diff options
Diffstat (limited to 'pki/base/tps/doc/CS.cfg')
-rw-r--r-- | pki/base/tps/doc/CS.cfg | 1366 |
1 files changed, 1366 insertions, 0 deletions
diff --git a/pki/base/tps/doc/CS.cfg b/pki/base/tps/doc/CS.cfg new file mode 100644 index 000000000..bd39b3b26 --- /dev/null +++ b/pki/base/tps/doc/CS.cfg @@ -0,0 +1,1366 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +cs.type=TPS +service.machineName=[SERVER_NAME] +service.instanceDir=[SERVER_ROOT] +service.securePort=[SECURE_PORT] +service.unsecurePort=[PORT] +service.instanceID=[INSTANCE_ID] +logging._000=######################################### +logging._001=# RA configuration File +logging._002=# +logging._003=# All <...> must be replaced with +logging._004=# appropriate values. +logging._005=######################################### +logging._006=######################################## +logging._007=# logging +logging._008=# +logging._009=# logging.debug.enable: +logging._010=# logging.audit.enable: +logging._011=# logging.error.enable: +logging._012=# - enable or disable the corresponding logging +logging._013=# logging.debug.filename: +logging._014=# logging.audit.filename: +logging._015=# logging.error.filename: +logging._016=# - name of the log file +logging._017=# logging.debug.level: +logging._018=# logging.audit.level: +logging._019=# logging.error.level: +logging._020=# - level of logging. (0-10) +logging._021=# 0 - no logging, +logging._022=# 4 - LL_PER_SERVER these messages will occur only once +logging._023=# during the entire invocation of the +logging._024=# server, e. g. at startup or shutdown +logging._025=# time., reading the conf parameters. +logging._026=# Perhaps other infrequent events +logging._027=# relating to failing over of CA, TKS, +logging._028=# too +logging._029=# 6 - LL_PER_CONNECTION these messages happen once per +logging._030=# connection - most of the log events +logging._031=# will be at this level +logging._032=# 8 - LL_PER_PDU these messages relate to PDU +logging._033=# processing. If you have something that +logging._034=# is done for every PDU, such as +logging._035=# applying the MAC, it should be logged +logging._036=# at this level +logging._037=# 9 - LL_ALL_DATA_IN_PDU dump all the data in the PDU - a more +logging._038=# chatty version of the above +logging._039=# 10 - all logging +logging._040=######################################### +logging.debug.enable=true +logging.debug.filename=[SERVER_ROOT]/logs/tps-debug.log +logging.debug.level=7 +logging.audit.enable=true +logging.audit.filename=[SERVER_ROOT]/logs/tps-audit.log +logging.audit.level=10 +logging.error.enable=true +logging.error.filename=[SERVER_ROOT]/logs/tps-error.log +logging.error.level=10 +conn.ca1._000=######################################### +conn.ca1._001=# CA connection +conn.ca1._002=# +conn.ca1._003=# conn.ca<n>.hostport: +conn.ca1._004=# - host name and port number of your CA, format is host:port +conn.ca1._005=# conn.ca<n>.clientNickname: +conn.ca1._006=# - nickname of the client certificate for +conn.ca1._007=# authentication +conn.ca1._008=# conn.ca<n>.servlet.enrollment: +conn.ca1._009=# - servlet to contact in CA +conn.ca1._010=# - must be '/ca/profileSubmitSSLClient' +conn.ca1._011=# conn.ca<n>.retryConnect: +conn.ca1._012=# - number of reconnection attempts on failure +conn.ca1._013=# conn.ca<n>.timeout: +conn.ca1._014=# - connection timeout +conn.ca1._015=# conn.ca<n>.SSLOn: +conn.ca1._016=# - enable SSL or not +conn.ca1._017=# conn.ca<n>.keepAlive: +conn.ca1._018=# - enable keep alive or not +conn.ca1._019=# +conn.ca1._020=# where +conn.ca1._021=# <n> - CA connection ID +conn.ca1._022=######################################### +failover.pod.enable=false +conn.ca1.hostport=[CA_HOST]:[CA_PORT] +conn.ca1.clientNickname=[HSM_LABEL][NICKNAME] +conn.ca1.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient +conn.ca1.servlet.revoke=/ca/subsystem/ca/doRevoke +conn.ca1.servlet.unrevoke=/ca/subsystem/ca/doUnrevoke +conn.ca1.retryConnect=3 +conn.ca1.timeout=100 +conn.ca1.SSLOn=true +conn.ca1.keepAlive=true +conn.tks1._000=######################################### +conn.tks1._001=# TKS connection +conn.tks1._002=# +conn.tks1._003=# conn.tks<n>.hostport: +conn.tks1._004=# - host name and port number of your TKS, the format is host:port +conn.tks1._005=# conn.tks<n>.clientNickname: +conn.tks1._006=# - nickname of the client certificate for +conn.tks1._007=# authentication +conn.tks1._008=# conn.tks<n>.servlet.computeSessionKey: +conn.tks1._009=# - servlet to compute session key +conn.tks1._010=# - must be '/tks/computeSessionKey' +conn.tks1._011=# conn.tks<n>.servlet.encryptData: +conn.tks1._012=# - servlet to encrypt data +conn.tks1._013=# - must be '/tks/encryptData' +conn.tks1._014=# conn.tks<n>.servlet.createKeySetData: +conn.tks1._015=# - servlet to create key set data +conn.tks1._016=# - must be '/tks/createKeySetData' +conn.tks1._017=# conn.tks<n>.retryConnect: +conn.tks1._018=# - number of reconnection attempts on failure +conn.tks1._019=# conn.tks<n>.SSLOn +conn.tks1._020=# - enable SSL or not +conn.tks1._021=# conn.tks<n>.keepAlive: +conn.tks1._022=# - enable keep alive or not +conn.tks1._023=# +conn.tks1._024=# where +conn.tks1._025=# <n> - TKS connection ID +conn.tks1._026=######################################### +conn.tks1.hostport=[TKS_HOST]:[TKS_PORT] +conn.tks1.clientNickname=[HSM_LABEL][NICKNAME] +conn.tks1.servlet.computeSessionKey=/tks/agent/tks/computeSessionKey +conn.tks1.servlet.encryptData=/tks/agent/tks/encryptData +conn.tks1.servlet.createKeySetData=/tks/agent/tks/createKeySetData +conn.tks1.retryConnect=3 +conn.tks1.timeout=100 +conn.tks1.SSLOn=true +conn.tks1.keepAlive=false +conn.tks1.keySet=defKeySet +conn.tks1.serverKeygen=[SERVER_KEYGEN] +conn.drm1._000=######################################### +conn.drm1._001=# DRM connection +conn.drm1._002=# +conn.drm1._003=#conn.drm.totalConns +conn.drm1._004=# - # of DRM connections +conn.drm1._005=#conn.drm<n>.hostport +conn.drm1._006=# - host name and port number of your DRM, the format is host:port +conn.drm1._007=#conn.drm<n>.clientNickname +conn.drm1._008=# - nickname of the client certificate for +conn.drm1._009=# authentication +conn.drm1._010=#conn.drm<n>.servlet.GenerateKeyPair +conn.drm1._011=# - servlet to generate key pairs and archive keys on DRM +conn.drm1._012=# - must be '/kra/GenerateKeyPair' +conn.drm1._013=#conn.drm<n>.servlet.TokenKeyRecovery=/kra/TokenKeyRecovery +conn.drm1._014=# - servlet to handle key recovery +conn.drm1._015=# - must be '/kra/TokenKeyRecovery' +conn.drm1._016=#conn.drm<n>.retryConnect=3 +conn.drm1._017=# - number of reconnection attempts on failure +conn.drm1._018=#conn.drm<n>.SSLOn=true +conn.drm1._019=# - enable SSL or not +conn.drm1._020=#conn.drm<n>.keepAlive=false +conn.drm1._021=# - enable keep alive or not +conn.drm1._022=# +conn.drm1._023=# where +conn.drm1._024=# <n> - DRM connection ID +conn.drm1._025=######################################### +conn.drm.totalConns=1 +conn.drm1.hostport=[DRM_HOST]:[DRM_PORT] +conn.drm1.clientNickname=[HSM_LABEL][NICKNAME] +conn.drm1.servlet.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair +conn.drm1.servlet.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery +conn.drm1.retryConnect=3 +conn.drm1.timeout=100 +conn.drm1.SSLOn=true +conn.drm1.keepAlive=false +auth.instance._000=######################################## +auth.instance._001=# publishing +auth.instance._002=# +auth.instance._003=# publisher.instance.<n>.libraryName: +auth.instance._004=# - name of the library specified with a fully qualified path name +auth.instance._005=# publisher.instance.<n>.libraryFactory: +auth.instance._006=# - the name of the function which instantiates the publisher +auth.instance._007=# publisher.instance.<n>.publisherId: +auth.instance._008=# - the publisher ID +auth.instance._009=# +auth.instance._010=# where +auth.instance._011=# <n> - publisher connection ID +auth.instance._012=######################################## +auth.instance._013=######################################### +auth.instance._014=# authentication +auth.instance._015=# +auth.instance._016=# auth.instance.<n>.libraryName: +auth.instance._017=# - name of the library specified with a fully qualified path name +auth.instance._018=# auth.instance.<n>.libraryFactory: +auth.instance._019=# - the name of the function which instantiates the authentication +auth.instance._020=# auth.instance.<n>.authId +auth.instance._021=# - the authentication ID +auth.instance._022=# auth.instance.<n>.hostport +auth.instance._023=# - parameter specific to the given authentication, +auth.instance._024=# i. e., LDAPAuthentication (id=ldap1) +auth.instance._025=# - host name and port number, host:port +auth.instance._026=# - for failover, provide multiple host:port designations +auth.instance._027=# separated by " " +auth.instance._028=# auth.instance.<n>.SSLOn: +auth.instance._029=# - parameter specific to the given authentication, +auth.instance._030=# i. e., LDAPAuthentication (id=ldap1) +auth.instance._031=# - use SSL or not for LDAP service +auth.instance._032=# auth.instance.<n>.retries: +auth.instance._033=# - parameter specific to the given authentication, +auth.instance._034=# i. e., LDAPAuthentication (id=ldap1) +auth.instance._035=# - number of authentication re-attempts when authentication failed +auth.instance._036=# auth.instance.<n>.retryConnect: +auth.instance._037=# - parameter specific to the given authentication, +auth.instance._038=# i. e., LDAPAuthentication (id=ldap1) +auth.instance._039=# - number of connection re-attempts when connection failed +auth.instance._040=# +auth.instance._041=# where +auth.instance._042=# <n> - authentication connection ID +auth.instance._043=######################################### +auth.instance.0.type=LDAP_Authentication +auth.instance.0.libraryName=[SYSTEM_USER_LIBRARIES]/[LIB_PREFIX]ldapauth[OBJ_EXT] +auth.instance.0.libraryFactory=GetAuthentication +auth.instance.0.authId=ldap1 +auth.instance.0.hostport=[LDAP_HOST]:[LDAP_PORT] +auth.instance.0.SSLOn=false +auth.instance.0.retries=1 +auth.instance.0.retryConnect=3 +auth.instance.0.baseDN=[LDAP_ROOT] +auth.instance.0.ssl=false +auth.instance.0.attributes._001=############################################## +auth.instance.0.attributes._002=# attributes will be available +auth.instance.0.attributes._003=# as $auth.<attribute>$ +auth.instance.0.attributes._004=############################################## +auth.instance.0.attributes=mail,cn,uid +auth.instance.0.ui.title.en=LDAP Authentication +auth.instance.0.ui.description.en=This authenticates user against the LDAP directory. +auth.instance.0.ui.id.UID.name.en=LDAP User ID +auth.instance.0.ui.id.PASSWORD.name.en=LDAP Password +auth.instance.0.ui.id.UID.description.en=LDAP User ID +auth.instance.0.ui.id.PASSWORD.description.en=LDAP Password +auth.instance.1.type=LDAP_Authentication +auth.instance.1.libraryName=[SYSTEM_USER_LIBRARIES]/[LIB_PREFIX]ldapauth[OBJ_EXT] +auth.instance.1.libraryFactory=GetAuthentication +auth.instance.1.authId=ldap2 +auth.instance.1.bindDN=cn=Directory Manager +auth.instance.1.bindPWD=[SERVER_ROOT]/conf/password.conf +auth.instance.1.hostport=[TOKENDB_HOST]:[TOKENDB_PORT] +auth.instance.1.SSLOn=false +auth.instance.1.retries=1 +auth.instance.1.retryConnect=3 +auth.instance.1.baseDN=[TOKENDB_ROOT] +auth.instance.1.ssl=false +auth.instance.1.attributes._001=############################################## +auth.instance.1.attributes._002=# attributes will be available +auth.instance.1.attributes._003=# as $auth.<attribute>$ +auth.instance.1.attributes._004=############################################## +auth.instance.1.attributes=mail,cn,uid +auth.instance.1.ui.title.en=LDAP Authentication +auth.instance.1.ui.description.en=This authenticates user against the LDAP directory. +auth.instance.1.ui.id.UID.name.en=LDAP User ID +auth.instance.1.ui.id.PASSWORD.name.en=LDAP Password +auth.instance.1.ui.id.UID.description.en=LDAP User ID +auth.instance.1.ui.id.PASSWORD.description.en=LDAP Password +applet._000=######################################### +applet._001=# applet information +applet._002=# SAF Key: +applet._003=# applet.aid.cardmgr_instance=A0000001510000 +applet._004=######################################### +applet.aid.cardmgr_instance=A0000000030000 +applet.aid.netkey_instance=627601FF000000 +applet.aid.netkey_file=627601FF0000 +applet.aid.netkey_old_instance=A00000000101 +applet.aid.netkey_old_file=A000000001 +applet.so_pin=000000000000 +applet.delete_old=true +general.verifyProof=1 +general.applet_ext=ijc +channel._000=######################################### +channel._001=# channel.encryption: +channel._002=# +channel._003=# - enable encryption for all operation commands to token +channel._004=# - default is true +channel._005=# channel.blocksize=242 +channel._006=# channel.defKeyVersion=1 +channel._007=# channel.defKeyIndex=1 +channel._008=######################################### +channel.encryption=true +channel.blocksize=248 +channel.defKeyVersion=1 +channel.defKeyIndex=1 +preop.pin=[PKI_RANDOM_NUMBER] +preop.cert._000=######################################### +preop.cert._001=# Installation configuration "preop" certs parameters +preop.cert._002=######################################### +preop.cert.list=sslserver,subsystem +preop.cert.sslserver.enable=true +preop.cert.subsystem.enable=true +preop.cert.sslserver.defaultSigningAlgorithm=SHA1withRSA +preop.cert.sslserver.dn=CN=[SERVER_NAME], OU=[INSTANCE_ID] +preop.cert.sslserver.keysize.customsize=2048 +preop.cert.sslserver.keysize.size=2048 +preop.cert.sslserver.keysize.select=custom +preop.cert.sslserver.nickname=Server-Cert cert-[INSTANCE_ID] +preop.cert.sslserver.profile=caInternalAuthServerCert +preop.cert.sslserver.subsystem=tps +preop.cert._003=#preop.cert.sslserver.type=local +preop.cert.sslserver.userfriendlyname=SSL Server Certificate +preop.cert._004=#preop.cert.sslserver.cncomponent.override=false +preop.cert.subsystem.defaultSigningAlgorithm=SHA1withRSA +preop.cert.subsystem.dn=CN=TPS Subsystem Certificate, OU=[INSTANCE_ID] +preop.cert.subsystem.keysize.customsize=2048 +preop.cert.subsystem.keysize.size=2048 +preop.cert.subsystem.keysize.select=custom +preop.cert.subsystem.nickname=subsystemCert cert-[INSTANCE_ID] +preop.cert.subsystem.profile=caInternalAuthSubsystemCert +preop.cert.subsystem.subsystem=tps +preop.cert._005=#preop.cert.subsystem.type=local +preop.cert.subsystem.userfriendlyname=Subsystem Certificate +preop.cert._006=#preop.cert.subsystem.cncomponent.override=true +preop.configModules._000=######################################### +preop.configModules._001=# Installation configuration "preop" module parameters +preop.configModules._002=######################################### +preop.configModules.count=3 +preop.configModules.module0.commonName=NSS Internal PKCS #11 Module +preop.configModules.module0.imagePath=../img/clearpixel.gif +preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module +preop.configModules.module1.commonName=nfast +preop.configModules.module1.imagePath=../img/clearpixel.gif +preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module +preop.configModules.module2.commonName=lunasa +preop.configModules.module2.imagePath=../img/clearpixel.gif +preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module +preop.module.token=NSS Certificate DB +preop.keysize._000=######################################### +preop.keysize._001=# Installation configuration "preop" keysize parameters +preop.keysize._002=######################################### +preop.keysize.customsize=2048 +preop.keysize.select=custom +preop.keysize.size=2048 +op.enroll._000=######################################### +op.enroll._001=# Default Operations +op.enroll._002=# +op.enroll._003=# op.<op>.mapping.order=<n>,<n>,<n> +op.enroll._004=# - contains at least one value or a series +op.enroll._005=# of comma-separated mapping values which +op.enroll._006=# are checked in sequential order +op.enroll._007=# op.<op>.mapping.<n>.filter.tokenType=userKey +op.enroll._008=# - can be either empty or token type +op.enroll._009=# specified by the client +op.enroll._010=# op.<op>.mapping.<n>.filter.tokenATR= +op.enroll._011=# - can be either empty or token ATR +op.enroll._012=# specified by the client +op.enroll._013=# op.<op>.mapping.<n>.filter.appletMajorVersion=1 +op.enroll._014=# - can be either empty or applet major version +op.enroll._015=# specified by the client +op.enroll._016=# op.<op>.mapping.<n>.filter.appletMinorVersion= +op.enroll._017=# - can be either empty or applet minor version +op.enroll._018=# specified by the client +op.enroll._019=# - if major and minor versions are both zero, this +op.enroll._020=# indicate there is no applet on the token. +op.enroll._021=# op.<op>.mapping.<n>.target.tokenType=userKey +op.enroll._022=# - if tokenType, tokenATR, appletMajorVersion, +op.enroll._023=# and appletMinorVersion are matched, value in +op.enroll._024=# targetTokenType will be used to locate +op.enroll._025=# the corresponding token profile to +op.enroll._026=# process the request. +op.enroll._027=# +op.enroll._028=# where +op.enroll._029=# <op> - operation; enroll,pinReset,format +op.enroll._030=# <n> - mapping ID; order is specifiable +op.enroll._031=# +op.enroll._032=# Token ATR: +op.enroll._033=# Web Store - 3B759400006202020201 +op.enroll._034=######################################### +op.enroll.mapping.order=0,1,2 +op.enroll.mapping.0.filter.tokenType=userKey +op.enroll.mapping.0.filter.tokenATR= +op.enroll.mapping.0.filter.tokenCUID.start= +op.enroll.mapping.0.filter.tokenCUID.end= +op.enroll.mapping.0.filter.appletMajorVersion=1 +op.enroll.mapping.0.filter.appletMinorVersion= +op.enroll.mapping.0.target.tokenType=userKey +op.enroll.mapping.1.filter.tokenType=soKey +op.enroll.mapping.1.filter.tokenATR= +op.enroll.mapping.1.filter.tokenCUID.start= +op.enroll.mapping.1.filter.tokenCUID.end= +op.enroll.mapping.1.filter.appletMajorVersion= +op.enroll.mapping.1.filter.appletMinorVersion= +op.enroll.mapping.1.target.tokenType=soKey +op.enroll.mapping.2.filter.tokenType= +op.enroll.mapping.2.filter.tokenATR= +op.enroll.mapping.2.filter.tokenCUID.start= +op.enroll.mapping.2.filter.tokenCUID.end= +op.enroll.mapping.2.filter.appletMajorVersion= +op.enroll.mapping.2.filter.appletMinorVersion= +op.enroll.mapping.2.target.tokenType=userKey +op.pinReset.mapping.order=0 +op.pinReset.mapping.0.filter.tokenType= +op.pinReset.mapping.0.filter.tokenATR= +op.pinReset.mapping.0.filter.tokenCUID.start= +op.pinReset.mapping.0.filter.tokenCUID.end= +op.pinReset.mapping.0.filter.appletMajorVersion= +op.pinReset.mapping.0.filter.appletMinorVersion= +op.pinReset.mapping.0.target.tokenType=userKey +op.format.mapping.order=0,1,2,3,4,5,6 +op.format.mapping.0.filter.tokenType=soCleanUserToken +op.format.mapping.0.filter.tokenATR= +op.format.mapping.0.filter.tokenCUID.start= +op.format.mapping.0.filter.tokenCUID.end= +op.format.mapping.0.filter.appletMajorVersion= +op.format.mapping.0.filter.appletMinorVersion= +op.format.mapping.0.target.tokenType=soCleanUserToken +op.format.mapping.1.filter.tokenType=soUserKey +op.format.mapping.1.filter.tokenATR= +op.format.mapping.1.filter.tokenCUID.start= +op.format.mapping.1.filter.tokenCUID.end= +op.format.mapping.1.filter.appletMajorVersion= +op.format.mapping.1.filter.appletMinorVersion= +op.format.mapping.1.target.tokenType=soUserKey +op.format.mapping.2.filter.tokenType=soKey +op.format.mapping.2.filter.tokenATR= +op.format.mapping.2.filter.tokenCUID.start= +op.format.mapping.2.filter.tokenCUID.end= +op.format.mapping.2.filter.appletMajorVersion= +op.format.mapping.2.filter.appletMinorVersion= +op.format.mapping.2.target.tokenType=soKey +op.format.mapping.3.filter.tokenType=userKey +op.format.mapping.3.filter.tokenATR= +op.format.mapping.3.filter.tokenCUID.start= +op.format.mapping.3.filter.tokenCUID.end= +op.format.mapping.3.filter.appletMajorVersion= +op.format.mapping.3.filter.appletMinorVersion= +op.format.mapping.3.target.tokenType=userKey +op.format.mapping.4.filter.tokenType=soCleanSOToken +op.format.mapping.4.filter.tokenATR= +op.format.mapping.4.filter.tokenCUID.start= +op.format.mapping.4.filter.tokenCUID.end= +op.format.mapping.4.filter.appletMajorVersion= +op.format.mapping.4.filter.appletMinorVersion= +op.format.mapping.5.filter.tokenType=cleanToken +op.format.mapping.5.filter.tokenATR= +op.format.mapping.5.filter.tokenCUID.start= +op.format.mapping.5.filter.tokenCUID.end= +op.format.mapping.5.filter.appletMajorVersion= +op.format.mapping.5.filter.appletMinorVersion= +op.format.mapping.5.target.tokenType=cleanToken +op.format.mapping.4.target.tokenType=soCleanSOToken +op.format.mapping.6.filter.tokenATR= +op.format.mapping.6.filter.tokenCUID.start= +op.format.mapping.6.filter.tokenCUID.end= +op.format.mapping.6.filter.appletMajorVersion= +op.format.mapping.6.filter.appletMinorVersion= +op.format.mapping.6.target.tokenType=tokenKey +op.enroll.userKey._000=######################################### +op.enroll.userKey._001=# Enrollment Operation For CoolKey +op.enroll.userKey._002=# +op.enroll.userKey._003=# op.enroll.<tokenType>.keyGen.<keyType>.keySize=1024 +op.enroll.userKey._004=# - size of the key the token should generate +op.enroll.userKey._005=# - max value: 1024 +op.enroll.userKey._006=# +op.enroll.userKey._007=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.encrypt=false +op.enroll.userKey._008=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.sign=true +op.enroll.userKey._009=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.signRecover=true +op.enroll.userKey._010=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.decrypt=false +op.enroll.userKey._011=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.derive=false +op.enroll.userKey._012=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.unwrap=false +op.enroll.userKey._013=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.wrap=false +op.enroll.userKey._014=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.verifyRecover=true +op.enroll.userKey._015=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.verify=true +op.enroll.userKey._016=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.sensitive=true +op.enroll.userKey._017=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.private=true +op.enroll.userKey._018=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.token=true +op.enroll.userKey._019=# - specify the PKCS11 attributes to set on the token +op.enroll.userKey._020=# +op.enroll.userKey._021=# op.enroll.userKey.keyGen.signing.cuid_label +op.enroll.userKey._022=# - specify the CUID shown in the certificate +op.enroll.userKey._023=# +op.enroll.userKey._024=# op.enroll.userKey.keyGen.signing.label +op.enroll.userKey._025=# - specify the token name. all resulting labels for co-existing keys +op.enroll.userKey._026=# on the same token must be unique +op.enroll.userKey._027=# - $pretty_cuid$ - Pretty Print CUID (i.e. 4090-0062-FF02-0000-0B9C) +op.enroll.userKey._028=# - $cuid$ - CUID (i.e. 40900062FF0200000B9C) +op.enroll.userKey._029=# - $msn$ - MSN +op.enroll.userKey._030=# - $userid$ - User ID +op.enroll.userKey._031=# - $profileId$ - Profile ID +op.enroll.userKey._032=# +op.enroll.userKey._033=# op.enroll.<tokenType>.keyGen.<keyType>.overwrite=true|false +op.enroll.userKey._034=# - if key and certificate exist, should RA overwrite them +op.enroll.userKey._035=# +op.enroll.userKey._036=# op.enroll.<tokenType>.keyGen.<keyType>.certId=C1 +op.enroll.userKey._037=# op.enroll.<tokenType>.keyGen.<keyType>.certAttrId=c1 +op.enroll.userKey._038=# op.enroll.<tokenType>.keyGen.<keyType>.privateKeyAttrId=k2 +op.enroll.userKey._039=# op.enroll.<tokenType>.keyGen.<keyType>.publicKeyAttrId=k3 +op.enroll.userKey._040=# op.enroll.<tokenType>.keyGen.<keyType>.privateKeyNumber=2 +op.enroll.userKey._041=# op.enroll.<tokenType>.keyGen.<keyType>.publicKeyNumber=3 +op.enroll.userKey._042=# - specify name PKCS11 object IDs +op.enroll.userKey._043=# - Lower case letters signify objects containing PKCS11 object attributes, +op.enroll.userKey._044=# in the format described below. +op.enroll.userKey._045=# 'c' An object containing PKCS11 attributes for a certificate. +op.enroll.userKey._046=# 'k' An object containing PKCS11 attributes for a public or private key +op.enroll.userKey._047=# 'r' An object containing PKCS11 attributes for an "reader". +op.enroll.userKey._048=# - Upper case letters signify objects containing raw data corresponding to +op.enroll.userKey._049=# the lower case letters described above. For example, object "C0" +op.enroll.userKey._050=# contains raw data corresponding to object "c0". +op.enroll.userKey._051=# 'C' This object contains an entire DER cert, and nothing else. +op.enroll.userKey._052=# 'K' This object contains a MUSCLE "key blob". TPS does not use this. +op.enroll.userKey._053=# +op.enroll.userKey._054=# op.enroll.<tokenType>.keyGen.<keyType>.keyUsage=0 +op.enroll.userKey._055=# op.enroll.<tokenType>.keyGen.<keyType>.keyUser=0 +op.enroll.userKey._056=# - user specifies which PIN user should be granted +op.enroll.userKey._057=# use privilege of the generated private key, or +op.enroll.userKey._058=# 15 if all users have use privilege for the private key +op.enroll.userKey._059=# - Valid uage: (only specifies the usage for the private key) +op.enroll.userKey._060=# 0 - default usage (Signing only for this APDU) +op.enroll.userKey._061=# 1 - signing only +op.enroll.userKey._062=# 2 - decryption only +op.enroll.userKey._063=# 3 - signing and decryption +op.enroll.userKey._064=# +op.enroll.userKey._065=# op.enroll.<tokenType>.pkcs11obj.enable=true|false +op.enroll.userKey._066=# - enable writing of PKCS11 cache object to the token +op.enroll.userKey._067=# +op.enroll.userKey._068=# op.enroll.<tokenType>.pkcs11obj.compress.enable=true|false +op.enroll.userKey._069=# - enable compression for writing of PKCS11 cache object to the token +op.enroll.userKey._070=# +op.enroll.userKey._071=# op.enroll.<tokenType>.pinReset.pin.maxRetries=127 +op.enroll.userKey._072=# - max number of retries before blocking the token +op.enroll.userKey._073=# - max value: 127 +op.enroll.userKey._074=# +op.enroll.userKey._075=# There is a special case of tokenType userKeyTemporary. +op.enroll.userKey._076=# Make sure the profile specified by the profileId to have +op.enroll.userKey._077=# short validity period (eg, 7 days) for the certificate. +op.enroll.userKey._078=######################################### +op.enroll.allowUnknownToken=true +op.enroll.userKey.temporaryToken.tokenType=userKeyTemporary +op.enroll.userKey.keyGen.recovery.destroyed.keyType.num=2 +op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.0=signing +op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.1=encryption +op.enroll.userKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey +op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert=true +op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0 +op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast +op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=false +op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0 +op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.num=2 +op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.0=signing +op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption +op.enroll.userKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey +op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert=true +op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1 +op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey +op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true +op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1 +op.enroll.userKey.keyGen.recovery.onHold.keyType.num=2 +op.enroll.userKey.keyGen.recovery.onHold.keyType.value.0=signing +op.enroll.userKey.keyGen.recovery.onHold.keyType.value.1=encryption +op.enroll.userKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey +op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert=true +op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert.reason=6 +op.enroll.userKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey +op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert=true +op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6 +op.enroll.userKey.keyGen.tokenName=$auth.cn$ +op.enroll.userKey.keyGen.keyType.num=2 +op.enroll.userKey.keyGen.keyType.value.0=signing +op.enroll.userKey.keyGen.keyType.value.1=encryption +op.enroll.userKey.keyGen.signing.keySize=1024 +op.enroll.userKey.keyGen.signing.public.keyCapabilities.encrypt=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.sign=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.signRecover=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.decrypt=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.derive=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.unwrap=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.wrap=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.verifyRecover=true +op.enroll.userKey.keyGen.signing.public.keyCapabilities.verify=true +op.enroll.userKey.keyGen.signing.public.keyCapabilities.sensitive=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.private=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.token=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.encrypt=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.sign=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.signRecover=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.decrypt=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.derive=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.unwrap=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.wrap=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.verifyRecover=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.verify=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.sensitive=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.private=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.token=true +op.enroll.userKey.keyGen.signing.label=signing key for $userid$ +op.enroll.userKey.keyGen.signing.cuid_label=$cuid$ +op.enroll.userKey.keyGen.signing.overwrite=true +op.enroll.userKey.keyGen.signing.certId=C1 +op.enroll.userKey.keyGen.signing.certAttrId=c1 +op.enroll.userKey.keyGen.signing.privateKeyAttrId=k2 +op.enroll.userKey.keyGen.signing.publicKeyAttrId=k3 +op.enroll.userKey.keyGen.signing.keyUsage=0 +op.enroll.userKey.keyGen.signing.keyUser=0 +op.enroll.userKey.keyGen.signing.privateKeyNumber=2 +op.enroll.userKey.keyGen.signing.publicKeyNumber=3 +op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment +op.enroll.userKey.keyGen.signing.ca.conn=ca1 +op.enroll.userKey.keyGen.signing.revokeCert=true +op.enroll.userKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher +op.enroll.userKey.keyGen.encryption.keySize=1024 +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.encrypt=true +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sign=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.signRecover=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.decrypt=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.derive=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.unwrap=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.wrap=true +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verify=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sensitive=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.private=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.token=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.encrypt=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sign=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.signRecover=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.decrypt=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.derive=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.unwrap=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.wrap=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verify=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sensitive=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.private=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.token=true +op.enroll.userKey.keyGen.encryption.label=encryption key for $userid$ +op.enroll.userKey.keyGen.encryption.cuid_label=$cuid$ +op.enroll.userKey.keyGen.encryption.overwrite=true +op.enroll.userKey.keyGen.encryption.certId=C2 +op.enroll.userKey.keyGen.encryption.certAttrId=c2 +op.enroll.userKey.keyGen.encryption.privateKeyAttrId=k4 +op.enroll.userKey.keyGen.encryption.publicKeyAttrId=k5 +op.enroll.userKey.keyGen.encryption.keyUsage=0 +op.enroll.userKey.keyGen.encryption.keyUser=0 +op.enroll.userKey.keyGen.encryption.privateKeyNumber=4 +op.enroll.userKey.keyGen.encryption.publicKeyNumber=5 +op.enroll.userKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment +op.enroll.userKey.keyGen.encryption.ca.conn=ca1 +op.enroll.userKey.keyGen.encryption.revokeCert=true +op.enroll.userKey.pkcs11obj.enable=true +op.enroll.userKey.pkcs11obj.compress.enable=true +op.enroll.userKey.update.applet.emptyToken.enable=true +op.enroll.userKey.update.applet.enable=true +op.enroll.userKey.update.applet.requiredVersion=1.3.44724DDE +op.enroll.userKey.update.applet.directory=[TPS_DIR]/applets +op.enroll.userKey.update.applet.encryption=true +op.enroll.userKey.update.symmetricKeys.enable=false +op.enroll.userKey.update.symmetricKeys.requiredVersion=1 +op.enroll.userKey.loginRequest.enable=true +op.enroll.userKey.pinReset.enable=true +op.enroll.userKey.pinReset.pin.maxRetries=127 +op.enroll.userKey.pinReset.pin.minLen=4 +op.enroll.userKey.pinReset.pin.maxLen=10 +op.enroll.userKey.cardmgr_instance=A0000000030000 +op.enroll.userKey.tks.conn=tks1 +op.enroll.userKey.auth.id=ldap1 +op.enroll.userKey.auth.enable=true +op.enroll.userKey.issuerinfo.enable=true +op.enroll.userKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi +op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.num=2 +op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing +op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption +op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey +op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true +op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0 +op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast +op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true +op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0 +op.enroll.userKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN] +op.enroll.userKey.keyGen.encryption.serverKeygen.drm.conn=drm1 +op.enroll.userKey.keyGen.encryption.serverKeygen.archive=true +op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable=true +op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1 +op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.archive=true +op.enroll.userKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary) +op.enroll.userKeyTemporary.keyGen.keyType.num=3 +op.enroll.userKeyTemporary.keyGen.keyType.value.0=auth +op.enroll.userKeyTemporary.keyGen.keyType.value.1=signing +op.enroll.userKeyTemporary.keyGen.keyType.value.2=encryption +op.enroll.userKeyTemporary.keyGen.auth.keySize=1024 +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.private=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.private=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ +op.enroll.userKeyTemporary.keyGen.auth.cuid_label=$cuid$ +op.enroll.userKeyTemporary.keyGen.auth.overwrite=false +op.enroll.userKeyTemporary.keyGen.auth.certId=C0 +op.enroll.userKeyTemporary.keyGen.auth.certAttrId=c0 +op.enroll.userKeyTemporary.keyGen.auth.privateKeyAttrId=k0 +op.enroll.userKeyTemporary.keyGen.auth.publicKeyAttrId=k1 +op.enroll.userKeyTemporary.keyGen.auth.keyUsage=0 +op.enroll.userKeyTemporary.keyGen.auth.keyUser=15 +op.enroll.userKeyTemporary.keyGen.auth.privateKeyNumber=0 +op.enroll.userKeyTemporary.keyGen.auth.publicKeyNumber=1 +op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment +op.enroll.userKeyTemporary.keyGen.auth.ca.conn=ca1 +op.enroll.userKeyTemporary.keyGen.auth.revokeCert=true +op.enroll.userKeyTemporary.keyGen.signing.keySize=1024 +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.private=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.private=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.signing.label=signing key for $userid$ +op.enroll.userKeyTemporary.keyGen.signing.cuid_label=$cuid$ +op.enroll.userKeyTemporary.keyGen.signing.overwrite=true +op.enroll.userKeyTemporary.keyGen.signing.certId=C1 +op.enroll.userKeyTemporary.keyGen.signing.certAttrId=c1 +op.enroll.userKeyTemporary.keyGen.signing.privateKeyAttrId=k2 +op.enroll.userKeyTemporary.keyGen.signing.publicKeyAttrId=k3 +op.enroll.userKeyTemporary.keyGen.signing.keyUsage=0 +op.enroll.userKeyTemporary.keyGen.signing.keyUser=0 +op.enroll.userKeyTemporary.keyGen.signing.privateKeyNumber=2 +op.enroll.userKeyTemporary.keyGen.signing.publicKeyNumber=3 +op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment +op.enroll.userKeyTemporary.keyGen.signing.ca.conn=ca1 +op.enroll.userKeyTemporary.keyGen.signing.revokeCert=true +op.enroll.userKey._080=#op.enroll.userKeyTemporary.keyGen.signing.publisherId=fileBasedPublisher +op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024 +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.encryption.label=encryption key for $userid$ +op.enroll.userKeyTemporary.keyGen.encryption.cuid_label=$cuid$ +op.enroll.userKeyTemporary.keyGen.encryption.overwrite=true +op.enroll.userKeyTemporary.keyGen.encryption.certId=C2 +op.enroll.userKeyTemporary.keyGen.encryption.certAttrId=c2 +op.enroll.userKeyTemporary.keyGen.encryption.privateKeyAttrId=k4 +op.enroll.userKeyTemporary.keyGen.encryption.publicKeyAttrId=k5 +op.enroll.userKeyTemporary.keyGen.encryption.keyUsage=0 +op.enroll.userKeyTemporary.keyGen.encryption.keyUser=0 +op.enroll.userKeyTemporary.keyGen.encryption.privateKeyNumber=4 +op.enroll.userKeyTemporary.keyGen.encryption.publicKeyNumber=5 +op.enroll.userKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment +op.enroll.userKeyTemporary.keyGen.encryption.ca.conn=ca1 +op.enroll.userKeyTemporary.keyGen.encryption.revokeCert=true +op.enroll.userKeyTemporary.pkcs11obj.enable=true +op.enroll.userKeyTemporary.pkcs11obj.compress.enable=true +op.enroll.userKeyTemporary.update.applet.emptyToken.enable=true +op.enroll.userKeyTemporary.update.applet.enable=true +op.enroll.userKeyTemporary.update.applet.requiredVersion=1.3.44724DDE +op.enroll.userKeyTemporary.update.applet.directory=[TPS_DIR]/applets +op.enroll.userKeyTemporary.update.applet.encryption=true +op.enroll.userKeyTemporary.update.symmetricKeys.enable=false +op.enroll.userKeyTemporary.update.symmetricKeys.requiredVersion=1 +op.enroll.userKeyTemporary.loginRequest.enable=true +op.enroll.userKeyTemporary.pinReset.enable=true +op.enroll.userKeyTemporary.pinReset.pin.maxRetries=127 +op.enroll.userKeyTemporary.pinReset.pin.minLen=4 +op.enroll.userKeyTemporary.pinReset.pin.maxLen=10 +op.enroll.userKeyTemporary.tks.conn=tks1 +op.enroll.userKeyTemporary.cardmgr_instance=A0000000030000 +op.enroll.userKeyTemporary.auth.id=ldap1 +op.enroll.userKeyTemporary.auth.enable=true +op.enroll.soKey.temporaryToken.tokenType=soKeyTemporary +op.enroll.soKey.keyGen.recovery.destroyed.keyType.num=2 +op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.0=signing +op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.1=encryption +op.enroll.soKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey +op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert=true +op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0 +op.enroll.soKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast +op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert=false +op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0 +op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.num=2 +op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.0=signing +op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption +op.enroll.soKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey +op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert=true +op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1 +op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey +op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true +op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1 +op.enroll.soKey.keyGen.recovery.onHold.keyType.num=2 +op.enroll.soKey.keyGen.recovery.onHold.keyType.value.0=signing +op.enroll.soKey.keyGen.recovery.onHold.keyType.value.1=encryption +op.enroll.soKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey +op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert=true +op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert.reason=6 +op.enroll.soKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey +op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert=true +op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6 +op.enroll.soKey.keyGen.tokenName=$auth.cn$ +op.enroll.soKey.keyGen.keyType.num=2 +op.enroll.soKey.keyGen.keyType.value.0=signing +op.enroll.soKey.keyGen.keyType.value.1=encryption +op.enroll.soKey.keyGen.signing.keySize=1024 +op.enroll.soKey.keyGen.signing.public.keyCapabilities.encrypt=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.sign=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.signRecover=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.decrypt=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.derive=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.unwrap=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.wrap=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.verifyRecover=true +op.enroll.soKey.keyGen.signing.public.keyCapabilities.verify=true +op.enroll.soKey.keyGen.signing.public.keyCapabilities.sensitive=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.private=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.token=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.encrypt=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.sign=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.signRecover=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.decrypt=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.derive=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.unwrap=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.wrap=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.verifyRecover=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.verify=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.sensitive=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.private=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.token=true +op.enroll.soKey.keyGen.signing.label=signing key for $userid$ +op.enroll.soKey.keyGen.signing.cuid_label=$cuid$ +op.enroll.soKey.keyGen.signing.overwrite=true +op.enroll.soKey.keyGen.signing.certId=C1 +op.enroll.soKey.keyGen.signing.certAttrId=c1 +op.enroll.soKey.keyGen.signing.privateKeyAttrId=k2 +op.enroll.soKey.keyGen.signing.publicKeyAttrId=k3 +op.enroll.soKey.keyGen.signing.keyUsage=0 +op.enroll.soKey.keyGen.signing.keyUser=0 +op.enroll.soKey.keyGen.signing.privateKeyNumber=2 +op.enroll.soKey.keyGen.signing.publicKeyNumber=3 +op.enroll.soKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment +op.enroll.soKey.keyGen.signing.ca.conn=ca1 +op.enroll.soKey.keyGen.signing.revokeCert=true +op.enroll.soKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher +op.enroll.soKey.keyGen.encryption.keySize=1024 +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.encrypt=true +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sign=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.signRecover=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.decrypt=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.derive=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.unwrap=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.wrap=true +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verify=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sensitive=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.private=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.token=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.encrypt=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sign=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.signRecover=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.decrypt=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.derive=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.unwrap=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.wrap=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verify=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sensitive=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.private=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.token=true +op.enroll.soKey.keyGen.encryption.label=encryption key for $userid$ +op.enroll.soKey.keyGen.encryption.cuid_label=$cuid$ +op.enroll.soKey.keyGen.encryption.overwrite=true +op.enroll.soKey.keyGen.encryption.certId=C2 +op.enroll.soKey.keyGen.encryption.certAttrId=c2 +op.enroll.soKey.keyGen.encryption.privateKeyAttrId=k4 +op.enroll.soKey.keyGen.encryption.publicKeyAttrId=k5 +op.enroll.soKey.keyGen.encryption.keyUsage=0 +op.enroll.soKey.keyGen.encryption.keyUser=0 +op.enroll.soKey.keyGen.encryption.privateKeyNumber=4 +op.enroll.soKey.keyGen.encryption.publicKeyNumber=5 +op.enroll.soKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment +op.enroll.soKey.keyGen.encryption.ca.conn=ca1 +op.enroll.soKey.keyGen.encryption.revokeCert=true +op.enroll.soKey.pkcs11obj.enable=true +op.enroll.soKey.pkcs11obj.compress.enable=true +op.enroll.soKey.update.applet.emptyToken.enable=true +op.enroll.soKey.update.applet.enable=true +op.enroll.soKey.update.applet.requiredVersion=1.3.44724DDE +op.enroll.soKey.update.applet.directory=[TPS_DIR]/applets +op.enroll.soKey.update.applet.encryption=true +op.enroll.soKey.update.symmetricKeys.enable=false +op.enroll.soKey.update.symmetricKeys.requiredVersion=1 +op.enroll.soKey.loginRequest.enable=true +op.enroll.soKey.pinReset.enable=true +op.enroll.soKey.pinReset.pin.maxRetries=127 +op.enroll.soKey.pinReset.pin.minLen=4 +op.enroll.soKey.pinReset.pin.maxLen=10 +op.enroll.soKey.cardmgr_instance=A0000000030000 +op.enroll.soKey.tks.conn=tks1 +op.enroll.soKey.auth.id=ldap2 +op.enroll.soKey.auth.enable=true +op.enroll.soKey.issuerinfo.enable=true +op.enroll.soKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/so/index.cgi +op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.num=2 +op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing +op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption +op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey +op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true +op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0 +op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast +op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true +op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0 +op.enroll.soKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN] +op.enroll.soKey.keyGen.encryption.serverKeygen.drm.conn=drm1 +op.enroll.soKey.keyGen.encryption.serverKeygen.archive=true +op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable=true +op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1 +op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.archive=true +op.enroll.soKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary) +op.enroll.soKeyTemporary.keyGen.keyType.num=3 +op.enroll.soKeyTemporary.keyGen.keyType.value.0=auth +op.enroll.soKeyTemporary.keyGen.keyType.value.1=signing +op.enroll.soKeyTemporary.keyGen.keyType.value.2=encryption +op.enroll.soKeyTemporary.keyGen.auth.keySize=1024 +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.private=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.private=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ +op.enroll.soKeyTemporary.keyGen.auth.cuid_label=$cuid$ +op.enroll.soKeyTemporary.keyGen.auth.overwrite=false +op.enroll.soKeyTemporary.keyGen.auth.certId=C0 +op.enroll.soKeyTemporary.keyGen.auth.certAttrId=c0 +op.enroll.soKeyTemporary.keyGen.auth.privateKeyAttrId=k0 +op.enroll.soKeyTemporary.keyGen.auth.publicKeyAttrId=k1 +op.enroll.soKeyTemporary.keyGen.auth.keyUsage=0 +op.enroll.soKeyTemporary.keyGen.auth.keyUser=15 +op.enroll.soKeyTemporary.keyGen.auth.privateKeyNumber=0 +op.enroll.soKeyTemporary.keyGen.auth.publicKeyNumber=1 +op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment +op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1 +op.enroll.soKeyTemporary.keyGen.auth.revokeCert=true +op.enroll.soKeyTemporary.keyGen.signing.keySize=1024 +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.private=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.private=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.signing.label=signing key for $userid$ +op.enroll.soKeyTemporary.keyGen.signing.cuid_label=$cuid$ +op.enroll.soKeyTemporary.keyGen.signing.overwrite=true +op.enroll.soKeyTemporary.keyGen.signing.certId=C1 +op.enroll.soKeyTemporary.keyGen.signing.certAttrId=c1 +op.enroll.soKeyTemporary.keyGen.signing.privateKeyAttrId=k2 +op.enroll.soKeyTemporary.keyGen.signing.publicKeyAttrId=k3 +op.enroll.soKeyTemporary.keyGen.signing.keyUsage=0 +op.enroll.soKeyTemporary.keyGen.signing.keyUser=0 +op.enroll.soKeyTemporary.keyGen.signing.privateKeyNumber=2 +op.enroll.soKeyTemporary.keyGen.signing.publicKeyNumber=3 +op.enroll.soKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment +op.enroll.soKeyTemporary.keyGen.signing.ca.conn=ca1 +op.enroll.soKeyTemporary.keyGen.signing.revokeCert=true +op.enroll.soKeyTemporary.keyGen.encryption.keySize=1024 +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.encryption.label=encryption key for $userid$ +op.enroll.soKeyTemporary.keyGen.encryption.cuid_label=$cuid$ +op.enroll.soKeyTemporary.keyGen.encryption.overwrite=true +op.enroll.soKeyTemporary.keyGen.encryption.certId=C2 +op.enroll.soKeyTemporary.keyGen.encryption.certAttrId=c2 +op.enroll.soKeyTemporary.keyGen.encryption.privateKeyAttrId=k4 +op.enroll.soKeyTemporary.keyGen.encryption.publicKeyAttrId=k5 +op.enroll.soKeyTemporary.keyGen.encryption.keyUsage=0 +op.enroll.soKeyTemporary.keyGen.encryption.keyUser=0 +op.enroll.soKeyTemporary.keyGen.encryption.privateKeyNumber=4 +op.enroll.soKeyTemporary.keyGen.encryption.publicKeyNumber=5 +op.enroll.soKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment +op.enroll.soKeyTemporary.keyGen.encryption.ca.conn=ca1 +op.enroll.soKeyTemporary.keyGen.encryption.revokeCert=true +op.enroll.soKeyTemporary.pkcs11obj.enable=true +op.enroll.soKeyTemporary.pkcs11obj.compress.enable=true +op.enroll.soKeyTemporary.update.applet.emptyToken.enable=true +op.enroll.soKeyTemporary.update.applet.enable=true +op.enroll.soKeyTemporary.update.applet.requiredVersion=1.3.44724DDE +op.enroll.soKeyTemporary.update.applet.directory=[TPS_DIR]/applets +op.enroll.soKeyTemporary.update.applet.encryption=true +op.enroll.soKeyTemporary.update.symmetricKeys.enable=false +op.enroll.soKeyTemporary.update.symmetricKeys.requiredVersion=1 +op.enroll.soKeyTemporary.loginRequest.enable=true +op.enroll.soKeyTemporary.pinReset.enable=true +op.enroll.soKeyTemporary.pinReset.pin.maxRetries=127 +op.enroll.soKeyTemporary.pinReset.pin.minLen=4 +op.enroll.soKeyTemporary.pinReset.pin.maxLen=10 +op.enroll.soKeyTemporary.cardmgr_instance=A0000000030000 +op.enroll.soKeyTemporary.tks.conn=tks1 +op.enroll.soKeyTemporary.tks.keySet=defKeyset +op.enroll.soKeyTemporary.auth.id=ldap2 +op.enroll.soKeyTemporary.auth.enable=true +op.pinReset._000=######################################### +op.pinReset._001=# Certificate Chain Imports +op.pinReset._002=# +op.pinReset._003=# op.enroll.certificates.num=1 +op.pinReset._004=# op.enroll.certificates.value.0=caCert +op.pinReset._005=# op.enroll.certificates.caCert.nickName=caCert0 pki-tps +op.pinReset._006=# op.enroll.certificates.caCert.certId=C5 +op.pinReset._007=# op.enroll.certificates.caCert.certAttrId=c5 +op.pinReset._008=# op.enroll.certificates.caCert.label=caCert Label +op.pinReset._009=######################################### +op.pinReset._010=######################################### +op.pinReset._011=# Pin Reset Operation For CoolKey +op.pinReset._012=# +op.pinReset._013=# op.pinReset.userKey.update.applet.emptyToken.enable=false +op.pinReset._014=# - update applet or not if token is empty +op.pinReset._015=# +op.pinReset._016=# - N/A for HouseKey +op.pinReset._017=# - N/A for HouseKey with Legacy Applet +op.pinReset._018=######################################### +op.pinReset.userKey.update.applet.emptyToken.enable=true +op.pinReset.userKey.update.applet.enable=false +op.pinReset.userKey.update.applet.requiredVersion=1.3.44724DDE +op.pinReset.userKey.update.applet.directory=[TPS_DIR]/applets +op.pinReset.userKey.update.applet.encryption=true +op.pinReset.userKey.update.symmetricKeys.enable=false +op.pinReset.userKey.update.symmetricKeys.requiredVersion=1 +op.pinReset.userKey.loginRequest.enable=true +op.pinReset.userKey.pinReset.pin.minLen=4 +op.pinReset.userKey.pinReset.pin.maxLen=10 +op.pinReset.userKey.tks.conn=tks1 +op.pinReset.userKey.cardmgr_instance=A0000000030000 +op.pinReset.userKey.auth.id=ldap1 +op.pinReset.userKey.auth.enable=true +op.format._000=######################################### +op.format._001=# Format Operation For tokenKey +op.format._002=# +op.format._003=# op.format.tokenKey.update.applet.emptyToken.enable=false +op.format._004=# - update applet or not if token is empty +op.format._005=# +op.format._006=# - applicable to CoolKey +op.format._007=# - applicable to HouseKey +op.format._008=# - applicable to HouseKey with Legacy Applet +op.format._009=######################################### +op.format.allowUnknownToken=true +op.format.soCleanUserToken.update.applet.emptyToken.enable=true +op.format.soCleanUserToken.update.applet.requiredVersion=1.3.44724DDE +op.format.soCleanUserToken.update.applet.directory=[TPS_DIR]/applets +op.format.soCleanUserToken.update.applet.encryption=true +op.format.soCleanUserToken.update.symmetricKeys.enable=false +op.format.soCleanUserToken.update.symmetricKeys.requiredVersion=1 +op.format.soCleanUserToken.revokeCert=true +op.format.soCleanUserToken.ca.conn=ca1 +op.format.soCleanUserToken.loginRequest.enable=false +op.format.soCleanUserToken.cardmgr_instance=A0000000030000 +op.format.soCleanUserToken.tks.conn=tks1 +op.format.soCleanUserToken.auth.id=ldap1 +op.format.soCleanUserToken.auth.enable=false +op.format.soCleanUserToken.issuerinfo.enable=true +op.format.soCleanUserToken.issuerinfo.value= +op.format.soCleanSOToken.update.applet.emptyToken.enable=true +op.format.soCleanSOToken.update.applet.requiredVersion=1.3.44724DDE +op.format.soCleanSOToken.update.applet.directory=[TPS_DIR]/applets +op.format.soCleanSOToken.update.applet.encryption=true +op.format.soCleanSOToken.update.symmetricKeys.enable=false +op.format.soCleanSOToken.update.symmetricKeys.requiredVersion=1 +op.format.soCleanSOToken.revokeCert=true +op.format.soCleanSOToken.ca.conn=ca1 +op.format.soCleanSOToken.loginRequest.enable=false +op.format.soCleanSOToken.cardmgr_instance=A0000000030000 +op.format.soCleanSOToken.tks.conn=tks1 +op.format.soCleanSOToken.auth.id=ldap1 +op.format.soCleanSOToken.auth.enable=false +op.format.soCleanSOToken.issuerinfo.enable=true +op.format.soCleanSOToken.issuerinfo.value= +op.format.cleanToken.update.applet.emptyToken.enable=true +op.format.cleanToken.update.applet.requiredVersion=1.3.44724DDE +op.format.cleanToken.update.applet.directory=[TPS_DIR]/applets +op.format.cleanToken.update.applet.encryption=true +op.format.cleanToken.update.symmetricKeys.enable=false +op.format.cleanToken.update.symmetricKeys.requiredVersion=1 +op.format.cleanToken.revokeCert=true +op.format.cleanToken.ca.conn=ca1 +op.format.cleanToken.loginRequest.enable=true +op.format.cleanToken.cardmgr_instance=A0000000030000 +op.format.cleanToken.tks.conn=tks1 +op.format.cleanToken.auth.id=ldap1 +op.format.cleanToken.auth.enable=false +op.format.cleanToken.issuerinfo.enable=true +op.format.cleanToken.issuerinfo.value= +op.format.soUserKey.update.applet.emptyToken.enable=true +op.format.soUserKey.update.applet.requiredVersion=1.3.44724DDE +op.format.soUserKey.update.applet.directory=[TPS_DIR]/applets +op.format.soUserKey.update.applet.encryption=true +op.format.soUserKey.update.symmetricKeys.enable=false +op.format.soUserKey.update.symmetricKeys.requiredVersion=1 +op.format.soUserKey.revokeCert=true +op.format.soUserKey.ca.conn=ca1 +op.format.soUserKey.loginRequest.enable=false +op.format.soUserKey.cardmgr_instance=A0000000030000 +op.format.soUserKey.tks.conn=tks1 +op.format.soUserKey.auth.id=ldap1 +op.format.soUserKey.auth.enable=false +op.format.soUserKey.issuerinfo.enable=true +op.format.soUserKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi +op.format.soKey.update.applet.emptyToken.enable=true +op.format.soKey.update.applet.requiredVersion=1.3.44724DDE +op.format.soKey.update.applet.directory=[TPS_DIR]/applets +op.format.soKey.update.applet.encryption=true +op.format.soKey.update.symmetricKeys.enable=false +op.format.soKey.update.symmetricKeys.requiredVersion=1 +op.format.soKey.revokeCert=true +op.format.soKey.ca.conn=ca1 +op.format.soKey.loginRequest.enable=true +op.format.soKey.cardmgr_instance=A0000000030000 +op.format.soKey.tks.conn=tks1 +op.format.soKey.auth.id=ldap2 +op.format.soKey.auth.enable=true +op.format.soKey.issuerinfo.enable=true +op.format.soKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/so/index.cgi +op.format.userKey.update.applet.emptyToken.enable=true +op.format.userKey.update.applet.requiredVersion=1.3.44724DDE +op.format.userKey.update.applet.directory=[TPS_DIR]/applets +op.format.userKey.update.applet.encryption=true +op.format.userKey.update.symmetricKeys.enable=false +op.format.userKey.update.symmetricKeys.requiredVersion=1 +op.format.userKey.revokeCert=true +op.format.userKey.ca.conn=ca1 +op.format.userKey.loginRequest.enable=true +op.format.userKey.cardmgr_instance=A0000000030000 +op.format.userKey.tks.conn=tks1 +op.format.userKey.auth.id=ldap1 +op.format.userKey.auth.enable=true +op.format.userKey.issuerinfo.enable=true +op.format.userKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi +op.format.tokenKey.update.applet.emptyToken.enable=true +op.format.tokenKey.update.applet.requiredVersion=1.3.44724DDE +op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets +op.format.tokenKey.update.applet.encryption=true +op.format.tokenKey.update.symmetricKeys.enable=false +op.format.tokenKey.update.symmetricKeys.requiredVersion=1 +op.format.tokenKey.revokeCert=true +op.format.tokenKey.ca.conn=ca1 +op.format.tokenKey.loginRequest.enable=true +op.format.tokenKey.cardmgr_instance=A0000000030000 +op.format.tokenKey.tks.conn=tks1 +op.format.tokenKey.auth.id=ldap1 +op.format.tokenKey.auth.enable=true +op.format.tokenKey.issuerinfo.enable=true +op.format.tokenKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi +tokendb._000=######################################### +tokendb._001=# tokendb.auditLog: +tokendb._002=# - audit log path +tokendb._003=# tokendb.host: +tokendb._004=# - tokendb host name +tokendb._005=# tokendb.port: +tokendb._006=# - tokendb port number +tokendb._007=# tokendb.bindDN: +tokendb._008=# - tokendb administration DN (i.e. cn=Directory Manager) +tokendb._009=# tokendb.bindPassPath: +tokendb._010=# - tokendb administration password file path +tokendb._011=# tokendb.templateDir +tokendb._012=# - directory where all the tokendb templates are located +tokendb._013=# tokendb.userBaseDN: +tokendb._014=# - directory base DN for users and groups +tokendb._015=# tokendb.baseDN: +tokendb._016=# - directory base DN for tokens +tokendb._017=# tokendb.activityBaseDN: +tokendb._018=# - directory base DN for activities +tokendb._019=# tokendb.indexTemplate=index.template +tokendb._020=# - index template +tokendb._021=# tokendb.newTemplate=new.template +tokendb._022=# - add template +tokendb._023=# tokendb.showTemplate=show.template +tokendb._024=# - show template +tokendb._025=# tokendb.errorTemplate=error.template +tokendb._026=# - error template +tokendb._027=# tokendb.searchTemplate=search.template +tokendb._028=# - search template +tokendb._029=# tokendb.searchResultTemplate=searchResults.template +tokendb._030=# - search result template +tokendb._031=# tokendb.editTemplate=edit.template +tokendb._032=# - edit template +tokendb._033=# tokendb.editResultTemplate=editResults.template +tokendb._034=# - edit result template +tokendb._035=# tokendb.addResultTemplate=addResults.template +tokendb._036=# - add result template +tokendb._037=# tokendb.deleteResultTemplate=deleteResults.template +tokendb._038=# - delete result template +tokendb._039=# tokendb.searchActivityTemplate=searchActivity.template +tokendb._040=# - search activity template +tokendb._041=# tokendb.searchActivityResultTemplate=searchActivityResults.template +tokendb._042=# - search activity result template +tokendb._043=# tokendb.showAdminTemplate=showAdmin.template +tokendb._044=# - show admin template +tokendb._045=# tokendb.editAdminTemplate=editAdmin.template +tokendb._046=# - edit admin template +tokendb._047=# tokendb.editAdminResultTemplate=editAdminResults.template +tokendb._048=# - edit admin result template +tokendb._049=# tokendb.searchAdminTemplate=searchAdmin.template +tokendb._050=# - search admin template +tokendb._051=# tokendb.searchAdminResultTemplate=searchAdminResults.template +tokendb._052=# - search admin result template +tokendb._053=# tokendb.defaultPolicy: +tokendb._054=# Supported Policy (Separated by ; [Semicolon]): +tokendb._055=# For example, PIN_RESET=YES|NO;RE_ENROLL=YES|NO +tokendb._056=# PIN_RESET=YES|NO +tokendb._057=# - If not present, pin reset by user is allowed. +tokendb._058=# - If present and agent change PIN_RESET from NO +tokendb._059=# to YES, user is allowed to do pin reset. This +tokendb._060=# policy will be changed back to NO after pin reset. +tokendb._061=# RE_ENROLL=YES|NO +tokendb._062=# - If not present, re-enrollment is allowed. +tokendb._063=# - If present, re-enrollment is allowed when RE_ENROLL +tokendb._064=# is set to YES. Otherwise, re-enrollment is not +tokendb._065=# allowed. +tokendb._066=######################################### +tokendb.auditLog=[SERVER_ROOT]/[INSTANCE_ID]/logs/tokendb-audit.log +tokendb.hostport=[TOKENDB_HOST]:[TOKENDB_PORT] +tokendb.ssl=false +tokendb.bindDN=cn=Directory Manager +tokendb.bindPassPath=[SERVER_ROOT]/conf/password.conf +tokendb.templateDir=[SERVER_ROOT]/docroot/tus +tokendb.userBaseDN=[TOKENDB_ROOT] +tokendb.baseDN=ou=Tokens,[TOKENDB_ROOT] +tokendb.activityBaseDN=ou=Activities,[TOKENDB_ROOT] +tokendb.certBaseDN=ou=Certificates,[TOKENDB_ROOT] +tokendb.indexTemplate=index.template +tokendb.indexAdminTemplate=indexAdmin.template +tokendb.newTemplate=new.template +tokendb.showTemplate=show.template +tokendb.showCertTemplate=showCert.template +tokendb.errorTemplate=error.template +tokendb.searchTemplate=search.template +tokendb.searchResultTemplate=searchResults.template +tokendb.searchCertificateResultTemplate=searchCertificateResults.template +tokendb.editTemplate=edit.template +tokendb.editResultTemplate=editResults.template +tokendb.addResultTemplate=addResults.template +tokendb.deleteTemplate=delete.template +tokendb.deleteResultTemplate=deleteResults.template +tokendb.searchActivityTemplate=searchActivity.template +tokendb.searchCertificateTemplate=searchCertificate.template +tokendb.searchActivityResultTemplate=searchActivityResults.template +tokendb.showAdminTemplate=showAdmin.template +tokendb.doTokenTemplate=doToken.template +tokendb.doTokenConfirmTemplate=doTokenConfirm.template +tokendb.revokeTemplate=revoke.template +tokendb.editAdminTemplate=editAdmin.template +tokendb.editAdminResultTemplate=editAdminResults.template +tokendb.searchAdminTemplate=searchAdmin.template +tokendb.searchAdminResultTemplate=searchAdminResults.template +tokendb.defaultPolicy=RE_ENROLL=YES |