CasperSecurity
#
# PKCS15 profile, generic information.
# This profile is loaded before any card specific profile.
#
cardinfo {
label = "OpenSC Card";
manufacturer = "OpenSC Project";
min-pin-length = 4;
# max length should be overridden in the per-card profile
max-pin-length = 8;
}
#
# The following controls some aspects of the PKCS15 we put onto
# the card.
#
pkcs15 {
# Put certificates into the CDF itself?
direct-certificates = no;
# Put the DF length into the ODF file?
encode-df-length = no;
# Have a lastUpdate field in the EF(TokenInfo)?
do-last-update = yes;
# Method to calculate ID of the crypto objects
# native: 'E' + number_of_present_objects_of_the_same_type
# mozilla: SHA1(modulus) for RSA, SHA1(pub) for DSA
# rfc2459: SHA1(SequenceASN1 of public key components as ASN1 integers)
# default value: 'native'
pkcs15-id-style = mozilla;
}
# Default settings.
# This option block will always be processed.
option default {
macros {
protected = *=$SOPIN, READ=NONE;
unprotected = *=NONE;
so-pin-flags = local, initialized, needs-padding, soPin;
so-min-pin-length = 6;
so-pin-attempts = 2;
so-auth-id = FF;
so-puk-attempts = 4;
so-min-puk-length = 6;
unusedspace-size = 128;
odf-size = 256;
aodf-size = 256;
cdf-size = 512;
prkdf-size = 256;
pukdf-size = 256;
dodf-size = 256;
}
}
# This option sets up the card so that a single
# user PIN protects all files
option onepin {
macros {
protected = *=$PIN, READ=NONE;
unprotected = *=NONE;
so-pin-flags = local, initialized, needs-padding;
so-min-pin-length = 4;
so-pin-attempts = 3;
so-auth-id = 1;
so-puk-attempts = 7;
so-min-puk-length = 4;
}
}
# This option is for cards with very little memory.
# It sets the size of various PKCS15 directory files
# to 128 or 256, respectively.
option small {
macros {
odf-size = 128;
aodf-size = 128;
cdf-size = 256;
prkdf-size = 128;
pukdf-size = 128;
dodf-size = 128;
}
}
# This option tells pkcs15-init to use the direct option
# when storing certificates on the card (i.e. put the
# certificates into the CDF itself, rather than a
# separate file)
option direct-cert {
pkcs15 {
direct-certificates = yes;
encode-df-length = yes;
}
macros {
cdf-size = 3192;
}
}
# Define reasonable limits for PINs and PUK
# Note that we do not set a file path or reference
# for the user pin; that is done dynamically.
PIN user-pin {
attempts = 3;
flags = local, initialized, needs-padding;
}
PIN user-puk {
attempts = 7;
}
PIN so-pin {
auth-id = $so-auth-id;
attempts = $so-pin-attempts;
min-length = $so-min-pin-length;
flags = $so-pin-flags;
}
PIN so-puk {
attempts = $so-puk-attempts;
min-length = $so-min-puk-length;
}
filesystem {
DF MF {
path = 3F00;
type = DF;
# This is the DIR file
EF DIR {
type = EF;
file-id = 2F00;
size = 128;
acl = *=NONE;
}
# Here comes the application DF
DF PKCS15-AppDF {
type = DF;
file-id = 5015;
aid = A0:00:00:00:63:50:4B:43:53:2D:31:35;
acl = *=NONE;
size = 5000;
EF PKCS15-ODF {
file-id = 5031;
size = $odf-size;
ACL = $unprotected;
}
EF PKCS15-TokenInfo {
file-id = 5032;
ACL = $unprotected;
}
EF PKCS15-UnusedSpace {
file-id = 5033;
size = $unusedspace-size;
ACL = $unprotected;
}
EF PKCS15-AODF {
file-id = 4401;
size = $aodf-size;
ACL = $protected;
}
EF PKCS15-PrKDF {
file-id = 4402;
size = $prkdf-size;
acl = $protected;
}
EF PKCS15-PuKDF {
file-id = 4403;
size = $pukdf-size;
acl = $protected;
}
EF PKCS15-CDF {
file-id = 4404;
size = $cdf-size;
acl = $protected;
}
EF PKCS15-DODF {
file-id = 4405;
size = $dodf-size;
ACL = $protected;
}
}
}
}