1OPENCRYPTOKI.CONF(5)             openCryptoki             OPENCRYPTOKI.CONF(5)
2
3
4

NAME

6       opencryptoki.conf - Configuration file for pkcsslotd.
7
8

DESCRIPTION

10       pkcsslotd  uses  a  configuration  file  at /etc/opencryptoki/opencryp‐
11       toki.conf
12
13       This is a text file that contains information used to configure pkcs#11
14       slots.  At  startup, the pkcsslotd daemon parses this file to determine
15       which slots will be made available.
16
17

SYNTAX

19       This file is made up of optional global definitions, and slot  descrip‐
20       tions.
21
22       The following global definitions are valid:
23
24
25       disable-event-support
26              If  this  keyword is specified the openCryptoki event support is
27              disabled.
28
29
30       statistics (off|on[,implicit][,internal])
31              Enables or disables collection of statistics of mechanism usage.
32              By  default,  statistics collection is enabled. A value of (off)
33              disables all statistics collection. A value of (on) enables col‐
34              lection  of  mechanism  usage.   The collected statistics can be
35              displayed using the pkcsstats tool.
36
37              In addition to enabling  statistics  collection  for  mechanisms
38              used  by  PKCS#11 applications, you can specify (on,implicit) to
39              also enable collection of implicit mechanism usage, where  addi‐
40              tional mechanisms are specified in mechanism parameters. For ex‐
41              ample, RSA-PSS or RSA-OAEP allow to specify a hash mechanism and
42              a  mask  generation  function  (MGF) in the mechanism parameter.
43              ECDH allows to specify a key derivation function  (KDF)  in  the
44              mechanism parameter.
45
46              You  can additionally enable statistics collection of mechanisms
47              internally used by  Opencryptoki  by  specifying  (on,internal).
48              This  additionally  collects  usage statistics for crypto opera‐
49              tions used internally for pin handling and encryption of private
50              token objects in the data store.
51
52              Implicit  and  internal  statistics  collection can also be com‐
53              bined: (on,implicit,internal)
54
55
56       Each slot description is composed of a slot number, brackets  and  key-
57       value pairs.
58
59        slot number
60        {
61            key = value
62            ...
63        }
64
65       More than one key-value pair may be used within a slot description.
66
67       A key-value pair is composed of, keyword = value.
68
69       The following keywords are valid:
70
71
72       description
73              A  Description  of  the  slot.  PKCS#11v2.20  defined  this as a
74              64-byte max character-string.
75
76       stdll  This keyword is used to define the name of the  stdll  or  token
77              library  that will be used for this slot. The stdll is an avail‐
78              able token library in opencryptoki.
79
80       manufacturer
81              This keyword is used to name the ID of  the  slot  manufacturer.
82              PKCS#11v2.20 defines this as a 32 byte long string.
83
84       hwversion
85              Version  number of the slot's hardware, if any. The version num‐
86              ber is composed of a major version number (the  integer  portion
87              of  the version) and a minor version number (the hundredths por‐
88              tion of the version).  For example, version 1.2, major = 1,  mi‐
89              nor = 2
90
91       firmwareversion
92              Version  number of the slot's firmware, if any. The version num‐
93              ber is composed of a major version number (the  integer  portion
94              of  the version) and a minor version number (the hundredths por‐
95              tion of the version).
96
97       confname
98              If the slot is associated with a token that has its own configu‐
99              ration  file, this option identifies the name of that configura‐
100              tion file.  For example, confname=ep11tok.conf
101
102       tokname
103              If a token want to have its own token  directory  name  that  is
104              different  from  the default name, especially if multiple tokens
105              of the same type are configured, this option defines the name of
106              the token individual directory.  For example, tokname=ep11tok01
107
108              Note: This key-value pair is optional: If only one token per to‐
109              ken type is used, you don't need that entry. In  that  case  the
110              default directory name is used.
111
112       tokversion
113              Version number of the slot's token of the form <major>.<minor>.
114
115

Notes

117       The  pound  sign ('#') is used to indicate a comment.  Both the comment
118       character and any text after it, up to the end of  the  line,  are  ig‐
119       nored. The comment character cannot be used inside the brackets of slot
120       descriptions, as this will cause a syntax error.
121
122

SEE ALSO

124       opencryptoki(7),
125       pkcsslotd(8),
126       pkcsstats(1),
127
128
129
1303.21.0                          September 2012            OPENCRYPTOKI.CONF(5)
Impressum