Provided by: opencryptoki_3.18.0+dfsg-0ubuntu2_amd64 
NAME
policy.conf - Configuration file for openCryptoki policies.
DESCRIPTION
openCryptoki uses a policy configuration file at /etc/opencryptoki/policy.conf
This configuration file restricts the operations of openCryptoki to a specific set of
allowed operations. The policy allows users to restrict keys to a minimal cryptographic
strength, restrict supported elliptic curves, mechanisms, MGFs, KDFs, or PRFs.
SYNTAX
This file starts with a version specification of the form version policy-0 followed by
policy constraints.
A policy constraint assigns a value to a configuration key. The syntax depends of the
value of the key:
strength
This key defines the minimal required strength for keys, and digest and signature
sizes. It corresponds to the definition in /etc/opencryptoki/strength.conf. Valid
values are 0, 112, 128, 192, and 256. The special value 0 allows every key and
arbitrary size of digests and signatures. The format is a simple assignment:
strength = number
If other values are used, they are rounded up to the next supported value. Values
greater than 256 are rounded down to 256.
allowedmechs
This key specifies a list of mechanisms that are allowed by this policy. The list
should contain a comma-separated list of CKM_ constants supported by openCryptoki.
The list is placed inside brackets:
allowedmechs ( mech1, mech2 )
Note: This key is optional. If not present, all mechanisms are allowed. If an
empty list is provided, no mechanism would be allowed.
allowedcurves
This key specifies a list of allowed elliptic curves. Keys that do not belong to
any of the allowed curves cannot be created or used. The list has the same format
as the allowedmechs key:
allowedcurves ( curve1, curve2 )
Valid curve names are:
• BRAINPOOL_P160R1
• BRAINPOOL_P160T1
• BRAINPOOL_P192R1
• BRAINPOOL_P192T1
• BRAINPOOL_P224R1
• BRAINPOOL_P224T1
• BRAINPOOL_P256R1
• BRAINPOOL_P256T1
• BRAINPOOL_P320R1
• BRAINPOOL_P320T1
• BRAINPOOL_P384R1
• BRAINPOOL_P384T1
• BRAINPOOL_P512R1
• BRAINPOOL_P512T1
• PRIME192V1
• SECP224R1
• PRIME256V1
• SECP384R1
• SECP521R1
• SECP256K1
• CURVE25519
• CURVE448
• ED25519
• ED448
Note: This key is optional. If not present, all curves are allowed. An empty list allows
no curve.
allowedmgfs
This key specifies the allowed Message Generation Functions (MGFs) for use in RSA
OAEP and RSA PSS. The value is a list of CKG_ constants supported by openCryptoki.
The list has the same format as the allowedmechs key:
allowedmgfs ( mgf1, mgf2 )
Note: This key is optional. If not present, all MGFs are allowed. An empty list
allows no MGF.
allowedkdfs
This key specifies the allowed Key Derivation Functions (KDFs) for use in ECDH key
derivation. The value is a list of CKD_ constants supported by openCryptoki. This
list has the same format as the allowedmechs key:
allowedkdfs ( kdf1, kdf2 )
Note: This key is optional. If not present, all KDFs are allowed. An empty list
allows no KDF.
allowedprfs
This key specifies the allowed Pseudo-Random Functions (PRFs) for use in PKCS #5
PBKDF. The value is a list of PRFs. Currently, the only supported value is
CKP_PKCS5_PBKD2_HMAC_SHA256 CKP_PKCS5_PBKD2_HMAC_SHA512 which leads to the list
allowedprfs ( CKP_PKCS5_PBKD2_HMAC_SHA512, CKP_PKCS5_PBKD2_HMAC_SHA256 )
Note: This key is optional. If not present, all PRFs are allowed. An empty list
allows no PRF.
NOTES
The policy configuration file has to be owned by root:pkcs11 and have mode 0640.
Otherwise, openCryptoki will return CKR_FUNCTION_FAILED on C_Initialize and log the reason
into syslog.
The pound sign ('#') is used to indicate a comment. Both the comment character and any
text after it, up to the end of the line, are ignored. The comment character can be used
at the beginning of a line (including before the file version specification), after the
strength value, after a comma, and before and after the bracket.
Since the policy indirectly refers to a strength configuration, a strength configuration
has to exist and be valid. If no strength configuration exists, no policy will be
enforced. If an existing policy configuration is invalid, openCryptoki cannot be used.
openCryptoki uses some cryptographic operations to store token objects. These operations
have to be allowed by the policy. Which operations are needed depends on the token store
format and the token (since the ICSF Token as a remote token uses different crypto
operations to store its management data):
FIPS compliant format
Token stores in the FIPS compliant format need the mechanisms
CKM_AES_KEY_GEN, CKM_AES_KEY_WRAP, CKM_AES_GCM, CKM_PKCS5_PBKD2, the PRF
CKP_PKCS5_PBKD2_HMAC_SHA512, and must allow 256 bit AES keys.
legacy format
Token stores in legacy format need the mechanisms CKM_DES3_KEY_GEN,
CKM_DES3_CBC, CKM_AES_KEY_GEN, CKM_AES_CBC, CKM_SHA1, CKM_MD5 and must allow
2-key TDES keys (80 bit symmetric keys with 64 bit signatures).
ICSF Token store
CKM_AES_KEY_GEN, CKM_AES_CBC, CKM_SHA1, CKM_MD5 CKM_PKCS5_PBKD2, the PRF
CKP_PKCS5_PBKD2_HMAC_SHA256, and must allow 256 bit AES keys.
Tokens cannot be loaded if their token store format is not supported by the policy. If a
token cannot be loaded, a message is printed into syslog detailing the policy violation.
To fix this problem, make sure the token format is allowed by your policy (either by
satisfying above constraints or by temporarily removing /etc/opencryptoki/policy.conf) and
migrate your token store, e.g., to the FIPS-compliant format.
SEE ALSO
strength.conf(5),
opencryptoki(7),
pkcstok_migrate(1),
/usr/share/doc/opencryptoki/policy-example.conf