Provided by: opencryptoki_3.17.0+dfsg+20220202.b40982e-0ubuntu1.2_amd64 bug

NAME

       opencryptoki.conf - Configuration file for pkcsslotd.

DESCRIPTION

       pkcsslotd uses a configuration file at /etc/opencryptoki/opencryptoki.conf

       This is a text file that contains information used to configure pkcs#11 slots. At startup,
       the pkcsslotd daemon parses this file to determine which slots will be made available.

SYNTAX

       This file is made up of optional global definitions, and slot descriptions.

       The following global definitions are valid:

       disable-event-support
              If this keyword is specified the openCryptoki event support is disabled.

       statistics (off|on[,implicit][,internal])
              Enables or disables collection  of  statistics  of  mechanism  usage.  By  default,
              statistics  collection  is  enabled.  A  value  of  (off)  disables  all statistics
              collection. A value of (on) enables collection of mechanism usage.   The  collected
              statistics can be displayed using the pkcsstats tool.

              In  addition  to  enabling  statistics  collection  for  mechanisms used by PKCS#11
              applications, you can specify (on,implicit) to also enable collection  of  implicit
              mechanism usage, where additional mechanisms are specified in mechanism parameters.
              For example, RSA-PSS or RSA-OAEP allow to specify  a  hash  mechanism  and  a  mask
              generation function (MGF) in the mechanism parameter.  ECDH allows to specify a key
              derivation function (KDF) in the mechanism parameter.

              You can additionally enable statistics collection of mechanisms internally used  by
              Opencryptoki   by   specifying  (on,internal).  This  additionally  collects  usage
              statistics for crypto operations used internally for pin handling and encryption of
              private token objects in the data store.

              Implicit    and    internal   statistics   collection   can   also   be   combined:
              (on,implicit,internal)

       Each slot description is composed of a slot number, brackets and key-value pairs.

        slot number
        {
            key = value
            ...
        }

       More than one key-value pair may be used within a slot description.

       A key-value pair is composed of, keyword = value.

       The following keywords are valid:

       description
              A Description of the slot. PKCS#11v2.20 defined this as a  64-byte  max  character-
              string.

       stdll  This  keyword is used to define the name of the stdll or token library that will be
              used for this slot. The stdll is an available token library in opencryptoki.

       manufacturer
              This keyword is used to name the ID of the slot manufacturer. PKCS#11v2.20  defines
              this as a 32 byte long string.

       hwversion
              Version  number of the slot's hardware, if any. The version number is composed of a
              major version number (the integer portion of  the  version)  and  a  minor  version
              number  (the hundredths portion of the version).  For example, version 1.2, major =
              1, minor = 2

       firmwareversion
              Version number of the slot's firmware, if any. The version number is composed of  a
              major  version  number  (the  integer  portion  of the version) and a minor version
              number (the hundredths portion of the version).

       confname
              If the slot is associated with a token that has its own  configuration  file,  this
              option   identifies   the   name   of   that   configuration  file.   For  example,
              confname=ep11tok.conf

       tokname
              If a token want to have its own token directory name that  is  different  from  the
              default  name,  especially if multiple tokens of the same type are configured, this
              option  defines  the  name  of  the  token  individual  directory.   For   example,
              tokname=ep11tok01

              Note:  This  key-value  pair is optional: If only one token per token type is used,
              you don't need that entry. In that case the default directory name is used.

       tokversion
              Version number of the slot's token of the form <major>.<minor>.

Notes

       The pound sign ('#') is used to indicate a comment.  Both the comment  character  and  any
       text  after  it,  up  to the end of the line, are ignored. The comment character cannot be
       used inside the brackets of slot descriptions, as this will cause a syntax error.

SEE ALSO

       opencryptoki(7),
       pkcsslotd(8),
       pkcsstats(1),