TokenCSP

The TokenCSP section loads external CSP libraries as PKCS#11 tokens in our library. This is experimental and should not be used.

[TokenCSP]
:01=Intel,Intel IPT,Intel IPT Enhanced Cryptographic Provider,0x3E
CheckExpire=0
:ContainerPrefix=
:PinMinLen=4
:PinMaxLen=8

CheckExpire

CheckExpire checks the validity period on the certificate. CheckExpire returns a value of the remaining time in seconds when less than or equal to the set value. If the remaining time is greater than the set value, it returns -1.

[SmartCard]
CheckExpire=<time>

Values

time

The time in days.

ContainerPrefix

The prefix used for mapping between PKCS#11, CKA_ID, and CSP container name.

PinMinLen

The PIN min length policy.

PinMaxLen

The PIN max length policy.

NN – load CSP

Each CSP is loaded according to the configuration:

NN=<company>,<name>,<csp>,<flag>

The flag is a bitmask with the following possible values:

#define TKN_CSP_MODE_BOTH_KEYSET     0x0001
#define TKN_CSP_MODE_PIN_PAD         0x0002
#define TKN_CSP_MODE_EXTERNAL_CERT   0x0004
#define TKN_CSP_MODE_MACHINE         0x0008
#define TKN_CSP_MODE_FORCE_PIN_PAD   0x0010
#define TKN_CSP_MODE_REGISTER_CERT   0x0020
#define TKN_CSP_MODE_DELETE_AT_NEW   0x0040
#define TKN_CSP_MODE_ALL_CONTAINERS  0x0080
#define TKN_CSP_MODE_READ_ONLY       0x0100
#define TKN_CSP_MODE_ALLOW_PIN_CACHE 0x0200

[TokenCSP]
01=Intel,Intel IPT,Intel IPT Enhanced Cryptographic Provider,0x3E