source-git / opencryptoki

Clone
Source Code
GIT

Files

  1.   8681c66a40b6fb0c455e64866c38ecfa5a9d2cb2
  2.   usr
  3.   lib
  4.   ep11_stdll
  5.   ep11tok.conf
Blob Blame History Raw 
#
# EP11 token configuration
#
# In order to use the EP11 Token you need to specify a list of
# adapter/domain pairs installed and configured on your system.
#
# To force that the default for CKA_SENSITIVE is CK_TRUE for
# secret keys specify the following option:
#
#      FORCE_SENSITIVE
#
# To enable strict-mode, specify the following option:
#
#      STRICT_MODE
#
# In strict-mode all session-keys will strictly belong to the PKCS#11
# session that created it. When the PKCS#11 session ends, all session
# keys created for this session can no longer be used.
#
#      VHSM_MODE
#
# In VHSM-mode (virtual-HSM), all keys generated by the EP-11 token will
# strictly belong to the EP11 token that created it. Every EP11 token
# requires a VHSM-pin to be set using the pkcsep11_session tool.
#
# The list of mechanisms returned by C_GetMechanismList is filtered
# using the control point settings of the used crypto adapters.
# The EP11 CP-filter config file is used to associate certain
# control points with mechanisms that are dependent on these control
# points. The default CP-filter config file is 'ep11cpfilter.conf' located
# in the same directory as this EP11 token configuration file.
# You can optionally specify the name and/or location of the CP-filter
# file:
#
#      CPFILTER /etc/opencryptoki/ep11cpfilter.conf
#
# To enable optimization of single part Sign/Verify and Encrypt/Decrypt 
# operations specify the following option: 
# 
#      OPTIMIZE_SINGLE_PART_OPERATIONS
#
# To optimize digest operations using CPACF the libica library is used.
# Use the DIGEST_LIBICA option to control which libica library is loaded.
# Specify the path of the libica library to use a specific libica library,
# or specify 'DEFAULT' to use the system default libica library.
# Specify 'OFF' to turn digest optimizations off.
#
#      DIGEST_LIBICA <libica-path> | DEFAULT | OFF
#
# By default the random number generator of the EP11 cypto adatper is used to
# generate random data. Specify the USE_PRANDOM option to read random data from
# /dev/prandom instead (or /dev/urandom if /dev/prandom is not available).
#
#      USE_PRANDOM
#
# There are 2 ways to specify the crypto adapters:
#   1) explicitly list of adapter/domain pairs
#
#      APQN_WHITELIST
#       8 13
#      10 13
#      END
#
#      The adapter and domain may be given in decimal,
#      octal (with leading 0) or hexadecimal (with leading 0x):
#
#      APQN_WHITELIST
#       8    0x0d
#       0x0a 13
#      END
#
#      Valid adapter and domain values are in the range 0...255
#
#   2) any available crypto adapters
#
#      APQN_ANY
#

APQN_ANY

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation