-
Notifications
You must be signed in to change notification settings - Fork 0
/
example-devices.ini
42 lines (41 loc) · 2.34 KB
/
example-devices.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
[meesign]
; The UID of the device. It is used to identify the device in Server conf.
enabled = true
; Indicates whether this device is enabled.
library = /home/xroad/nix-cryptoki.so
; library = /home/xroad/pkcs11-logger/build/linux/pkcs11-logger-x64.so
; The path to the pkcs#11 library of the device driver.
sign_verify_pin = false
; Indicates whether the PIN should be entered per signing operation.
token_id_format = {moduleType}{slotIndex}
; Specifies the identifier format used to uniquely identify a token. In certain high
; availability setups may need be constrained to support replicated tokens (eg. by removing
; the slot index part which may be diffirent for the token replicas).
sign_mechanism = CKM_RSA_PKCS
; Specifies the signing mechanism. Supported values: CKM_RSA_PKCS, CKM_RSA_PKCS_PSS.
pub_key_attribute_encrypt = false
; Indicates whether public key can be used for encryption.
pub_key_attribute_verify = true
; Indicates whether public key can be used for verification.
pub_key_attribute_wrap = false
; Indicates whether public key can be used for wrapping other keys.
pub_key_attribute_allowed_mechanisms = CKM_SHA256_RSA_PKCS
; Specifies public key allowed mechanisms. Supported values:
; CKM_RSA_PKCS, CKM_SHA256_RSA_PKCS, CKM_SHA384_RSA_PKCS, CKM_SHA512_RSA_PKCS, and
; CKM_RSA_PKCS_PSS, CKM_SHA256_RSA_PKCS_PSS, CKM_SHA384_RSA_PKCS_PSS, CKM_SHA512_RSA_PKCS_PSS.
priv_key_attribute_sensitive = true
; Indicates whether private key is sensitive.
priv_key_attribute_decrypt = false
; Indicates whether private key can be used for encryption.
priv_key_attribute_sign = true
; Indicates whether private key can be used for signing.
priv_key_attribute_unwrap = false
; Indicates whether private key can be used for unwrapping wrapped keys.
priv_key_attribute_allowed_mechanisms = CKM_SHA256_RSA_PKCS
; Specifies private key allowed mechanisms. Supported values:
; CKM_RSA_PKCS, CKM_SHA256_RSA_PKCS, CKM_SHA384_RSA_PKCS, CKM_SHA512_RSA_PKCS, and
; CKM_RSA_PKCS_PSS, CKM_SHA256_RSA_PKCS_PSS, CKM_SHA384_RSA_PKCS_PSS, CKM_SHA512_RSA_PKCS_PSS.
; slot_ids = 1
; Specifies the device slot configuration. The value of the parameter is comma separated list of slot ids to use
; e.g. 1123, 2342, 5345. The default slot configuration for each HSM device is empty which means that all the slots
; will be scanned by the Security Server.