards
|
|
card_atr 3B:7F:96:00:00:00:31:B9:64:40:70:14:10:73:94:01:80:82:90:00 {
|
|
type = 25001;
|
|
driver = "iasecc";
|
|
name = "Gemalto MultiApp IAS/ECC v1.0.1";
|
|
secure_messaging = local_gemalto_iam;
|
|
# secure_messaging = local_adele;
|
|
read_only = false;
|
|
md_supports_X509_enrollment = true;
|
|
}
|
|
card_atr 3B:7F:96:00:00:00:31:B8:64:40:70:14:10:73:94:01:80:82:90:00 {
|
|
type = 25001;
|
|
driver = "iasecc";
|
|
name = "Gemalto MultiApp IAS/ECC v1.0.1";
|
|
secure_messaging = local_gemalto_iam;
|
|
read_only = false;
|
|
md_supports_X509_enrollment = true;
|
|
}
|
|
#card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:08:00:07:90:00:FE {
|
|
# type = 25002;
|
|
# driver = "iasecc";
|
|
# name = "Oberthur IAS/ECC v1.0.1";
|
|
# # No 'admin' application for this card -- no secure messaging
|
|
#}
|
|
#card_atr 3B:7F:18:00:00:00:31:B8:64:50:23:EC:C1:73:94:01:80:82:90:00 {
|
|
# type = 25003;
|
|
# driver = "iasecc";
|
|
# name = "Morpho YpsID S3 IAS/ECC";
|
|
# # secure_messaging = local_morpho_YpsID_S3;
|
|
#}
|
|
#card_atr 3B:DF:96:00:80:31:FE:45:00:31:B8:64:04:1F:EC:C1:73:94:01:80:82:90:00:EC {
|
|
# type = 25005;
|
|
# driver = "iasecc";
|
|
# name = "Morpho MI IAS/ECC v1.0.1";
|
|
# read_only = false;
|
|
# md_supports_X509_enrollment = true;
|
|
# secure_messaging = local_morpho_mi;
|
|
#}
|
|
card_atr 3B:DF:18:FF:81:91:FE:1F:C3:00:31:B8:64:0C:01:EC:C1:73:94:01:80:82:90:00:B3 {
|
|
type = 25004;
|
|
driver = "iasecc";
|
|
name = "Amos IAS/ECC v1.0.1";
|
|
read_only = false;
|
|
md_supports_X509_enrollment = true;
|
|
secure_messaging = local_amos;
|
|
}
|
|
card_atr 3B:DC:18:FF:81:91:FE:1F:C3:80:73:C8:21:13:66:01:0B:03:52:00:05:38 {
|
|
type = 25004;
|
|
driver = "iasecc";
|
|
name = "Amos IAS/ECC v1.0.1";
|
|
read_only = false;
|
|
md_supports_X509_enrollment = true;
|
|
secure_messaging = local_amos_eid;
|
|
}
|
|
|
|
# SmartCard-HSM with contact-based interface or USB-Stick
|
|
card_atr 3B:FE:18:00:00:81:31:FE:45:80:31:81:54:48:53:4D:31:73:80:21:40:81:07:FA {
|
|
driver = "sc-hsm";
|
|
read_only = false;
|
|
md_supports_X509_enrollment = true;
|
|
md_supports_container_key_gen = true;
|
|
md_guid_as_label = true;
|
|
}
|
|
|
|
# SmartCard-HSM with contact-less interface
|
|
card_atr 3B:8E:80:01:80:31:81:54:48:53:4D:31:73:80:21:40:81:07:18 {
|
|
driver = "sc-hsm";
|
|
read_only = false;
|
|
md_supports_X509_enrollment = true;
|
|
md_supports_container_key_gen = true;
|
|
md_guid_as_label = true;
|
|
}
|
|
|
|
# SmartCard-HSM 4k with contact-based interface or USB-Stick
|
|
card_atr 3b:de:18:ff:81:91:fe:1f:c3:80:31:81:54:48:53:4d:31:73:80:21:40:81:07:1c {
|
|
driver = "sc-hsm";
|
|
read_only = false;
|
|
md_supports_X509_enrollment = true;
|
|
md_supports_container_key_gen = true;
|
|
md_guid_as_label = true;
|
|
}
|
|
|
|
# SmartCard-HSM with fingerprint sensor and PIN pad
|
|
card_atr 3B:80:80:01:01 {
|
|
force_protocol = "t1";
|
|
read_only = true;
|
|
md_supports_X509_enrollment = true;
|
|
md_supports_container_key_gen = true;
|
|
md_guid_as_label = true;
|
|
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
|
|
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
|
|
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
|
|
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
|
|
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
|
|
md_pinpad_dlg_timeout = 30;
|
|
notify_card_inserted = "GoID erkannt";
|
|
notify_card_inserted_text = "";
|
|
notify_card_removed = "GoID entfernt";
|
|
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
|
|
notify_pin_good_text = "GoID ist entsperrt";
|
|
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
|
|
notify_pin_bad_text = "GoID ist gesperrt";
|
|
}
|
|
|
|
# GoID with fingerprint sensor and PIN pad
|
|
card_atr 3B:84:80:01:47:6f:49:44:00 {
|
|
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00";
|
|
driver = "sc-hsm";
|
|
force_protocol = "t1";
|
|
read_only = true;
|
|
md_supports_X509_enrollment = true;
|
|
md_supports_container_key_gen = true;
|
|
md_guid_as_label = true;
|
|
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
|
|
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
|
|
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
|
|
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
|
|
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
|
|
md_pinpad_dlg_timeout = 30;
|
|
notify_card_inserted = "GoID erkannt";
|
|
notify_card_inserted_text = "";
|
|
notify_card_removed = "GoID entfernt";
|
|
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
|
|
notify_pin_good_text = "GoID ist entsperrt";
|
|
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
|
|
notify_pin_bad_text = "GoID ist gesperrt";
|
|
}
|
|
# GoID with fingerprint sensor and PIN pad
|
|
card_atr 3B:85:80:01:47:6f:49:44:00:00 {
|
|
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00";
|
|
driver = "sc-hsm";
|
|
force_protocol = "t1";
|
|
read_only = true;
|
|
md_supports_X509_enrollment = true;
|
|
md_supports_container_key_gen = true;
|
|
md_guid_as_label = true;
|
|
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
|
|
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
|
|
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
|
|
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
|
|
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
|
|
md_pinpad_dlg_timeout = 30;
|
|
notify_card_inserted = "GoID erkannt";
|
|
notify_card_inserted_text = "";
|
|
notify_card_removed = "GoID entfernt";
|
|
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
|
|
notify_pin_good_text = "GoID ist entsperrt";
|
|
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
|
|
notify_pin_bad_text = "GoID ist gesperrt";
|
|
}
|
|
# GoID with fingerprint sensor and PIN pad
|
|
card_atr 3B:86:80:01:47:6f:49:44:00:00:00 {
|
|
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00";
|
|
driver = "sc-hsm";
|
|
force_protocol = "t1";
|
|
read_only = true;
|
|
md_supports_X509_enrollment = true;
|
|
md_supports_container_key_gen = true;
|
|
md_guid_as_label = true;
|
|
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
|
|
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
|
|
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
|
|
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
|
|
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
|
|
md_pinpad_dlg_timeout = 30;
|
|
notify_card_inserted = "GoID erkannt";
|
|
notify_card_inserted_text = "";
|
|
notify_card_removed = "GoID entfernt";
|
|
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
|
|
notify_pin_good_text = "GoID ist entsperrt";
|
|
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
|
|
notify_pin_bad_text = "GoID ist gesperrt";
|
|
}
|
|
# GoID with fingerprint sensor and PIN pad
|
|
card_atr 3B:87:80:01:47:6f:49:44:00:00:00:00 {
|
|
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00";
|
|
driver = "sc-hsm";
|
|
force_protocol = "t1";
|
|
read_only = true;
|
|
md_supports_X509_enrollment = true;
|
|
md_supports_container_key_gen = true;
|
|
md_guid_as_label = true;
|
|
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
|
|
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
|
|
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
|
|
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
|
|
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
|
|
md_pinpad_dlg_timeout = 30;
|
|
notify_card_inserted = "GoID erkannt";
|
|
notify_card_inserted_text = "";
|
|
notify_card_removed = "GoID entfernt";
|
|
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
|
|
notify_pin_good_text = "GoID ist entsperrt";
|
|
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
|
|
notify_pin_bad_text = "GoID ist gesperrt";
|
|
}
|
|
# GoID with fingerprint sensor and PIN pad
|
|
card_atr 3B:88:80:01:47:6f:49:44:00:00:00:00:00 {
|
|
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00";
|
|
driver = "sc-hsm";
|
|
force_protocol = "t1";
|
|
read_only = true;
|
|
md_supports_X509_enrollment = true;
|
|
md_supports_container_key_gen = true;
|
|
md_guid_as_label = true;
|
|
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
|
|
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
|
|
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
|
|
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
|
|
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
|
|
md_pinpad_dlg_timeout = 30;
|
|
notify_card_inserted = "GoID erkannt";
|
|
notify_card_inserted_text = "";
|
|
notify_card_removed = "GoID entfernt";
|
|
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
|
|
notify_pin_good_text = "GoID ist entsperrt";
|
|
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
|
|
notify_pin_bad_text = "GoID ist gesperrt";
|
|
}
|
|
# GoID with fingerprint sensor and PIN pad
|
|
card_atr 3B:89:80:01:47:6f:49:44:00:00:00:00:00:00 {
|
|
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00";
|
|
driver = "sc-hsm";
|
|
force_protocol = "t1";
|
|
read_only = true;
|
|
md_supports_X509_enrollment = true;
|
|
md_supports_container_key_gen = true;
|
|
md_guid_as_label = true;
|
|
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
|
|
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
|
|
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
|
|
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
|
|
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
|
|
md_pinpad_dlg_timeout = 30;
|
|
notify_card_inserted = "GoID erkannt";
|
|
notify_card_inserted_text = "";
|
|
notify_card_removed = "GoID entfernt";
|
|
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
|
|
notify_pin_good_text = "GoID ist entsperrt";
|
|
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
|
|
notify_pin_bad_text = "GoID ist gesperrt";
|
|
}
|
|
# GoID with fingerprint sensor and PIN pad
|
|
card_atr 3B:8A:80:01:47:6f:49:44:00:00:00:00:00:00:00 {
|
|
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00";
|
|
driver = "sc-hsm";
|
|
force_protocol = "t1";
|
|
read_only = true;
|
|
md_supports_X509_enrollment = true;
|
|
md_supports_container_key_gen = true;
|
|
md_guid_as_label = true;
|
|
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
|
|
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
|
|
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
|
|
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
|
|
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
|
|
md_pinpad_dlg_timeout = 30;
|
|
notify_card_inserted = "GoID erkannt";
|
|
notify_card_inserted_text = "";
|
|
notify_card_removed = "GoID entfernt";
|
|
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
|
|
notify_pin_good_text = "GoID ist entsperrt";
|
|
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
|
|
notify_pin_bad_text = "GoID ist gesperrt";
|
|
}
|
|
# GoID with fingerprint sensor and PIN pad
|
|
card_atr 3B:8B:80:01:47:6f:49:44:00:00:00:00:00:00:00:00 {
|
|
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00";
|
|
driver = "sc-hsm";
|
|
force_protocol = "t1";
|
|
read_only = true;
|
|
md_supports_X509_enrollment = true;
|
|
md_supports_container_key_gen = true;
|
|
md_guid_as_label = true;
|
|
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
|
|
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
|
|
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
|
|
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
|
|
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
|
|
md_pinpad_dlg_timeout = 30;
|
|
notify_card_inserted = "GoID erkannt";
|
|
notify_card_inserted_text = "";
|
|
notify_card_removed = "GoID entfernt";
|
|
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
|
|
notify_pin_good_text = "GoID ist entsperrt";
|
|
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
|
|
notify_pin_bad_text = "GoID ist gesperrt";
|
|
}
|
|
# GoID with fingerprint sensor and PIN pad
|
|
card_atr 3B:8C:80:01:47:6f:49:44:00:00:00:00:00:00:00:00:00 {
|
|
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00";
|
|
driver = "sc-hsm";
|
|
force_protocol = "t1";
|
|
read_only = true;
|
|
md_supports_X509_enrollment = true;
|
|
md_supports_container_key_gen = true;
|
|
md_guid_as_label = true;
|
|
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
|
|
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
|
|
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
|
|
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
|
|
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
|
|
md_pinpad_dlg_timeout = 30;
|
|
notify_card_inserted = "GoID erkannt";
|
|
notify_card_inserted_text = "";
|
|
notify_card_removed = "GoID entfernt";
|
|
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
|
|
notify_pin_good_text = "GoID ist entsperrt";
|
|
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
|
|
notify_pin_bad_text = "GoID ist gesperrt";
|
|
}
|
|
|
|
# GoID with fingerprint sensor and PIN pad
|
|
card_atr 3B:8D:80:01:47:6f:49:44:00:00:00:00:00:00:00:00:00:00 {
|
|
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00:00";
|
|
driver = "sc-hsm";
|
|
force_protocol = "t1";
|
|
read_only = true;
|
|
md_supports_X509_enrollment = true;
|
|
md_supports_container_key_gen = true;
|
|
md_guid_as_label = true;
|
|
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
|
|
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
|
|
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
|
|
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
|
|
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
|
|
md_pinpad_dlg_timeout = 30;
|
|
notify_card_inserted = "GoID erkannt";
|
|
notify_card_inserted_text = "";
|
|
notify_card_removed = "GoID entfernt";
|
|
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
|
|
notify_pin_good_text = "GoID ist entsperrt";
|
|
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
|
|
notify_pin_bad_text = "GoID ist gesperrt";
|
|
}
|
|
|
|
# GoID with fingerprint sensor and PIN pad
|
|
card_atr 3B:8E:80:01:47:6f:49:44:00:00:00:00:00:00:00:00:00:00:00 {
|
|
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00:00:00";
|
|
driver = "sc-hsm";
|
|
force_protocol = "t1";
|
|
read_only = true;
|
|
md_supports_X509_enrollment = true;
|
|
md_supports_container_key_gen = true;
|
|
md_guid_as_label = true;
|
|
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
|
|
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
|
|
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
|
|
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
|
|
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
|
|
md_pinpad_dlg_timeout = 30;
|
|
notify_card_inserted = "GoID erkannt";
|
|
notify_card_inserted_text = "";
|
|
notify_card_removed = "GoID entfernt";
|
|
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
|
|
notify_pin_good_text = "GoID ist entsperrt";
|
|
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
|
|
notify_pin_bad_text = "GoID ist gesperrt";
|
|
}
|
|
|
|
# GoID with fingerprint sensor and PIN pad
|
|
card_atr 3B:8F:80:01:47:6f:49:44:00:00:00:00:00:00:00:00:00:00:00:00 {
|
|
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00:00:00:00";
|
|
driver = "sc-hsm";
|
|
force_protocol = "t1";
|
|
read_only = true;
|
|
md_supports_X509_enrollment = true;
|
|
md_supports_container_key_gen = true;
|
|
md_guid_as_label = true;
|
|
md_pinpad_dlg_main = "Fingerabdruck oder PIN eingeben";
|
|
md_pinpad_dlg_content_user = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN auf der Karte.";
|
|
md_pinpad_dlg_content_user_sign = "Bitte verifizieren Sie Ihren Fingarabdruck oder Ihre PIN für die digitale Signatur auf der Karte.";
|
|
md_pinpad_dlg_content_admin = "Bitte geben Sie Ihre PIN zum Entsperren der Nutzer-PIN auf dem PIN-Pad ein.";
|
|
md_pinpad_dlg_expanded = "Dieses Fenster wird automatisch geschlossen, wenn die PIN oder der Fingerabdruck verifiziert wurde (Timeout nach 30 Sekunden). Nutzen Sie das PIN-Pad, um die Eingabe abzubrechen.";
|
|
md_pinpad_dlg_timeout = 30;
|
|
notify_card_inserted = "GoID erkannt";
|
|
notify_card_inserted_text = "";
|
|
notify_card_removed = "GoID entfernt";
|
|
notify_pin_good = "Fingerabdruck bzw. PIN verifiziert";
|
|
notify_pin_good_text = "GoID ist entsperrt";
|
|
notify_pin_bad = "Fingerabdruck bzw. PIN nicht verifiziert";
|
|
notify_pin_bad_text = "GoID ist gesperrt";
|
|
}
|
|
|
|
secure_messaging local_authentic {
|
|
# name of external SM module
|
|
# module_name = @DEFAULT_SM_MODULE@;
|
|
# directory with external SM module
|
|
# Default: @DEFAULT_SM_MODULE_PATH@
|
|
# module_path = @DEFAULT_SM_MODULE_PATH@;
|
|
|
|
# specific data to tune the module initialization
|
|
# module_data = "Here can be your SM module init data";
|
|
|
|
# SM mode:
|
|
# 'transmit' -- in this mode the procedure to securize an APDU is called by the OpenSC general
|
|
# APDU transmit procedure.
|
|
# In this mode all APDUs, except the ones filtered by the card specific procedure,
|
|
# are securized.
|
|
# 'acl' -- in this mode APDU are securized only if needed by the ACLs of the command to be executed.
|
|
#
|
|
#mode = transmit;
|
|
|
|
# SM type specific flags
|
|
# flags = 0x78; # 0x78 -- level 3, channel 0
|
|
|
|
# Default KMC of the GP Card Manager for the Oberthur's Java cards
|
|
# kmc = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00";
|
|
}
|
|
|
|
secure_messaging local_gemalto_iam {
|
|
module_name = @DEFAULT_SM_MODULE@;
|
|
# module_path = @DEFAULT_SM_MODULE_PATH@;
|
|
# module_data = "";
|
|
type = acl; # transmit, acl
|
|
|
|
ifd_serial = "11:22:33:44:55:66:77:88";
|
|
|
|
# Keyset values from IAM profiles of the Gemalto IAS/ECC cards
|
|
keyset_02_enc = "RW_PRIV_ENC_TEST";
|
|
keyset_02_mac = "RW_PRIV_MAC_TEST";
|
|
|
|
keyset_E828BD080FD2504543432D654944_01_enc = "RO_ENC_TEST_KEY_";
|
|
keyset_E828BD080FD2504543432D654944_01_mac = "RO_MAC_TEST_KEY_";
|
|
|
|
keyset_E828BD080FD2504543432D654944_03_enc = "RW_PUBL_ENC_TEST";
|
|
keyset_E828BD080FD2504543432D654944_03_mac = "RW_PUBL_MAC_TEST";
|
|
}
|
|
|
|
secure_messaging local_amos {
|
|
module_name = @DEFAULT_SM_MODULE@;
|
|
# module_path = @DEFAULT_SM_MODULE_PATH@;
|
|
# module_data = "";
|
|
mode = acl;
|
|
ifd_serial = "11:22:33:44:55:66:77:88";
|
|
keyset_02_enc = "ENCROECHANTILLON";
|
|
keyset_02_mac = "MACROECHANTILLON";
|
|
}
|
|
|
|
secure_messaging local_amos_eid {
|
|
module_name = @DEFAULT_SM_MODULE@;
|
|
# module_path = @DEFAULT_SM_MODULE_PATH@;
|
|
# module_data = "";
|
|
mode = acl;
|
|
ifd_serial = "11:22:33:44:55:66:77:88";
|
|
keyset_E828BD080FD2504543432D654944_03_enc = "RW_PUBL_ENC_TEST";
|
|
keyset_E828BD080FD2504543432D654944_03_mac = "RW_PUBL_MAC_TEST";
|
|
}
|
|
|
|
secure_messaging local_adele {
|
|
module_name = @DEFAULT_SM_MODULE@;
|
|
# module_path = @DEFAULT_SM_MODULE_PATH@;
|
|
# module_data = "";
|
|
type = acl; # transmit, acl
|
|
|
|
ifd_serial = "11:22:33:44:55:66:77:88";
|
|
|
|
# Keyset values from 'Adele' profiles of the IAS/ECC cards
|
|
keyset_01_enc = "EMENCECHANTILLON";
|
|
keyset_01_mac = "EMMACECHANTILLON";
|
|
|
|
keyset_02_enc = "AAENCECHANTILLON";
|
|
keyset_02_mac = "AAMACECHANTILLON";
|
|
|
|
keyset_E828BD080FD2500000040301_02_enc = "E2ENCECHANTILLON";
|
|
keyset_E828BD080FD2500000040301_02_mac = "E2MACECHANTILLON";
|
|
|
|
keyset_D2500000044164E86C650101_02_enc = "E1ENCECHANTILLON";
|
|
keyset_D2500000044164E86C650101_02_mac = "E1MACECHANTILLON";
|
|
|
|
keyset_D2500000044164E86C650101_03_enc = "SIENCECHANTILLON";
|
|
keyset_D2500000044164E86C650101_03_mac = "SIMACECHANTILLON";
|
|
}
|
|
|
|
# Below are the framework specific configuration blocks.
|
|
|
|
# PKCS #15
|
|
framework pkcs15 {
|
|
# Whether to use the cache files in the user's
|
|
# home directory.
|
|
#
|
|
# Note: If caching is done by a system process, caching may be placed
|
|
# inaccessible from the user account. Use a global caching directory if
|
|
# you wish to share the cached information.
|
|
#
|
|
# Default: false
|
|
# use_file_caching = true;
|
|
#
|
|
# set a path for caching
|
|
# so you do not use the env variables and for pam_pkcs11
|
|
# (with certificate check) where $HOME is not set
|
|
# Default: path in user home
|
|
# file_cache_dir = /var/lib/opensc/cache
|
|
|
|
# Use PIN caching?
|
|
# Default: true
|
|
# use_pin_caching = false;
|
|
#
|
|
# How many times to use a PIN from cache before re-authenticating it?
|
|
# Default: 10
|
|
# pin_cache_counter = 3;
|
|
#
|
|
# Older PKCS#11 applications not supporting CKA_ALWAYS_AUTHENTICATE
|
|
# may need to set this to get signatures to work with some cards.
|
|
# Default: false
|
|
# It is recommended to enable also use_pin_caching to allow OpenSC
|
|
# to pass the pin to the card when needed.
|
|
# pin_cache_ignore_user_consent = true;
|
|
|
|
# How to handle a PIN-protected certificate
|
|
# Valid values: protect, declassify, ignore.
|
|
# Default: ignore in tokend, protect otherwise
|
|
# private_certificate = declassify;
|
|
|
|
# Enable pkcs15 emulation.
|
|
# Default: yes
|
|
# enable_pkcs15_emulation = no;
|
|
#
|
|
# Prefer pkcs15 emulation code before
|
|
# the normal pkcs15 processing.
|
|
# Some cards (like esteid and pteid) work in emu-only mode,
|
|
# and do not depend on this option.
|
|
#
|
|
# Default: no
|
|
# try_emulation_first = yes;
|
|
|
|
# Enable builtin emulators.
|
|
# Default: yes
|
|
# enable_builtin_emulation = no;
|
|
#
|
|
# List of the builtin pkcs15 emulators to test
|
|
# Default: esteid, openpgp, tcos, starcert, itacns, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II;
|
|
# builtin_emulators = openpgp;
|
|
|
|
# additional settings per driver
|
|
#
|
|
# For pkcs15 emulators loaded from an external shared
|
|
# library/DLL, you need to specify the path name of the module
|
|
# and customize the card_atr example above correctly.
|
|
#
|
|
# emulate custom {
|
|
# The location of the driver library
|
|
# module = @LIBDIR@@LIB_PRE@p15emu_custom@DYN_LIB_EXT@;
|
|
# }
|
|
|
|
# Enable initialization and card recognition in PKCS#11 layer.
|
|
# Default: no
|
|
# pkcs11_enable_InitToken = yes;
|
|
|
|
# some additional application parameters:
|
|
# - type (generic, protected) used to distinguish the common access application
|
|
# and application for which authentication to perform some operation cannot be
|
|
# obtained with the common procedures (ex. object creation protected by secure messaging).
|
|
# Used by PKCS#11 module configured to expose restricted number of slots.
|
|
# (for ex. configured to expose only User PIN slot, User and Sign PINs slots, ...)
|
|
#
|
|
# - disable: do not expose application in PKCS15 framework
|
|
# default 'false'
|
|
application E828BD080FD25047656E65726963 {
|
|
type = generic;
|
|
model = "ECC Generic PKI";
|
|
# disable = true
|
|
}
|
|
|
|
application E828BD080FD2500000040301 {
|
|
type = generic;
|
|
model = "Adèle Générique";
|
|
}
|
|
|
|
application E828BD080FD2504543432D654944 {
|
|
type = protected;
|
|
model = "ECC eID";
|
|
}
|
|
|
|
application E828BD080FD2500000040201 {
|
|
type = protected;
|
|
model = "Adèle Admin-2";
|
|
}
|
|
}
|
|
}
|
|
|
|
# Parameters for the OpenSC PKCS11 module
|
|
app opensc-pkcs11 {
|
|
pkcs11 {
|
|
# Maximum Number of virtual slots.
|
|
# If there are more slots than defined here,
|
|
# the remaining slots will be hidden from PKCS#11.
|
|
# Default: 16
|
|
# max_virtual_slots = 32;
|
|
|
|
# Maximum number of slots per smart card.
|
|
# If the card has fewer keys than defined here,
|
|
# the remaining number of slots will be empty.
|
|
# Default: 4
|
|
# slots_per_card = 2;
|
|
|
|
# (max_virtual_slots/slots_per_card) limits the number of readers
|
|
# that can be used on the system. Default is then 16/4=4 readers.
|
|
|
|
# By default, the OpenSC PKCS#11 module will not lock your card
|
|
# once you authenticate to the card via C_Login.
|
|
#
|
|
# Thus the other users or other applications is not prevented
|
|
# from connecting to the card and perform crypto operations
|
|
# (which may be possible because you have already authenticated
|
|
# with the card). This setting is not very secure.
|
|
#
|
|
# Also, if your card is not locked, you can enconter problems
|
|
# due to limitation of the OpenSC framework, that still is not
|
|
# thoroughly tested in the multi threads environment.
|
|
#
|
|
# Your settings will be more secure if you choose to lock your
|
|
# card. Nevertheless this behavior is a known violation of PKCS#11
|
|
# specification. Now once one application has started using your
|
|
# card with C_Login, no other application can use it, until
|
|
# the first is done and calls C_Logout or C_Finalize. In the case
|
|
# of many PKCS#11 application this does not happen until you exit
|
|
# the application.
|
|
# Thus it is impossible to use several smart card aware applications
|
|
# at the same time, e.g. you cannot run both Firefox and Thunderbird at
|
|
# the same time, if both are configured to use your smart card.
|
|
#
|
|
# Default: false
|
|
# lock_login = true;
|
|
|
|
# By default, interacting with the OpenSC PKCS#11 module may change the
|
|
# state of the token, e.g. whether a user is logged in or not.
|
|
#
|
|
# Thus other users or other applications may change or use the state of
|
|
# the token unknowingly. Other applications may create signatures
|
|
# abusing an existing login or they may logout unnoticed.
|
|
#
|
|
# With this setting enabled the login state of the token is tracked and
|
|
# cached (including the PIN). Every transaction is preceded by
|
|
# restoring the login state. After every transaction a logout is
|
|
# performed. This setting by default also enables `lock_login` (see
|
|
# above) to disable access for other applications during the atomic
|
|
# transactions.
|
|
#
|
|
# Please note that any PIN-pad should be disabled (see `enable_pinpad`
|
|
# above), because the user would have to input his PIN for every
|
|
# transaction.
|
|
#
|
|
# Default: false
|
|
# atomic = true;
|
|
|
|
# With this setting disabled, the OpenSC PKCS#11 module will initialize
|
|
# the slots available when the application calls `C_GetSlotList`. With
|
|
# this setting enabled, the slots will also get initialized when
|
|
# C_GetSlotInfo is called.
|
|
#
|
|
# This setting is a workaround for Java which does not call
|
|
# `C_GetSlotList` when configured with a static `slot` instead of
|
|
# `slotListIndex`.
|
|
#
|
|
# Default: true
|
|
# init_sloppy = false;
|
|
|
|
# User PIN unblock style
|
|
# none: PIN unblock is not possible with PKCS#11 API;
|
|
# set_pin_in_unlogged_session: C_SetPIN() in unlogged session:
|
|
# PUK is passed as the 'OldPin' argument of the C_SetPIN() call.
|
|
# set_pin_in_specific_context: C_SetPIN() in the CKU_SPECIFIC_CONTEXT logged session:
|
|
# PUK is passed as the 'OldPin' argument of the C_SetPIN() call.
|
|
# init_pin_in_so_session: C_InitPIN() in CKU_SO logged session:
|
|
# User PIN 'UNBLOCK' is protected by SOPIN. (PUK == SOPIN).
|
|
# # Actually this style works only for the PKCS15 contents without SOPIN.
|
|
# # For those with SOPIN, this mode will be useful for the cards without
|
|
# # modes 00 and 01 of ISO command 'RESET RETRY COUNTER'. --vt
|
|
#
|
|
# Default: none
|
|
# user_pin_unblock_style = set_pin_in_unlogged_session;
|
|
|
|
# Create slot for unblocking PIN with PUK
|
|
# This way PKCS#11 API can be used to login with PUK and
|
|
# change a PIN.
|
|
# Warning: causes problems with some applications like
|
|
# firefox and thunderbird. Thus turned off by default
|
|
#
|
|
# Default: false
|
|
# create_puk_slot = true;
|
|
|
|
# Symbolic names of PINs for which slots are created
|
|
# Card can contain more then one PINs or more then one on-card application with
|
|
# its own PINs. Normally, to access all of them with the PKCS#11 API a slot has to be
|
|
# created for all of them. Many slots could be ennoying for some of widely used application,
|
|
# like FireFox. This configuration parameter allows one to select the PIN(s)
|
|
# for which PKCS#11 slot will be created.
|
|
# Actually recognised following symbolic names:
|
|
# 'user', 'sign', 'all'
|
|
# Only PINs initialised, non-SoPIN, non-unblocking are associated with symbolic name.
|
|
# 'user' is identified as first global or first local PIN.
|
|
# 'sign' is identified as second PIN: first local, second global or second local.
|
|
# 'all' slot created for all non-sopin, non-unblocking PINs,
|
|
# optionally for PUK (see option 'create_puk_slot')
|
|
#
|
|
# Default: all
|
|
# create_slots_for_pins = "user,sign";
|
|
# create_slots_for_pins = "sign";
|
|
#
|
|
# For the module to simulate the opensc-onepin module behavior the following option
|
|
# must be set:
|
|
# create_slots_for_pins = "user"
|
|
}
|
|
}
|
|
|
|
app onepin-opensc-pkcs11 {
|
|
pkcs11 {
|
|
slots_per_card = 1;
|
|
}
|
|
}
|
|
|
|
# Used by OpenSC.tokend on Mac OS X only
|
|
app tokend {
|
|
# The file to which debug log will be written
|
|
# Default: /tmp/opensc-tokend.log
|
|
#
|
|
# debug_file = /Library/Logs/OpenSC.tokend.log
|
|
|
|
framework tokend {
|
|
# Score for OpenSC.tokend
|
|
# The tokend with the highest score shall be used.
|
|
# Default: 300
|
|
#
|
|
# score = 10;
|
|
|
|
# Tokend ignore to read PIN protected certificate that is set SC_PKCS15_CO_FLAG_PRIVATE flag.
|
|
# Default: true
|
|
#
|
|
# ignore_private_certificate = false;
|
|
}
|
|
}
|
|
|
|
# Used by OpenSC minidriver on Windows only
|
|
app cardmod {
|
|
}
|