chilidog.highland.cc.ks.us

home *** CD-ROM | disk | FTP | other *** search

/ chilidog.highland.cc.ks.us / chilidog.highland.cc.ks.us.zip / chilidog.highland.cc.ks.us / backup / bradford.20110502.etc.tar.gz / bradford.20110502.etc.tar / etc / opensc.conf < prev next >

Wrap

Text File | 2006-05-02 | 8KB | 282 lines

# Configuration file for OpenSC # Example configuration file # NOTE: All key-value pairs must be terminated by a semicolon. # Default values for any application # These can be overrided by an application # specific configuration block. app default { # Amount of debug info to print # # A greater value means more debug info. # Default: 0 # debug = 0; # The file to which debug output will be written # # A special value of 'stdout' is recognized. # Default: stdout # # debug_file = /tmp/opensc-debug.log; # The file to which errors will be written # # A special value of 'stderr' is recognized. # Default: stderr # # error_file = /tmp/opensc-errors.log; # Where to find the *.profile files for pkcs15init; profile_dir = /usr/share/opensc; # What reader drivers to load at start-up # # A special value of 'internal' will load all # statically linked drivers. If an unknown (ie. not # internal) driver is supplied, a separate configuration # configuration block has to be written for the driver. # Default: internal # NOTE: if "internal" keyword is used, must be the # last entry in reader_drivers list # # reader_drivers = openct, pcsc, ctapi; reader_driver ctapi { # module /usr/local/towitoko/lib/libtowitoko.so { # CT-API ports: # 0..3 COM1..4 # 4 Printer # 5 Modem # 6..7 LPT1..2 # ports = 0; # } } # Define parameters specific to your readers. # The following section shows definitions for PC/SC readers, # but the same set of variables are applicatable to ctapi and # openct readers, simply by using "reader_driver ctapi" and # "reader_driver openct", respectively. reader_driver pcsc { # Whether to transform some APDU's from one case to another # Possible values: # none: Don't transform any APDU's # case4as3: For T=0, send a case 4 APDU as case 3, # (no Lc byte) the card will send back # a 61xx SW, and we will follow up with a # GetResponse command # The SCM SCR111, Sun SCF, and e-gate readers # seem to require this. # case1as2: For T=0, send a case 1 APDU as case 2. # (append an Le byte of 0) # The Sun SCF and e-gate readers seem to # require this # case1as2_always: for any T=0/1, send a case 1 APDU as # case 2. # The Sun SCF reader may require this # Default: none # apdu_masquerade = none; # # This sets the maximum send and receive sizes. # Some IFD handlers do not properly handle APDUs with # large lc or le bytes. # max_send_size = 252; max_recv_size = 252; } # What card drivers to load at start-up # # A special value of 'internal' will load all # statically linked drivers. If an unknown (ie. not # internal) driver is supplied, a separate configuration # configuration block has to be written for the driver. # Default: internal # NOTE: When "internal" keyword is used, must be last entry # # card_drivers = customcos, internal; # Card driver configuration blocks. # For all drivers, you can specify ATRs of cards that # should be handled by this driver (in addition to the # list of compiled-in ATRs). # # The supported internal card driver names are # flex Cryptoflex/Multiflex # setcos Setec # etoken Aladdin eToken and other CardOS based cards # gpk GPK 4K/8K/16K # mcrd MICARDO 2.1 # miocos MioCOS 1.1 # openpgp OpenPGP card # tcos TCOS 2.0 # emv EMV compatible cards # GPK card driver additional ATR entry: card_driver gpk { # atr = 00:11:22; } # For card drivers loaded from an external shared library/DLL, # you need to specify the path name of the module # # card_driver customcos { # The location of the driver library # module = /usr/lib/opensc/drivers/card_customcos.so; # atr = 00:11:22:33:44; # atr = 55:66:77:88:99:aa:bb; # } # Force using specific card driver # # If this option is present, OpenSC will use the supplied # driver with all inserted cards. # # Default: autodetect # # force_card_driver = miocos; # Below are the framework specific configuration blocks. # PKCS #15 framework pkcs15 { # Whether to use the cache files in the user's # home directory. # # At the moment you have to 'teach' the card to the # system by: # pkcs15-tool -L # # WARNING: Caching shouldn't be used in setuid root # applications. # Default: false # use_caching = true; # Enable pkcs15 emulation # Default: yes enable_pkcs15_emulation = yes; # Try pkcs15 emulation code first (before the normal # pkcs15 processing). # Default: no try_emulation_first = no; # Enable builtin emulators # Default: yes enable_builtin_emulation = yes; # list of the builtin pkcs15 emulators to test # possible values: esteid, openpgp, netkey, netkey, starcert, infocamere builtin_emulators = esteid, openpgp, netkey, netkey, starcert, infocamere; # additional pkcs15 emulators (dynamic or builtin with # a different atr etc.) # emulate foo { # module = builtin; # atr = 11:22:33:44; #} } # Estonian ID card and Micardo driver currently play together with T=0 only. # In theory only the 'cold' ATR should be specified, as T=0 will be the preferred # protocol once you boot it up with T=0, but be paranoid. # Generic format: card_atr <hex encoded ATR (case-sensitive!)> # Only parameter currently understood is force_protocol card_atr 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 { force_protocol = t0; } card_atr 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 { force_protocol = t0; } } # For applications that use SCAM (pam_opensc, sia_opensc) app scam { framework pkcs15 { use_caching = false; } } # Parameters for the OpenSC PKCS11 module app opensc-pkcs11 { pkcs11 { # Maxmimum number of slots per smart card. # If the card has fewer keys than defined here, # the remaining number of slots will be empty. # # Note that there is currently a compile time # maximum on the overall number of slots # the pkcs11 module is able to handle. num_slots = 4; # Normally, the pkcs11 module will create # the full number of slots defined above by # num_slots. If there are fewer pins/keys on # the card, the remaining keys will be empty # (and you will be able to create new objects # within them). # # Set this option to true to hide these empty # slots. hide_empty_tokens = false; # By default, the OpenSC PKCS#11 module will # try to lock this card once you have authenticated # to the card via C_Login. This is done so that no # other user can connect to the card and perform # crypto operations (which may be possible because # you have already authenticated with the card). # # However, this also means that no other application # that _you_ run can use the card until your application # has done a C_Logout or C_Finalize. In the case of # Netscape or Mozilla, this does not happen until # you exit the browser. lock_login = true; # Normally, the pkcs11 module will not cache PINs # presented via C_Login. However, some cards # may not work properly with OpenSC; for instance # when you have two keys on your card that get # stored in two different directories. # # In this case, you can turn on PIN caching by setting # cache_pins = true # # Default: false cache_pins = false; # Set this value to false if you want to enfore on-card # keypair generation # # Default: true soft_keygen_allowed = true; } } # Parameters for the OpenSC PKCS11-Spy module, that logs all the # communication between a pkcs11 module and it's calling application: # app <--> pkcs11-spy <--> pkcs11 module app pkcs11-spy { spy { # Where to log to. # # By default, the value of the PKCS11SPY_OUTPUT environment # variable is used. And if that one isn't defined: stderr # is used. # #output = /tmp/pkcs11-spy.log; # Which PKCS11 module to load. # # By default, the value of the PKCS11SPY environment # variable is used. And if that one isn't defined, # opensc-pkcs11.so is used. # #module = opensc-pkcs11.so; } }