# Optional configuration file for the Belgium EID PKCS11 library. # Based on OpenSC, http://www.opensc.org/ # NOTE: All key-value pairs must be terminated by a semicolon. # Default values for any application # These can be overrided by an application # specific configuration block. app default { # Set to false if you want an error log # # Default: true; # #disable_errors = false; # The file to which errors will be written # # A special value of 'stderr' is recognized. # Default: stderr # error_file = /tmp/belpic-errors.log; reader_driver pcsc { # Whether to convert Case 4 APDUs to Case 3 # # Some readers (e.g. SCM SCR111, OMNIKEY 4000) seem to require this. # Default: false # apdu_fix = true; } # Single Sign-On # # This option lets the PKCS11 lib clears the CKF_LOGIN_REQUIRED # flag for each token info, and sets each session info state # to CKS_RW_USER_FUNCTIONS. # # This way, applications won't (shouldn't) ask a PIN to the user, # this PKCS11 lib itself will ask for the PIN if no login has # been done before. # # Default: true allow_sso = true; # Belpic card driver # card_driver belpic { # Applet beta 3 and 4 #atr = 3B:98:11:40:FF:A5:03:01:01:01:AD:13:04; # Applet beta 2 #atr = 3B:68:00:00:29:05:01:02:01:AD:13:03; } # Force using specific card driver # # If this option is present, OpenSC will use the supplied # driver with all inserted cards. # # Default: autodetect # # force_card_driver = belpic; # Below are the framework specific configuration blocks. # PKCS #15 framework pkcs15 { # Whether to use the cache files in the user's # home directory. # # At the moment you have to 'teach' the card to the # system by: # pkcs15-tool -L # # WARNING: Caching shouldn't be used in setuid root # applications. # Default: false # use_caching = true; } belpic_general { # Normally, the language of the dialogs is retrieved # from the card. Set this value if you want to force # a specific language to either en, nl, fr, de # # force_language = en; } belpic_pin_pad { # Set to false if you don't want a message dialog on the # screen to tell you to enter your AUTH pin (for login) # on the pin pad reader. # Default: true # # msg_auth_pin = false; # Set to false if you don't want a message dialog on the # screen to tell you if you entered a wrong pin on the # reader and that asks to try it again. # Default: true # # msg_wrong_pin = false; # Set to false if you don't want a message dialog on the # screen to tell you if the PIN is blocked. # Default: true # # msg_pin_blocked = false; # Set to false if you don't want a message dialog on the # screen to tell you that the new pins you entered on the # reader during a change pin command don't match; and to # ask you to try it again. # Default: true # # msg_changepin_mismatch = false; # Place here the names and libs (DLL) for the Belpic pin pad readers # Start with reader0 and lib0, then reader1 and lib1, ... until # reader9 and lib9. # The lib (DLL) should be placed in your execution path. #reader0 = "ACS USB"; #lib0 = pinpad_emulator; #reader1 = ; #lib1 = ; } } # Parameters for the OpenSC PKCS11 module app opensc-pkcs11 { pkcs11 { # Number of slots per smart card. # If the card has fewer pins/data than defined # here, the remaining number of slots will be # empty or contain data-less tokens, dependent # of the flag (below). # # As a consequence, the number of slots shown by # pkcs11 will be: num_slots * number_of_readers # # Note that there is currently a compile time # maximum on the overall number of slots # the pkcs11 module is able to handle. # # Default: 4 num_slots = 2; # Normally, the pkcs11 module will create the # full number of slots per smart card defined # above by num_slots. If there are fewer # pins/keys on the card, the remaining tokens # will be empty (data-less) and you will be # able to create new objects within them. # # Set this option to true to hide these data-less # less tokens (so their slots will be empty slots) # Default: false hide_empty_tokens = true; # By default, the OpenSC PKCS#11 module will # try to lock this card once you have authenticated # to the card via C_Login. This is done so that no # other user can connect to the card and perform # crypto operations (which may be possible because # you have already authenticated with the card). # # However, this also means that no other application # that _you_ run can use the card until your application # has done a C_Logout or C_Finalize. In the case of # Netscape or Mozilla, this does not happen until # you exit the browser. lock_login = false; # Normally, the pkcs11 module will not cache PINs # presented via C_Login. However, some cards # may not work properly with OpenSC; for instance # when you have two keys on your card that get # stored in two different directories. # # In this case, you can turn on PIN caching by setting # cache_pins = true # # Default: false cache_pins = false; } }