Provided by: opencryptoki_3.23.0+dfsg-0ubuntu3_amd64 
NAME
opencryptoki.conf - Configuration file for pkcsslotd.
DESCRIPTION
pkcsslotd uses a configuration file at /etc/opencryptoki/opencryptoki.conf
This is a text file that contains information used to configure pkcs#11 slots. At startup, the pkcsslotd
daemon parses this file to determine which slots will be made available.
SYNTAX
This file is made up of optional global definitions, and slot descriptions.
The following global definitions are valid:
disable-event-support
If this keyword is specified the openCryptoki event support is disabled.
statistics (off|on[,implicit][,internal])
Enables or disables collection of statistics of mechanism usage. By default, statistics collection
is enabled. A value of (off) disables all statistics collection. A value of (on) enables
collection of mechanism usage. The collected statistics can be displayed using the pkcsstats
tool.
In addition to enabling statistics collection for mechanisms used by PKCS#11 applications, you can
specify (on,implicit) to also enable collection of implicit mechanism usage, where additional
mechanisms are specified in mechanism parameters. For example, RSA-PSS or RSA-OAEP allow to
specify a hash mechanism and a mask generation function (MGF) in the mechanism parameter. ECDH
allows to specify a key derivation function (KDF) in the mechanism parameter.
You can additionally enable statistics collection of mechanisms internally used by Opencryptoki by
specifying (on,internal). This additionally collects usage statistics for crypto operations used
internally for pin handling and encryption of private token objects in the data store.
Implicit and internal statistics collection can also be combined: (on,implicit,internal)
Each slot description is composed of a slot number, brackets and key-value pairs.
slot number
{
key = value
...
}
More than one key-value pair may be used within a slot description.
A key-value pair is composed of, keyword = value.
The following keywords are valid:
description
A Description of the slot. PKCS#11v2.20 defined this as a 64-byte max character-string.
stdll This keyword is used to define the name of the stdll or token library that will be used for this
slot. The stdll is an available token library in opencryptoki.
manufacturer
This keyword is used to name the ID of the slot manufacturer. PKCS#11v2.20 defines this as a 32
byte long string.
hwversion
Version number of the slot's hardware, if any. The version number is composed of a major version
number (the integer portion of the version) and a minor version number (the hundredths portion of
the version). For example, version 1.2, major = 1, minor = 2
firmwareversion
Version number of the slot's firmware, if any. The version number is composed of a major version
number (the integer portion of the version) and a minor version number (the hundredths portion of
the version).
confname
If the slot is associated with a token that has its own configuration file, this option identifies
the name of that configuration file. For example, confname=ep11tok.conf
tokname
If a token want to have its own token directory name that is different from the default name,
especially if multiple tokens of the same type are configured, this option defines the name of the
token individual directory. For example, tokname=ep11tok01
Note: This key-value pair is optional: If only one token per token type is used, you don't need
that entry. In that case the default directory name is used.
tokversion
Version number of the slot's token of the form <major>.<minor>.
Notes
The pound sign ('#') is used to indicate a comment. Both the comment character and any text after it, up
to the end of the line, are ignored. The comment character cannot be used inside the brackets of slot
descriptions, as this will cause a syntax error.
SEE ALSO
opencryptoki(7),
pkcsslotd(8),
pkcsstats(1),
3.23 September 2012 OPENCRYPTOKI.CONF(5)