Context Navigation

NB! This project is outdated and unmaintained, please refer to the OpenSC WindowsInstaller instead!

source: trunk/opensc.conf @ 79

Revision 79, 10.1 KB checked in by aj, 5 years ago (diff)
Update to current opensc conf file (trunk/0.11.3).

Line
1	# Configuration file for OpenSC
2	# Example configuration file
3
4	# NOTE: All key-value pairs must be terminated by a semicolon.
5
6	# Default values for any application
7	# These can be overridden by an application
8	# specific configuration block.
9	app default {
10	# Amount of debug info to print
11	#
12	# A greater value means more debug info.
13	# Default: 0
14	#
15	debug = 0;
16
17	# The file to which debug output will be written
18	#
19	# A special value of 'stdout' is recognized.
20	# Default: stdout
21	#
22	# debug_file = "C:\Documents and Settings\All Users\Documents\opensc-debug.log";
23
24	# The file to which errors will be written
25	#
26	# A special value of 'stderr' is recognized.
27	# Default: stderr
28	#
29	# error_file = "C:\Documents and Settings\All Users\Documents\opensc-errors.log";
30
31	# PKCS#15 initialization / personalization
32	# profiles directory for pkcs15-init.
33
34	profile_dir = PKGDATADIR;
35
36	# What reader drivers to load at start-up
37	#
38	# A special value of 'internal' will load all
39	# statically linked drivers. If an unknown (ie. not
40	# internal) driver is supplied, a separate configuration
41	# configuration block has to be written for the driver.
42	# Default: internal
43	# NOTE: if "internal" keyword is used, must be the
44	# last entry in reader_drivers list
45	#
46	# reader_drivers = pcsc, ctapi;
47
48	reader_driver ctapi {
49	# module /usr/local/towitoko/lib/libtowitoko.so {
50	# CT-API ports:
51	# 0..3 COM1..4
52	# 4 Printer
53	# 5 Modem
54	# 6..7 LPT1..2
55	# ports = 0;
56	# }
57	}
58
59	# Define parameters specific to your readers.
60	# The following section shows definitions for PC/SC readers,
61	# but the same set of variables are applicable to ctapi and
62	# openct readers, simply by using "reader_driver ctapi" and
63	# "reader_driver openct", respectively.
64	reader_driver pcsc {
65	# This sets the maximum send and receive sizes.
66	# Some reader drivers have limitations, so you need
67	# to set these values. For usb devices check the
68	# properties with lsusb -vv for dwMaxIFSD
69	#
70	#max_send_size = 252;
71	#max_recv_size = 252;
72
73	# Connect to reader in exclusive mode.
74	# Default: false
75	# connect_exclusive = true;
76	#
77	# Reset the card after disconnect.
78	# Default: true
79	# connect_reset = false;
80	#
81	# Reset the card after each transaction.
82	# Default: false
83	# transaction_reset = true;
84	#
85	# Enable pinpad if detected (PC/SC v2.0.2 Part 10)
86	# Default: false
87	# enable_pinpad = true;
88	}
89
90	# What card drivers to load at start-up
91	#
92	# A special value of 'internal' will load all
93	# statically linked drivers. If an unknown (ie. not
94	# internal) driver is supplied, a separate configuration
95	# configuration block has to be written for the driver.
96	# Default: internal
97	# NOTE: When "internal" keyword is used, must be last entry
98	#
99	# card_drivers = customcos, internal;
100
101	# Card driver configuration blocks.
102
103	# For card drivers loaded from an external shared library/DLL,
104	# you need to specify the path name of the module
105	#
106	# card_driver customcos {
107	# The location of the driver library
108	# module = /usr/lib/opensc/drivers/card_customcos.so;
109	# }
110
111	# Force using specific card driver
112	#
113	# If this option is present, OpenSC will use the supplied
114	# driver with all inserted cards.
115	#
116	# Default: autodetect
117	#
118	# force_card_driver = customcos;
119
120	# In addition to the built-in list of known cards in the
121	# card driver, you can configure a new card for the driver
122	# using the card_atr block. The goal is to centralize
123	# everything related to a certain card to card_atr.
124	#
125	# The supported internal card driver names are
126	# etoken Aladdin eToken and other Siemens CardOS cards
127	# flex Schlumberger Multiflex/Cryptoflex
128	# cyberflex Schlumberger Cyberflex
129	# gpk Gemplus GPK
130	# miocos MioCOS 1.1
131	# mcrd MICARDO 2.1
132	# setcos Setec cards
133	# starcos STARCOS SPK 2.3
134	# tcos TCOS 2.0
135	# openpgp OpenPGP card
136	# jcop JCOP cards with BlueZ PKCS#15 applet
137	# oberthur Oberthur AuthentIC.v2/CosmopolIC.v4
138	# belpic Belpic cards
139	# emv EMV compatible cards
140	# piv U.S. NIST 800-73-1 PIV
141
142	# Generic format: card_atr <hex encoded ATR (case-sensitive!)>
143
144	# New card entry for the flex card driver
145	# card_atr 3b:f0:0d:ca:fe {
146	# All parameters for the context are
147	# optional unless specified otherwise.
148
149	# Context: global, card driver
150	#
151	# ATR mask value
152	#
153	# The mask is logically AND'd with an
154	# card ATR prior to comparison with the
155	# ATR reference value above. Using mask
156	# allows identifying and configuring
157	# multiple ATRs as the same card model.
158	# atrmask = "ff:ff:ff:ff:ff";
159
160	# Context: card driver
161	#
162	# Specify used card driver (REQUIRED).
163	#
164	# When enabled, overrides all possible
165	# settings from the card drivers built-in
166	# card configuration list.
167	# driver = "flex";
168
169	# Set card name for card drivers that allows it.
170	# name = "My CryptoFlex card";
171
172	# Card type as an integer value.
173	#
174	# Depending on card driver, this allows
175	# tuning the behaviour of the card driver
176	# for your card.
177	# type = "2002";
178
179	# Card flags as an hex value.
180	# Multiple values are OR'd together.
181	#
182	# Depending on card driver, this allows
183	# fine-tuning the capabilities in
184	# the card driver for your card.
185	#
186	# Optionally, some known parameters
187	# can be specified as strings:
188	#
189	# keygen - On-board key generation capability
190	# rng - On-board random number source
191	#
192	# flags = "keygen", "rng", "0x80000000";
193
194	#
195	# Context: PKCS#15 emulation layer
196	#
197	# When using PKCS#15 emulation, force
198	# the emulation driver for specific cards.
199	#
200	# Required for external drivers, but can
201	# be used with built-in drivers, too.
202	# pkcs15emu = "custom";
203
204	#
205	# Context: reader driver
206	#
207	# Force protocol selection for specific cards.
208	# Known parameters: t0, t1, raw
209	# force_protocol = "t0";
210	# }
211
212	# PIV cards need an entry similar to this one:
213	# card_atr 3B:7D:96:00:00:80:31:80:65:B0:83:11:00:AC:83:00:90:00 {
214	# name = "PIV-II";
215	# driver = "piv";
216	# }
217
218	# Estonian ID card and Micardo driver currently play together with T=0
219	# only. In theory only the 'cold' ATR should be specified, as T=0 will
220	# be the preferred protocol once you boot it up with T=0, but be
221	# paranoid.
222	card_atr 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
223	force_protocol = t0;
224	}
225	card_atr 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 {
226	force_protocol = t0;
227	}
228
229	# D-Trust cards are also based on micardo and need T=0 for some reason
230	card_atr 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 {
231	force_protocol = t0;
232	}
233	card_atr 3b:ff:94:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:23 {
234	force_protocol = t0;
235	}
236	card_atr 3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6 {
237	force_protocol = t0;
238	}
239
240	# Below are the framework specific configuration blocks.
241
242	# PKCS #15
243	framework pkcs15 {
244	# Whether to use the cache files in the user's
245	# home directory.
246	#
247	# At the moment you have to 'teach' the card
248	# to the system by running command: pkcs15-tool -L
249	#
250	# WARNING: Caching shouldn't be used in setuid root
251	# applications.
252	# Default: false
253	#
254	use_caching = true;
255	# Enable pkcs15 emulation.
256	# Default: yes
257	# enable_pkcs15_emulation = no;
258	# Prefer pkcs15 emulation code before
259	# the normal pkcs15 processing.
260	# Default: no
261	# try_emulation_first = yes;
262	# Enable builtin emulators.
263	# Default: yes
264	# enable_builtin_emulation = yes;
265	# list of the builtin pkcs15 emulators to test
266	builtin_emulators = esteid, openpgp, tcos, starcert, infocamere, postecert, actalis, atrust-acos, gemsafe, tccardos, PIV-II;
267
268	# additional settings per driver
269	#
270	# For pkcs15 emulators loaded from an external shared
271	# library/DLL, you need to specify the path name of the module
272	# and customize the card_atr example above correctly.
273	#
274	# emulate custom {
275	# The location of the driver library
276	# module = /usr/lib/opensc/drivers/p15emu_custom.so;
277	# }
278	}
279	}
280
281	# Parameters for the OpenSC PKCS11 module
282	app opensc-pkcs11 {
283	pkcs11 {
284	# Maximum number of slots per smart card.
285	# If the card has fewer keys than defined here,
286	# the remaining number of slots will be empty.
287	#
288	# Note that there is currently a compile time
289	# maximum on the overall number of slots
290	# the pkcs11 module is able to handle.
291	num_slots = 4;
292
293	# Normally, the pkcs11 module will create
294	# the full number of slots defined above by
295	# num_slots. If there are fewer pins/keys on
296	# the card, the remaining keys will be empty
297	# (and you will be able to create new objects
298	# within them).
299	#
300	# Set this option to true to hide these empty
301	# slots.
302	hide_empty_tokens = yes;
303
304	# By default, the OpenSC PKCS#11 module will
305	# try to lock this card once you have authenticated
306	# to the card via C_Login. This is done so that no
307	# other user can connect to the card and perform
308	# crypto operations (which may be possible because
309	# you have already authenticated with the card).
310	#
311	# However, this also means that no other application
312	# that _you_ run can use the card until your application
313	# has done a C_Logout or C_Finalize. In the case of
314	# Netscape or Mozilla, this does not happen until
315	# you exit the browser.
316	# Default: false
317	# lock_login = true;
318
319	# Normally, the pkcs11 module will not cache PINs
320	# presented via C_Login. However, some cards
321	# may not work properly with OpenSC; for instance
322	# when you have two keys on your card that get
323	# stored in two different directories.
324	#
325	# In this case, you can turn on PIN caching by setting
326	# cache_pins = true
327	#
328	# Default: true
329	# cache_pins = false;
330
331	# Set this value to false if you want to enforce on-card
332	# keypair generation
333	#
334	# Default: true
335	# soft_keygen_allowed = false;
336	}
337	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format