File: opensc.conf-dist

package info (click to toggle)
opensc 0.11.1-2etch2
  • links: PTS
  • area: main
  • in suites: etch
  • size: 7,284 kB
  • ctags: 7,257
  • sloc: ansic: 69,499; sh: 9,480; xml: 4,191; makefile: 346; lex: 92; perl: 25
file content (286 lines) | stat: -rw-r--r-- 8,418 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
 
# Configuration file for OpenSC
# Example configuration file

# NOTE: All key-value pairs must be terminated by a semicolon.

# Default values for any application
# These can be overrided by an application
# specific configuration block.
app default {
	# Amount of debug info to print
	#
	# A greater value means more debug info.
	# Default: 0
	#
	debug = 0;

	# The file to which debug output will be written
	#
	# A special value of 'stdout' is recognized.
	# Default: stdout
	#
	# debug_file = /tmp/opensc-debug.log;

	# The file to which errors will be written
	#
	# A special value of 'stderr' is recognized.
	# Default: stderr
	#
	# error_file = /tmp/opensc-errors.log;

        # Where to find the *.profile files for pkcs15init;

	profile_dir = /usr/share/opensc;

	# What reader drivers to load at start-up
	#
	# A special value of 'internal' will load all
	# statically linked drivers. If an unknown (ie. not
	# internal) driver is supplied, a separate configuration
	# configuration block has to be written for the driver.
	# Default: internal
	# NOTE: if "internal" keyword is used, must be the 
	# last entry in reader_drivers list
	#
	reader_drivers = openct, pcsc, ctapi;

	reader_driver ctapi {
		# module /usr/local/towitoko/lib/libtowitoko.so {
			# CT-API ports:
			# 0..3		COM1..4
			# 4		Printer
			# 5		Modem
			# 6..7		LPT1..2
			# ports = 0;
		# }
	}

	# Define parameters specific to your readers.
	# The following section shows definitions for PC/SC readers,
	# but the same set of variables are applicatable to ctapi and
	# openct readers, simply by using "reader_driver ctapi" and
	# "reader_driver openct", respectively.
	reader_driver pcsc {
		# Whether to transform some APDU's from one case to another
		# Possible values:
		#            none:   Don't transform any APDU's
		#        case4as3:   For T=0, send a case 4 APDU as case 3,
		#                    (no Lc byte) the card will send back
		# 		     a 61xx SW, and we will follow up with a
		#                    GetResponse command
		#                    The SCM SCR111, Sun SCF, and e-gate readers
		#                    seem to require this.
		#        case1as2:   For T=0, send a case 1 APDU as case 2.
		#                    (append an Le byte of 0)
		#                    The Sun SCF and e-gate readers seem to
		#                    require this
		# case1as2_always:   for any T=0/1, send a case 1 APDU as
		#		     case 2.
		#                    The Sun SCF reader may require this
		# Default: none
		#
		apdu_masquerade = none;
		#
		# This sets the maximum send and receive sizes.
		# Some IFD handlers do not properly handle APDUs with
		# large lc or le bytes.
		#
		max_send_size = 252;
		max_recv_size = 252;
		#
		# EXPERIMENTAL: Enable CCID pinpad support
		# implemented (at least) in the libccid driver.
		#use_ccid_pin_cmd = true;
	}

	# What card drivers to load at start-up
	#
	# A special value of 'internal' will load all
	# statically linked drivers. If an unknown (ie. not
	# internal) driver is supplied, a separate configuration
	# configuration block has to be written for the driver.
	# Default: internal
	# NOTE: When "internal" keyword is used, must be last entry 
	#
	# card_drivers = customcos, internal;

	# Card driver configuration blocks. 

	# For all drivers, you can specify ATRs of cards that
	# should be handled by this driver (in addition to the
	# list of compiled-in ATRs). 
	#
	# The supported internal card driver names are
	#  flex		Cryptoflex/Multiflex
	#  setcos	Setec
	#  etoken	Aladdin eToken and other CardOS based cards
	#  gpk		GPK 4K/8K/16K
	#  mcrd		MICARDO 2.1
	#  miocos	MioCOS 1.1
	#  openpgp	OpenPGP card
	#  tcos		TCOS 2.0
	#  emv		EMV compatible cards

	# GPK card driver additional ATR entry:
	card_driver gpk {
		# atr = 00:11:22;
	}

	# For card drivers loaded from an external shared library/DLL, 
	# you need to specify the path name of the module
	#
	# card_driver customcos {
		# The location of the driver library
		# module = /usr/lib/opensc/drivers/card_customcos.so;
		# atr = 00:11:22:33:44;
		# atr = 55:66:77:88:99:aa:bb;
	# }

	# Force using specific card driver
	#
	# If this option is present, OpenSC will use the supplied
	# driver with all inserted cards.
	#
	# Default: autodetect
	#
	# force_card_driver = miocos;

	# Below are the framework specific configuration blocks.

	# PKCS #15
	framework pkcs15 {
		# Whether to use the cache files in the user's
		# home directory.
		#
		# At the moment you have to 'teach' the card to the
		# system by:
		# pkcs15-tool -L
		#
		# WARNING: Caching shouldn't be used in setuid root
		# applications.
		# Default: false
		#
		use_caching = true;
		# Enable pkcs15 emulation
		# Default: yes
		enable_pkcs15_emulation = yes;
		# Try pkcs15 emulation code first (before the normal
		# pkcs15 processing).
		# Default: no
		try_emulation_first = no;
		# Enable builtin emulators
		# Default: yes
		enable_builtin_emulation = yes;
		# list of the builtin pkcs15 emulators to test
		# possible values: esteid, openpgp, netkey, netkey,
		# starcert, infocamere, postecert
		builtin_emulators = esteid, openpgp, netkey, netkey, starcert, infocamere, postecert;

		# additional pkcs15 emulators (dynamic or builtin with
		# a different atr etc.) 
		# emulate foo {
			# module = builtin;
			# atr = 11:22:33:44;
		#}
	}
	
	# Estonian ID card and Micardo driver currently play together with T=0 only.
	# In theory only the 'cold' ATR should be specified, as T=0 will be the preferred
	# protocol once you boot it up with T=0, but be paranoid.
	
	# Generic format: card_atr <hex encoded ATR (case-sensitive!)>
	# Only parameter currently understood is force_protocol
	card_atr 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
		force_protocol = t0;
	}
	card_atr 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 {
		force_protocol = t0;
	}
}

# For applications that use SCAM (pam_opensc, sia_opensc)
app scam {
	framework pkcs15 {
		use_caching = false;
	}
}

# Parameters for the OpenSC PKCS11 module
app opensc-pkcs11 {
	pkcs11 {
		# Maxmimum number of slots per smart card.
		# If the card has fewer keys than defined here,
		# the remaining number of slots will be empty.
		#
		# Note that there is currently a compile time
		# maximum on the overall number of slots
		# the pkcs11 module is able to handle.
		num_slots = 4;

		# Normally, the pkcs11 module will create
		# the full number of slots defined above by
		# num_slots. If there are fewer pins/keys on
		# the card, the remaining keys will be empty
		# (and you will be able to create new objects
		# within them).
		#
		# Set this option to true to hide these empty
		# slots.
		hide_empty_tokens = true;

		# By default, the OpenSC PKCS#11 module will
		# try to lock this card once you have authenticated
		# to the card via C_Login. This is done so that no
		# other user can connect to the card and perform
		# crypto operations (which may be possible because
		# you have already authenticated with the card).
		#
		# However, this also means that no other application
		# that _you_ run can use the card until your application
		# has done a C_Logout or C_Finalize. In the case of
		# Netscape or Mozilla, this does not happen until
		# you exit the browser.
		lock_login = true;

		# Normally, the pkcs11 module will not cache PINs
		# presented via C_Login. However, some cards
		# may not work properly with OpenSC; for instance
		# when you have two keys on your card that get
		# stored in two different directories.
		#
		# In this case, you can turn on PIN caching by setting
		# cache_pins = true
		#
		# Default: false
		cache_pins = false;

		# Set this value to false if you want to enfore on-card
		# keypair generation
		#
		# Default: true
		soft_keygen_allowed = true;
	}
}

# Parameters for the OpenSC PKCS11-Spy module, that logs all the
# communication between a pkcs11 module and it's calling application:
#    app <--> pkcs11-spy <--> pkcs11 module
app pkcs11-spy {
	spy {
		# Where to log to.
		#
		# By default, the value of the PKCS11SPY_OUTPUT environment
		# variable is used. And if that one isn't defined: stderr
		# is used.
		#
		#output = /tmp/pkcs11-spy.log;

		# Which PKCS11 module to load.
		#
		# By default, the value of the PKCS11SPY environment
		# variable is used. And if that one isn't defined,
		# opensc-pkcs11.so is used.
		#
		#module = opensc-pkcs11.so;
	}
}