Context Navigation

opensc.conf-dist

Revision 2294, 8.2 KB (checked in by aj, 4 years ago)
update trunk: include solaris/* files in tar file, update NEWS with 0.9.6 changes, add profile_dir to solaris/openscc.conf-dist

Line
1	# Configuration file for OpenSC
2	# Example configuration file
3
4	# NOTE: All key-value pairs must be terminated by a semicolon.
5
6	# Default values for any application
7	# These can be overrided by an application
8	# specific configuration block.
9	app default {
10	# Amount of debug info to print
11	#
12	# A greater value means more debug info.
13	# Default: 0
14	#
15	debug = 0;
16
17	# The file to which debug output will be written
18	#
19	# A special value of 'stdout' is recognized.
20	# Default: stdout
21	#
22	# debug_file = /tmp/opensc-debug.log;
23
24	# The file to which errors will be written
25	#
26	# A special value of 'stderr' is recognized.
27	# Default: stderr
28	#
29	# error_file = /tmp/opensc-errors.log;
30
31	# Where to find the *.profile files for pkcs15init;
32
33	profile_dir = /usr/share/opensc;
34
35	# What reader drivers to load at start-up
36	#
37	# A special value of 'internal' will load all
38	# statically linked drivers. If an unknown (ie. not
39	# internal) driver is supplied, a separate configuration
40	# configuration block has to be written for the driver.
41	# Default: internal
42	# NOTE: if "internal" keyword is used, must be the
43	# last entry in reader_drivers list
44	#
45	reader_drivers = openct, pcsc, ctapi;
46
47	reader_driver ctapi {
48	# module /usr/local/towitoko/lib/libtowitoko.so {
49	# CT-API ports:
50	# 0..3 COM1..4
51	# 4 Printer
52	# 5 Modem
53	# 6..7 LPT1..2
54	# ports = 0;
55	# }
56	}
57
58	# Define parameters specific to your readers.
59	# The following section shows definitions for PC/SC readers,
60	# but the same set of variables are applicatable to ctapi and
61	# openct readers, simply by using "reader_driver ctapi" and
62	# "reader_driver openct", respectively.
63	reader_driver pcsc {
64	# Whether to transform some APDU's from one case to another
65	# Possible values:
66	# none: Don't transform any APDU's
67	# case4as3: For T=0, send a case 4 APDU as case 3,
68	# (no Lc byte) the card will send back
69	# a 61xx SW, and we will follow up with a
70	# GetResponse command
71	# The SCM SCR111, Sun SCF, and e-gate readers
72	# seem to require this.
73	# case1as2: For T=0, send a case 1 APDU as case 2.
74	# (append an Le byte of 0)
75	# The Sun SCF and e-gate readers seem to
76	# require this
77	# case1as2_always: for any T=0/1, send a case 1 APDU as
78	# case 2.
79	# The Sun SCF reader may require this
80	# Default: none
81	#
82	apdu_masquerade = none;
83	#
84	# This sets the maximum send and receive sizes.
85	# Some IFD handlers do not properly handle APDUs with
86	# large lc or le bytes.
87	#
88	max_send_size = 252;
89	max_recv_size = 252;
90	#
91	# EXPERIMENTAL: Enable CCID pinpad support
92	# implemented (at least) in the libccid driver.
93	#use_ccid_pin_cmd = true;
94	}
95
96	# What card drivers to load at start-up
97	#
98	# A special value of 'internal' will load all
99	# statically linked drivers. If an unknown (ie. not
100	# internal) driver is supplied, a separate configuration
101	# configuration block has to be written for the driver.
102	# Default: internal
103	# NOTE: When "internal" keyword is used, must be last entry
104	#
105	# card_drivers = customcos, internal;
106
107	# Card driver configuration blocks.
108
109	# For all drivers, you can specify ATRs of cards that
110	# should be handled by this driver (in addition to the
111	# list of compiled-in ATRs).
112	#
113	# The supported internal card driver names are
114	# flex Cryptoflex/Multiflex
115	# setcos Setec
116	# etoken Aladdin eToken and other CardOS based cards
117	# gpk GPK 4K/8K/16K
118	# mcrd MICARDO 2.1
119	# miocos MioCOS 1.1
120	# openpgp OpenPGP card
121	# tcos TCOS 2.0
122	# emv EMV compatible cards
123
124	# GPK card driver additional ATR entry:
125	card_driver gpk {
126	# atr = 00:11:22;
127	}
128
129	# For card drivers loaded from an external shared library/DLL,
130	# you need to specify the path name of the module
131	#
132	# card_driver customcos {
133	# The location of the driver library
134	# module = /usr/lib/opensc/drivers/card_customcos.so;
135	# atr = 00:11:22:33:44;
136	# atr = 55:66:77:88:99:aa:bb;
137	# }
138
139	# Force using specific card driver
140	#
141	# If this option is present, OpenSC will use the supplied
142	# driver with all inserted cards.
143	#
144	# Default: autodetect
145	#
146	# force_card_driver = miocos;
147
148	# Below are the framework specific configuration blocks.
149
150	# PKCS #15
151	framework pkcs15 {
152	# Whether to use the cache files in the user's
153	# home directory.
154	#
155	# At the moment you have to 'teach' the card to the
156	# system by:
157	# pkcs15-tool -L
158	#
159	# WARNING: Caching shouldn't be used in setuid root
160	# applications.
161	# Default: false
162	#
163	use_caching = true;
164	# Enable pkcs15 emulation
165	# Default: yes
166	enable_pkcs15_emulation = yes;
167	# Try pkcs15 emulation code first (before the normal
168	# pkcs15 processing).
169	# Default: no
170	try_emulation_first = no;
171	# Enable builtin emulators
172	# Default: yes
173	enable_builtin_emulation = yes;
174	# list of the builtin pkcs15 emulators to test
175	# possible values: esteid, openpgp, netkey, netkey,
176	# starcert, infocamere, postecert
177	builtin_emulators = esteid, openpgp, netkey, netkey, starcert, infocamere, postecert;
178
179	# additional pkcs15 emulators (dynamic or builtin with
180	# a different atr etc.)
181	# emulate foo {
182	# module = builtin;
183	# atr = 11:22:33:44;
184	#}
185	}
186
187	# Estonian ID card and Micardo driver currently play together with T=0 only.
188	# In theory only the 'cold' ATR should be specified, as T=0 will be the preferred
189	# protocol once you boot it up with T=0, but be paranoid.
190
191	# Generic format: card_atr <hex encoded ATR (case-sensitive!)>
192	# Only parameter currently understood is force_protocol
193	card_atr 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
194	force_protocol = t0;
195	}
196	card_atr 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 {
197	force_protocol = t0;
198	}
199	}
200
201	# For applications that use SCAM (pam_opensc, sia_opensc)
202	app scam {
203	framework pkcs15 {
204	use_caching = false;
205	}
206	}
207
208	# Parameters for the OpenSC PKCS11 module
209	app opensc-pkcs11 {
210	pkcs11 {
211	# Maxmimum number of slots per smart card.
212	# If the card has fewer keys than defined here,
213	# the remaining number of slots will be empty.
214	#
215	# Note that there is currently a compile time
216	# maximum on the overall number of slots
217	# the pkcs11 module is able to handle.
218	num_slots = 4;
219
220	# Normally, the pkcs11 module will create
221	# the full number of slots defined above by
222	# num_slots. If there are fewer pins/keys on
223	# the card, the remaining keys will be empty
224	# (and you will be able to create new objects
225	# within them).
226	#
227	# Set this option to true to hide these empty
228	# slots.
229	hide_empty_tokens = true;
230
231	# By default, the OpenSC PKCS#11 module will
232	# try to lock this card once you have authenticated
233	# to the card via C_Login. This is done so that no
234	# other user can connect to the card and perform
235	# crypto operations (which may be possible because
236	# you have already authenticated with the card).
237	#
238	# However, this also means that no other application
239	# that _you_ run can use the card until your application
240	# has done a C_Logout or C_Finalize. In the case of
241	# Netscape or Mozilla, this does not happen until
242	# you exit the browser.
243	lock_login = true;
244
245	# Normally, the pkcs11 module will not cache PINs
246	# presented via C_Login. However, some cards
247	# may not work properly with OpenSC; for instance
248	# when you have two keys on your card that get
249	# stored in two different directories.
250	#
251	# In this case, you can turn on PIN caching by setting
252	# cache_pins = true
253	#
254	# Default: false
255	cache_pins = false;
256
257	# Set this value to false if you want to enfore on-card
258	# keypair generation
259	#
260	# Default: true
261	soft_keygen_allowed = true;
262	}
263	}
264
265	# Parameters for the OpenSC PKCS11-Spy module, that logs all the
266	# communication between a pkcs11 module and it's calling application:
267	# app <--> pkcs11-spy <--> pkcs11 module
268	app pkcs11-spy {
269	spy {
270	# Where to log to.
271	#
272	# By default, the value of the PKCS11SPY_OUTPUT environment
273	# variable is used. And if that one isn't defined: stderr
274	# is used.
275	#
276	#output = /tmp/pkcs11-spy.log;
277
278	# Which PKCS11 module to load.
279	#
280	# By default, the value of the PKCS11SPY environment
281	# variable is used. And if that one isn't defined,
282	# opensc-pkcs11.so is used.
283	#
284	#module = opensc-pkcs11.so;
285	}
286	}

Note: See TracBrowser for help on using the browser.

Download in other formats:

Original Format