Enumeration Properties

The following properties are available to enumerate information from the plugin. The enumeration always returns a string with a list of values separated with ‘;’. The enumeration always starts from ‘0’ and last property is found when return value is an empty string.

Generic example of enumeration of properties:
iid = document.getElementById(‘iid’);
if (iid != null) {
  i = 0;
  if (iid.EnumProperty(‘<name>’, i) != "") {
    i++;
  }
}
Example 1. Generic example of return value
value = ‘<value1>;<value2>;…​;<valueX>;’

There is one property available for controlling the behavior of enumeration:

Property Description Default value Requirement

EnumLimit

Contains a number which is a bitmask telling which properties to return. Bit set will return the value and not set will ignore the value.

Available enumeration properties are listed below. They can also be accessed via the On this page menu to the right.

Certificate

Enumeration property Certificate is used to enumerate all available certificates. This enumeration may be combined with two other properties:

Property Description Default value Requirement

AllowExternalCert

Specifies all certificates that should be returned including those not stored within our PKI client.

Default false, only internal certificates will be returned.

optional

Other

Specifies all certificates should be returned including those without a matching private key pair.

Default false, only the current user certificates will be returned.

optional

The returned string value has the following elements:

Returned string value elements Description

Slot id

The slot id for the PKCS#11 token, where the certificate can be found. This value should be used when updating the certificate.

Real slot id

The real slot id for the PKCS#11 token, where the certificate can be found. This value should be used in all cases except when updating the certificate. The reason for two different slot id:s is that there are certificates which are connected to a private key protected with a secondary PIN, but the certificate needs the first PIN for update.

Key id

The key identifier for the key pair used with the certificate.

Label

The certificate label used to describe the certificate. This string may be empty if no label is available.

Issuer

The certificate issuer field from the certificate. The value returned will use object identifier name instead of object identifier string when used with EnumLimit property.

Subject

The certificate subject field from the certificate. The value returned will use object identifier name instead of object identifier string when used with EnumLimit property.

Value

The complete base64 encoded certificate value.

Example 2. Certificate enumeration
"1;1;45;identification;2.5.4.3=Company CA,2.5.4.10=US;2.5.4.3=John Doe;MII…==

CertificateEx

Enumeration property CertificateEx has the same behavior as enumeration property Certificate, but returns some additional information.

The first 6 elements are equal to enumeration property Certificate, but the last element Value, the certificate value, will always be returned last in the string.

Currently some more elements are included, and more may be added in the future. If new elements are added they will be added after the elements listed below and Certificate will still be the last element.

Returned string value elements Description

Valid from

Contains the validity from value from the certificate. The value will only contain the date part of the validity.

Valid to

Contains the validity to value from the certificate. The value will only contain the date part of the validity.

Is CA

Contains a flag indicting whether this certificate is a CA certificate or an end user certificate. Value 1 means CA certificate, value 0 means end user certificate.

Credential

Contains the subject alt name from the certificate.

Thumbprint

Contains the thumbprint of the certificate.

Authority identifier

Contains the authority identifier of the certificate.

Key usage

Contains the key usage of the certificate.

Expire

Contains number of days until the certificate expire when configured with expire warning.

Example 3. Extended certificate enumeration
"1;1;45;identification;2.5.4.3=Company+CA,2.5.4.10=US;2.5.4.3=John Doe;2010-01-01;2014-12-31;0;johdoe@company.com;65A424E5AC290597A7C4460C0D0491F6CF69F705; 1C53AB9CBB9ECF30D4DD714DCE84A9EC2CBAF2F7;160;;MII…==

Component

This property is only available on Windows platforms.

Enumeration property Component is used to enumerate all installed components.

The returned string value has the following elements:

Returned string value elements Description

Path

Specifies the full file path to the installed component.

Version

Specifies the file version of the installed component.

Description

Specifies the file description of the installed component.

Example 4. Components enumeration
'C:\Program\Net iD\iid.dll;05040134;Main'

Key

Enumeration property Key is used to enumerate all available key pairs.

The returned string value has the following elements:

Returned string value elements Description

Slot id

The slot id for the PKCS#11 token, where the key pair can be found. This value should be used when updating the key pair.

Real slot id

The real slot ID for the PKCS#11 token, where the key pair can be found. This value should be used in all cases except when updating the key pair. The reason for two different slot IDs is that there are key pairs protected with a secondary PIN, but will require first PIN for update.

Key id

The key identifier for the key pair.

Label

The key label used to describe the certificate. This string may be empty if no label available.

Type

The key type. Value is currently always rsa, since this is the only supported key type.

Usage

The allowed key usage for the key pair. This value should be equal to key usage in any connected certificate, but may be different.

Size

The key size in bits for the key pair.

Generator name

The name of the component used to generate the key. This will only be available for soft tokens. The value corresponds to static property CryptoEngine when key was generated.

Generator version

The version of the component used to generate the key. This will only be available for soft tokens. The value corresponds to static property CryptoEngine when key was generated.

Example 5. Key enumeration
"1;1;45;identification;rsa;160;1024;;"

Language

Enumeration property Language is used to enumerate all available languages.

The returned string value has the following elements:

Returned string value elements Description

Name

The name of the language.

Profile

Enumeration property Profile is used to enumerate all available smart card profiles.

The returned string value has the following elements:

Returned string value elements Description

Name

The name of the profile.

Slot

Enumeration property Slot is used to enumerate all available PKCS#11 slots.

The returned string value has the following elements:

Returned string value elements Description

Slot id

The slot ID for the PKCS#11 slot. This value is a unique identifier for a specific token with a specific pin. For smart cards this value is a number between 1 and 99. For soft tokens this value is a number between 100 and 199.

Slot description

The description for the PKCS#11 slot. For smart cards this value is the string with the smart card reader name. For soft tokens this value is a string with the slot ID number.

Token label

The token label for the PKCS#11 slot. This element will be empty if token is not present. For smart cards this will be the combined value from real token label and PIN label. For soft tokens this will be the token label specified at creation.

Example 6. Smart card reader enumeration

"1;Card Reader 0;Card eID (PIN1)" "2;Card Reader 0;Card eID (PIN2)" "3;Card Reader 0;"

Example 7. Soft token enumeration.
"100;Soft Slot 100;Soft eID"
Smart card reader slots usually return three slots for each real smart card reader to handle up to three PINs for each smart card. The number of supported PINs may change depending on configuration, but it will always be possible to connect the PINs to a specific card by using the smart card reader name.

SlotCard

Same as property Slot, but will only return smart card reader slots.

SlotSoft

Same as property Slot, but will only return soft token slots.

Token

Enumeration property Token is used to enumerate all available PKCS#11 tokens.

The returned string value has the following elements:

Returned string value elements Description

Slot id

The slot ID for the PKCS#11 slot. This value is a unique identifier for a specific token with a specific pin. For smart cards this value is a number between 1 and 99. For soft tokens this value is a number between 100 and 199.

Token Label

The token label for the PKCS#11 slot. For smart cards this will be the combined value from real token label and pin label. For soft tokens this will be the token label specified at creation.

Token number

The token number for the PKCS#11 token. This number is the card serial number for card and a random number for soft tokens starting with four digits with product version when soft token was created.

Token manufacturer

The token manufacturer for the PKCS#11 token.

Token type

The token type for the PKCS#11 token. This type is the token model with version number.

Token path

The full file path to a soft token, and empty for a smart card.

Minimum password length

The minimum password/PIN length required for the PKCS#11 token.

Maximum password length

The maximum password/PIN length required for the PKCS#11 token.

Current attempts left

The current number of bad password/PIN attempts remaining before password/PIN is locked. Available values are 0, 1, 2, and 3.

0

locked

1

final try, one attempt left

2

count low, two attempts left

3

unknown number of attempts left, probably at least three attempts left

Password type

Number telling the type of password. See configuration for more information about available types.

Password policy

Number telling the policy for the password. See configuration for more information about policy value.

Slot name

The PKCS#11 slot description for the slot ID.

Example 8. Smart card enumeration

"1;Card eID (PIN1);1234 5678 9012 3456;Company AB;Model 1.0;;4;8;3;0;0x00000000;Card Reader 0" "2;Card eID (PIN2);1234 5678 9012 3456;Company AB;Model 1.0;;4;8;3;0;0x00000000;Card Reader 1"

Example 9. Soft token enumeration:
"1;Soft eID;0504 1234 5678 90;SecMaker AB;Soft Token 5.4;c:\soft.tkn;2;32;3;0;0x00000000;Soft Slot 100"

TokenCard

Same as property Token, but will only return smart card tokens.

TokenSoft

Same as property Token, but will only return soft tokens.