_000=## _001=## Token Processing System (TPS) Configuration File _002=## pidDir=[PKI_PIDDIR] pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] pkicreate.pki_instance_name=[PKI_INSTANCE_ID] pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] pkicreate.secure_port=[SECURE_PORT] pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT] pkicreate.unsecure_port=[PORT] pkicreate.user=[PKI_USER] pkicreate.group=[PKI_GROUP] pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] cs.type=TPS selftests._000=## selftests._001=## Self Tests selftests._002=## selftests._003=## The Self-Test plugin TPSSystemCertsVerification uses the selftests._004=## following parameters (where certusage is optional): selftests._005=## tps.cert.list = selftests._006=## tps.cert..nickname selftests._007=## tps.cert..certusage selftests._008=## selftests.container.logger.enable=true selftests.container.logger.expirationTime=0 selftests.container.logger.file.type=RollingLogFile selftests.container.logger.fileName=[SERVER_ROOT]/logs/selftests.log selftests.container.logger.level=10 selftests.container.logger.maxFileSize=2000 selftests.container.logger.rolloverInterval=2592000 selftests.container.order.startup=TPSPresence:critical, TPSSystemCertsVerification:critical selftests.container.order.onDemand=TPSPresence:critical, TPSValidity:critical, TPSSystemCertsVerification:critical selftests.plugin.TPSPresence.nickname=[HSM_LABEL][NICKNAME] selftests.plugin.TPSValidity.nickname=[HSM_LABEL][NICKNAME] service.machineName=[SERVER_NAME] service.instanceDir=[SERVER_ROOT] service.securePort=[SECURE_PORT] service.non_clientauth_securePort=[NON_CLIENTAUTH_SECURE_PORT] service.unsecurePort=[PORT] service.instanceID=[PKI_INSTANCE_ID] logging._000=######################################### logging._001=# RA configuration File logging._002=# logging._003=# All <...> must be replaced with logging._004=# appropriate values. logging._005=######################################### logging._006=######################################## logging._007=# logging logging._008=# logging._009=# logging.debug.enable: logging._010=# logging.audit.enable: logging._011=# logging.error.enable: logging._012=# - enable or disable the corresponding logging logging._013=# logging.debug.filename: logging._014=# logging.audit.filename: logging._015=# logging.error.filename: logging._016=# - name of the log file logging._017=# logging.debug.level: logging._018=# logging.audit.level: logging._019=# logging.error.level: logging._020=# - level of logging. (0-10) logging._021=# 0 - no logging, logging._022=# 4 - LL_PER_SERVER these messages will occur only once logging._023=# during the entire invocation of the logging._024=# server, e. g. at startup or shutdown logging._025=# time., reading the conf parameters. logging._026=# Perhaps other infrequent events logging._027=# relating to failing over of CA, TKS, logging._028=# too logging._029=# 6 - LL_PER_CONNECTION these messages happen once per logging._030=# connection - most of the log events logging._031=# will be at this level logging._032=# 8 - LL_PER_PDU these messages relate to PDU logging._033=# processing. If you have something that logging._034=# is done for every PDU, such as logging._035=# applying the MAC, it should be logged logging._036=# at this level logging._037=# 9 - LL_ALL_DATA_IN_PDU dump all the data in the PDU - a more logging._038=# chatty version of the above logging._039=# 10 - all logging logging._040=# logging.audit.buffer.size: # in bytes logging._041=# logging.audit.flush.interval: # in seconds, 0 disables flush thread logging._042=# logging.*.file.type: logging._043=# - file type: RollingLogFile or LogFile logging._044=# logging.*.rolloverInterval: logging._045=# - interval to roll over logs (seconds), 0 to disable rollover logging._046=# logging.*.maxFileSize: logging._047=# - size at which file rollover occurs, in kB logging._048=# logging.*.expirationTime: logging._049=# - maximum age of log, older unmodified logs are deleted( in seconds, 0 to disable) logging._050=######################################### logging.debug.enable=true logging.debug.filename=[SERVER_ROOT]/logs/tps-debug.log logging.debug.level=10 logging.debug.file.type=RollingLogFile logging.debug.maxFileSize=2000 logging.debug.rolloverInterval=2592000 logging.debug.expirationTime=0 logging.audit.enable=true logging.audit.filename=[SERVER_ROOT]/logs/tps-audit.log logging.audit.signedAuditFilename=[SERVER_ROOT]/logs/signedAudit/tps_audit logging.audit.level=10 logging.audit.logSigning=false logging.audit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_ID] logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION logging.audit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,LOGGING_SIGNED_AUDIT_SIGNING logging.audit.buffer.size=512 logging.audit.flush.interval=5 logging.audit.file.type=RollingLogFile logging.audit.maxFileSize=2000 logging.audit.rolloverInterval=2592000 logging.audit.expirationTime=0 logging.error.enable=true logging.error.filename=[SERVER_ROOT]/logs/tps-error.log logging.error.level=10 logging.error.file.type=RollingLogFile logging.error.maxFileSize=2000 logging.error.rolloverInterval=2592000 logging.error.expirationTime=0 conn.ca1._000=######################################### conn.ca1._001=# CA connection conn.ca1._002=# conn.ca1._003=# conn.ca.hostport: conn.ca1._004=# - host name and port number of your CA, format is host:port conn.ca1._005=# conn.ca.clientNickname: conn.ca1._006=# - nickname of the client certificate for conn.ca1._007=# authentication conn.ca1._008=# conn.ca.servlet.enrollment: conn.ca1._009=# - servlet to contact in CA conn.ca1._010=# - must be '/ca/profileSubmitSSLClient' conn.ca1._011=# conn.ca.retryConnect: conn.ca1._012=# - number of reconnection attempts on failure conn.ca1._013=# conn.ca.timeout: conn.ca1._014=# - connection timeout conn.ca1._015=# conn.ca.SSLOn: conn.ca1._016=# - enable SSL or not conn.ca1._017=# conn.ca.keepAlive: conn.ca1._018=# - enable keep alive or not conn.ca1._019=# conn.ca1._020=# where conn.ca1._021=# - CA connection ID conn.ca1._022=######################################### failover.pod.enable=false conn.ca1.hostport=[CA_HOST]:[CA_PORT] conn.ca1.clientNickname=[HSM_LABEL][NICKNAME] conn.ca1.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient conn.ca1.servlet.renewal=/ca/ee/ca/profileSubmitSSLClient conn.ca1.servlet.revoke=/ca/ee/subsystem/ca/doRevoke conn.ca1.servlet.unrevoke=/ca/ee/subsystem/ca/doUnrevoke conn.ca1.retryConnect=3 conn.ca1.timeout=100 conn.ca1.SSLOn=true conn.ca1.keepAlive=true conn.tks1._000=######################################### conn.tks1._001=# TKS connection conn.tks1._002=# conn.tks1._003=# conn.tks.hostport: conn.tks1._004=# - host name and port number of your TKS, the format is host:port conn.tks1._005=# conn.tks.clientNickname: conn.tks1._006=# - nickname of the client certificate for conn.tks1._007=# authentication conn.tks1._008=# conn.tks.servlet.computeSessionKey: conn.tks1._009=# - servlet to compute session key conn.tks1._010=# - must be '/tks/computeSessionKey' conn.tks1._011=# conn.tks.servlet.encryptData: conn.tks1._012=# - servlet to encrypt data conn.tks1._013=# - must be '/tks/encryptData' conn.tks1._014=# conn.tks.servlet.createKeySetData: conn.tks1._015=# - servlet to create key set data conn.tks1._016=# - must be '/tks/createKeySetData' conn.tks1._017=# conn.tks.retryConnect: conn.tks1._018=# - number of reconnection attempts on failure conn.tks1._019=# conn.tks.SSLOn conn.tks1._020=# - enable SSL or not conn.tks1._021=# conn.tks.keepAlive: conn.tks1._022=# - enable keep alive or not conn.tks1._023=# conn.tks1._024=# where conn.tks1._025=# - TKS connection ID conn.tks1._026=# conn.tks.tksSharedSymKeyName: conn.tks1._027=# - set shared secret key name conn.tks1._028=######################################### conn.tks1.hostport=[TKS_HOST]:[TKS_PORT] conn.tks1.clientNickname=[HSM_LABEL][NICKNAME] conn.tks1.servlet.computeSessionKey=/tks/agent/tks/computeSessionKey conn.tks1.servlet.encryptData=/tks/agent/tks/encryptData conn.tks1.servlet.createKeySetData=/tks/agent/tks/createKeySetData conn.tks1.servlet.computeRandomData=/tks/agent/tks/computeRandomData conn.tks1.retryConnect=3 conn.tks1.timeout=100 conn.tks1.generateHostChallenge=true conn.tks1.SSLOn=true conn.tks1.keepAlive=false conn.tks1.keySet=defKeySet conn.tks1.serverKeygen=[SERVER_KEYGEN] conn.tks1.tksSharedSymKeyName=sharedSecret conn.drm1._000=######################################### conn.drm1._001=# DRM connection conn.drm1._002=# conn.drm1._003=#conn.drm.totalConns conn.drm1._004=# - # of DRM connections conn.drm1._005=#conn.drm.hostport conn.drm1._006=# - host name and port number of your DRM, the format is host:port conn.drm1._007=#conn.drm.clientNickname conn.drm1._008=# - nickname of the client certificate for conn.drm1._009=# authentication conn.drm1._010=#conn.drm.servlet.GenerateKeyPair conn.drm1._011=# - servlet to generate key pairs and archive keys on DRM conn.drm1._012=# - must be '/kra/GenerateKeyPair' conn.drm1._013=#conn.drm.servlet.TokenKeyRecovery=/kra/TokenKeyRecovery conn.drm1._014=# - servlet to handle key recovery conn.drm1._015=# - must be '/kra/TokenKeyRecovery' conn.drm1._016=#conn.drm.retryConnect=3 conn.drm1._017=# - number of reconnection attempts on failure conn.drm1._018=#conn.drm.SSLOn=true conn.drm1._019=# - enable SSL or not conn.drm1._020=#conn.drm.keepAlive=false conn.drm1._021=# - enable keep alive or not conn.drm1._022=# conn.drm1._023=# where conn.drm1._024=# - DRM connection ID conn.drm1._025=######################################### conn.drm.totalConns=1 conn.drm1.hostport=[DRM_HOST]:[DRM_PORT] conn.drm1.clientNickname=[HSM_LABEL][NICKNAME] conn.drm1.servlet.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair conn.drm1.servlet.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery conn.drm1.retryConnect=3 conn.drm1.timeout=100 conn.drm1.SSLOn=true conn.drm1.keepAlive=false auth.instance._000=######################################## auth.instance._001=# publishing auth.instance._002=# auth.instance._003=# publisher.instance..libraryName: auth.instance._004=# - name of the library specified with a fully qualified path name auth.instance._005=# publisher.instance..libraryFactory: auth.instance._006=# - the name of the function which instantiates the publisher auth.instance._007=# publisher.instance..publisherId: auth.instance._008=# - the publisher ID auth.instance._009=# auth.instance._010=# where auth.instance._011=# - publisher connection ID auth.instance._012=######################################## auth.instance._013=######################################### auth.instance._014=# authentication auth.instance._015=# auth.instance._016=# auth.instance..libraryName: auth.instance._017=# - name of the library specified with a fully qualified path name auth.instance._018=# auth.instance..libraryFactory: auth.instance._019=# - the name of the function which instantiates the authentication auth.instance._020=# auth.instance..authId auth.instance._021=# - the authentication ID auth.instance._022=# auth.instance..hostport auth.instance._023=# - parameter specific to the given authentication, auth.instance._024=# i. e., LDAPAuthentication (id=ldap1) auth.instance._025=# - host name and port number, host:port auth.instance._026=# - for failover, provide multiple host:port designations auth.instance._027=# separated by " " auth.instance._028=# auth.instance..SSLOn: auth.instance._029=# - parameter specific to the given authentication, auth.instance._030=# i. e., LDAPAuthentication (id=ldap1) auth.instance._031=# - use SSL or not for LDAP service auth.instance._032=# auth.instance..retries: auth.instance._033=# - parameter specific to the given authentication, auth.instance._034=# i. e., LDAPAuthentication (id=ldap1) auth.instance._035=# - number of authentication re-attempts when authentication failed auth.instance._036=# auth.instance..retryConnect: auth.instance._037=# - parameter specific to the given authentication, auth.instance._038=# i. e., LDAPAuthentication (id=ldap1) auth.instance._039=# - number of connection re-attempts when connection failed auth.instance._040=# auth.instance._041=# where auth.instance._042=# - authentication connection ID auth.instance._043=######################################### auth.instance.0.type=LDAP_Authentication auth.instance.0.libraryName=[SYSTEM_USER_LIBRARIES]/tps/[LIB_PREFIX]ldapauth[OBJ_EXT] auth.instance.0.libraryFactory=GetAuthentication auth.instance.0.authId=ldap1 auth.instance.0.hostport=[LDAP_HOST]:[LDAP_PORT] auth.instance.0.SSLOn=false auth.instance.0.retries=1 auth.instance.0.retryConnect=3 auth.instance.0.baseDN=[LDAP_ROOT] auth.instance.0.ssl=false auth.instance.0.attributes._001=############################################## auth.instance.0.attributes._002=# attributes will be available auth.instance.0.attributes._003=# as $auth.$ auth.instance.0.attributes._004=############################################## auth.instance.0.attributes=mail,cn,uid auth.instance.0.ui.title.en=LDAP Authentication auth.instance.0.ui.description.en=This authenticates user against the LDAP directory. auth.instance.0.ui.id.UID.name.en=LDAP User ID auth.instance.0.ui.id.PASSWORD.name.en=LDAP Password auth.instance.0.ui.id.UID.description.en=LDAP User ID auth.instance.0.ui.id.PASSWORD.description.en=LDAP Password auth.instance.1.type=LDAP_Authentication auth.instance.1.libraryName=[SYSTEM_USER_LIBRARIES]/tps/[LIB_PREFIX]ldapauth[OBJ_EXT] auth.instance.1.libraryFactory=GetAuthentication auth.instance.1.authId=ldap2 auth.instance.1.bindDN=cn=Directory Manager auth.instance.1.bindPWD=[SERVER_ROOT]/conf/password.conf auth.instance.1.hostport=[TOKENDB_HOST]:[TOKENDB_PORT] auth.instance.1.SSLOn=false auth.instance.1.retries=1 auth.instance.1.retryConnect=3 auth.instance.1.baseDN=[TOKENDB_ROOT] auth.instance.1.ssl=false auth.instance.1.attributes._001=############################################## auth.instance.1.attributes._002=# attributes will be available auth.instance.1.attributes._003=# as $auth.$ auth.instance.1.attributes._004=############################################## auth.instance.1.attributes=mail,cn,uid auth.instance.1.ui.title.en=LDAP Authentication auth.instance.1.ui.description.en=This authenticates user against the LDAP directory. auth.instance.1.ui.id.UID.name.en=LDAP User ID auth.instance.1.ui.id.PASSWORD.name.en=LDAP Password auth.instance.1.ui.id.UID.description.en=LDAP User ID auth.instance.1.ui.id.PASSWORD.description.en=LDAP Password applet._000=######################################### applet._001=# applet information applet._002=# SAF Key: applet._003=# applet.aid.cardmgr_instance=A0000001510000 applet._004=######################################### applet.aid.cardmgr_instance=A0000000030000 applet.aid.netkey_instance=627601FF000000 applet.aid.netkey_file=627601FF0000 applet.aid.netkey_old_instance=A00000000101 applet.aid.netkey_old_file=A000000001 applet.so_pin=000000000000 applet.delete_old=true general.verifyProof=1 general.applet_ext=ijc general.search.sizelimit.max=2000 general.search.sizelimit.default=100 general.search.timelimit.max=10 general.search.timelimit.default=10 general.pwlength.min=16 channel._000=######################################### channel._001=# channel.encryption: channel._002=# channel._003=# - enable encryption for all operation commands to token channel._004=# - default is true channel._005=# channel.blocksize=242 channel._006=# channel.defKeyVersion=0 channel._007=# channel.defKeyIndex=0 channel._008=######################################### channel.encryption=true channel.blocksize=248 channel.defKeyVersion=0 channel.defKeyIndex=0 # NOTE: Since the following comments will be 'scrubbed' from any TPS # instance's configuration file, they will ONLY be viewable in # the '/usr/share/pki/tps/conf/CS.cfg' TPS subsystem template! # # Config the size of memory managed memory in the applet # Default is 5000, try not go get close to the instanceSize # which defaults to 18000: # # * channel.instanceSize=18000 # * channel.appletMemorySize=5000 # preop.pin=[PKI_RANDOM_NUMBER] preop.product.version=@APPLICATION_VERSION@ preop.cert._000=######################################### preop.cert._001=# Installation configuration "preop" certs parameters preop.cert._002=######################################### preop.cert.list=sslserver,subsystem,audit_signing tps.cert.audit_signing.certusage=ObjectSigner tps.cert.sslserver.certusage=SSLServer tps.cert.subsystem.certusage=SSLClient preop.cert.sslserver.enable=true preop.cert.subsystem.enable=true preop.cert.audit_signing.enable=false preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA preop.cert.sslserver.dn=CN=[SERVER_NAME], OU=[PKI_INSTANCE_ID] preop.cert.sslserver.keysize.customsize=2048 preop.cert.sslserver.keysize.size=2048 preop.cert.sslserver.keysize.select=default preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID] preop.cert.sslserver.profile=caInternalAuthServerCert preop.cert.sslserver.subsystem=tps preop.cert._003=#preop.cert.sslserver.type=local preop.cert.sslserver.userfriendlyname=SSL Server Certificate preop.cert._004=#preop.cert.sslserver.cncomponent.override=false preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA preop.cert.subsystem.dn=CN=TPS Subsystem Certificate, OU=[PKI_INSTANCE_ID] preop.cert.subsystem.keysize.customsize=2048 preop.cert.subsystem.keysize.size=2048 preop.cert.subsystem.keysize.select=default preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] preop.cert.subsystem.profile=caInternalAuthSubsystemCert preop.cert.subsystem.subsystem=tps preop.cert._005=#preop.cert.subsystem.type=local preop.cert.subsystem.userfriendlyname=Subsystem Certificate preop.cert._006=#preop.cert.subsystem.cncomponent.override=true preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA preop.cert.audit_signing.dn=CN=TPS Audit Signing Certificate, OU=[PKI_INSTANCE_ID] preop.cert.audit_signing.keysize.customsize=2048 preop.cert.audit_signing.keysize.size=2048 preop.cert.audit_signing.keysize.select=default preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_ID] preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert preop.cert.audit_signing.subsystem=tps preop.cert._005=#preop.cert.audit_signing.type=local preop.cert.audit_signing.userfriendlyname=Audit Log Signing Certificate preop.cert._006=#preop.cert.audit_signing.cncomponent.override=true preop.configModules._000=######################################### preop.configModules._001=# Installation configuration "preop" module parameters preop.configModules._002=######################################### preop.configModules.count=3 preop.configModules.module0.commonName=NSS Internal PKCS #11 Module preop.configModules.module0.imagePath=../img/clearpixel.gif preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module preop.configModules.module1.commonName=nfast preop.configModules.module1.imagePath=../img/clearpixel.gif preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module preop.configModules.module2.commonName=lunasa preop.configModules.module2.imagePath=../img/clearpixel.gif preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module preop.module.token=NSS Certificate DB preop.keysize._000=######################################### preop.keysize._001=# Installation configuration "preop" keysize parameters preop.keysize._002=######################################### preop.keysize.customsize=2048 preop.keysize.select=default preop.keysize.size=2048 preop.keysize.ecc.size=256 preop.adminauth.done=false preop.adminpanel.done=false preop.agentauth.done=false preop.authdb.done=false preop.cainfo.done=false preop.certprettyprint.done=false preop.certrequest.done=false preop.confighsmlogin.done=false preop.confighsm.done=false preop.database.done=false preop.displaycertchain2.done=false preop.displaycertchain.done=false preop.donepanel.done=false preop.drminfo.done=false preop.importadmincert.done=false preop.loginpanel.done=false preop.ModulePanel.done=false preop.namepanel.done=false preop.securitydomain.done=false preop.SizePanel.done=false preop.subsystemtype.done=false preop.tksinfo.done=false preop.welcome.done=false op.enroll._000=######################################### op.enroll._001=# Default Operations op.enroll._002=# op.enroll._003=# op..mapping.order=,, op.enroll._004=# - contains at least one value or a series op.enroll._005=# of comma-separated mapping values which op.enroll._006=# are checked in sequential order op.enroll._007=# op..mapping..filter.tokenType=userKey op.enroll._008=# - can be either empty or token type op.enroll._009=# specified by the client op.enroll._010=# op..mapping..filter.tokenATR= op.enroll._011=# - can be either empty or token ATR op.enroll._012=# specified by the client op.enroll._013=# op..mapping..filter.appletMajorVersion=1 op.enroll._014=# - can be either empty or applet major version op.enroll._015=# specified by the client op.enroll._016=# op..mapping..filter.appletMinorVersion= op.enroll._017=# - can be either empty or applet minor version op.enroll._018=# specified by the client op.enroll._019=# - if major and minor versions are both zero, this op.enroll._020=# indicate there is no applet on the token. op.enroll._021=# op..mapping..target.tokenType=userKey op.enroll._022=# - if tokenType, tokenATR, appletMajorVersion, op.enroll._023=# and appletMinorVersion are matched, value in op.enroll._024=# targetTokenType will be used to locate op.enroll._025=# the corresponding token profile to op.enroll._026=# process the request. op.enroll._027=# op.enroll._028=# where op.enroll._029=# - operation; enroll,pinReset,format op.enroll._030=# - mapping ID; order is specifiable op.enroll._031=# op.enroll._032=# Token ATR: op.enroll._033=# Web Store - 3B759400006202020201 op.enroll._034=######################################### op.enroll.mapping.order=0,1,2 op.enroll.mapping.0.filter.tokenType=userKey op.enroll.mapping.0.filter.tokenATR= op.enroll.mapping.0.filter.tokenCUID.start= op.enroll.mapping.0.filter.tokenCUID.end= op.enroll.mapping.0.filter.appletMajorVersion=1 op.enroll.mapping.0.filter.appletMinorVersion= op.enroll.mapping.0.target.tokenType=userKey op.enroll.mapping.1.filter.tokenType=soKey op.enroll.mapping.1.filter.tokenATR= op.enroll.mapping.1.filter.tokenCUID.start= op.enroll.mapping.1.filter.tokenCUID.end= op.enroll.mapping.1.filter.appletMajorVersion= op.enroll.mapping.1.filter.appletMinorVersion= op.enroll.mapping.1.target.tokenType=soKey op.enroll.mapping.2.filter.tokenType= op.enroll.mapping.2.filter.tokenATR= op.enroll.mapping.2.filter.tokenCUID.start= op.enroll.mapping.2.filter.tokenCUID.end= op.enroll.mapping.2.filter.appletMajorVersion= op.enroll.mapping.2.filter.appletMinorVersion= op.enroll.mapping.2.target.tokenType=userKey op.pinReset.mapping.order=0 op.pinReset.mapping.0.filter.tokenType= op.pinReset.mapping.0.filter.tokenATR= op.pinReset.mapping.0.filter.tokenCUID.start= op.pinReset.mapping.0.filter.tokenCUID.end= op.pinReset.mapping.0.filter.appletMajorVersion= op.pinReset.mapping.0.filter.appletMinorVersion= op.pinReset.mapping.0.target.tokenType=userKey op.format.mapping.order=0,1,2,3,4,5,6 op.format.mapping.0.filter.tokenType=soCleanUserToken op.format.mapping.0.filter.tokenATR= op.format.mapping.0.filter.tokenCUID.start= op.format.mapping.0.filter.tokenCUID.end= op.format.mapping.0.filter.appletMajorVersion= op.format.mapping.0.filter.appletMinorVersion= op.format.mapping.0.target.tokenType=soCleanUserToken op.format.mapping.1.filter.tokenType=soUserKey op.format.mapping.1.filter.tokenATR= op.format.mapping.1.filter.tokenCUID.start= op.format.mapping.1.filter.tokenCUID.end= op.format.mapping.1.filter.appletMajorVersion= op.format.mapping.1.filter.appletMinorVersion= op.format.mapping.1.target.tokenType=soUserKey op.format.mapping.2.filter.tokenType=soKey op.format.mapping.2.filter.tokenATR= op.format.mapping.2.filter.tokenCUID.start= op.format.mapping.2.filter.tokenCUID.end= op.format.mapping.2.filter.appletMajorVersion= op.format.mapping.2.filter.appletMinorVersion= op.format.mapping.2.target.tokenType=soKey op.format.mapping.3.filter.tokenType=userKey op.format.mapping.3.filter.tokenATR= op.format.mapping.3.filter.tokenCUID.start= op.format.mapping.3.filter.tokenCUID.end= op.format.mapping.3.filter.appletMajorVersion= op.format.mapping.3.filter.appletMinorVersion= op.format.mapping.3.target.tokenType=userKey op.format.mapping.4.filter.tokenType=soCleanSOToken op.format.mapping.4.filter.tokenATR= op.format.mapping.4.filter.tokenCUID.start= op.format.mapping.4.filter.tokenCUID.end= op.format.mapping.4.filter.appletMajorVersion= op.format.mapping.4.filter.appletMinorVersion= op.format.mapping.5.filter.tokenType=cleanToken op.format.mapping.5.filter.tokenATR= op.format.mapping.5.filter.tokenCUID.start= op.format.mapping.5.filter.tokenCUID.end= op.format.mapping.5.filter.appletMajorVersion= op.format.mapping.5.filter.appletMinorVersion= op.format.mapping.5.target.tokenType=cleanToken op.format.mapping.4.target.tokenType=soCleanSOToken op.format.mapping.6.filter.tokenATR= op.format.mapping.6.filter.tokenCUID.start= op.format.mapping.6.filter.tokenCUID.end= op.format.mapping.6.filter.appletMajorVersion= op.format.mapping.6.filter.appletMinorVersion= op.format.mapping.6.target.tokenType=tokenKey op.enroll.userKey._000=######################################### op.enroll.userKey._001=# Enrollment Operation For CoolKey op.enroll.userKey._002=# op.enroll.userKey._003=# op.enroll..keyGen..keySize=1024 op.enroll.userKey._004=# - size of the key the token should generate op.enroll.userKey._005=# - max value: 1024 op.enroll.userKey._006=# op.enroll.userKey._007=# op.enroll..keyGen..keyCapabilities.encrypt=false op.enroll.userKey._008=# op.enroll..keyGen..keyCapabilities.sign=true op.enroll.userKey._009=# op.enroll..keyGen..keyCapabilities.signRecover=true op.enroll.userKey._010=# op.enroll..keyGen..keyCapabilities.decrypt=false op.enroll.userKey._011=# op.enroll..keyGen..keyCapabilities.derive=false op.enroll.userKey._012=# op.enroll..keyGen..keyCapabilities.unwrap=false op.enroll.userKey._013=# op.enroll..keyGen..keyCapabilities.wrap=false op.enroll.userKey._014=# op.enroll..keyGen..keyCapabilities.verifyRecover=true op.enroll.userKey._015=# op.enroll..keyGen..keyCapabilities.verify=true op.enroll.userKey._016=# op.enroll..keyGen..keyCapabilities.sensitive=true op.enroll.userKey._017=# op.enroll..keyGen..keyCapabilities.private=true op.enroll.userKey._018=# op.enroll..keyGen..keyCapabilities.token=true op.enroll.userKey._019=# - specify the PKCS11 attributes to set on the token op.enroll.userKey._020=# op.enroll.userKey._021=# op.enroll.userKey.keyGen.signing.cuid_label op.enroll.userKey._022=# - specify the CUID shown in the certificate op.enroll.userKey._023=# op.enroll.userKey._024=# op.enroll.userKey.keyGen.signing.label op.enroll.userKey._025=# - specify the token name. all resulting labels for co-existing keys op.enroll.userKey._026=# on the same token must be unique op.enroll.userKey._027=# - $pretty_cuid$ - Pretty Print CUID (i.e. 4090-0062-FF02-0000-0B9C) op.enroll.userKey._028=# - $cuid$ - CUID (i.e. 40900062FF0200000B9C) op.enroll.userKey._029=# - $msn$ - MSN op.enroll.userKey._030=# - $userid$ - User ID op.enroll.userKey._031=# - $profileId$ - Profile ID op.enroll.userKey._032=# op.enroll.userKey._033=# op.enroll..keyGen..overwrite=true|false op.enroll.userKey._034=# - if key and certificate exist, should RA overwrite them op.enroll.userKey._035=# op.enroll.userKey._036=# op.enroll..keyGen..certId=C1 op.enroll.userKey._037=# op.enroll..keyGen..certAttrId=c1 op.enroll.userKey._038=# op.enroll..keyGen..privateKeyAttrId=k2 op.enroll.userKey._039=# op.enroll..keyGen..publicKeyAttrId=k3 op.enroll.userKey._040=# op.enroll..keyGen..privateKeyNumber=2 op.enroll.userKey._041=# op.enroll..keyGen..publicKeyNumber=3 op.enroll.userKey._042=# - specify name PKCS11 object IDs op.enroll.userKey._043=# - Lower case letters signify objects containing PKCS11 object attributes, op.enroll.userKey._044=# in the format described below. op.enroll.userKey._045=# 'c' An object containing PKCS11 attributes for a certificate. op.enroll.userKey._046=# 'k' An object containing PKCS11 attributes for a public or private key op.enroll.userKey._047=# 'r' An object containing PKCS11 attributes for an "reader". op.enroll.userKey._048=# - Upper case letters signify objects containing raw data corresponding to op.enroll.userKey._049=# the lower case letters described above. For example, object "C0" op.enroll.userKey._050=# contains raw data corresponding to object "c0". op.enroll.userKey._051=# 'C' This object contains an entire DER cert, and nothing else. op.enroll.userKey._052=# 'K' This object contains a MUSCLE "key blob". TPS does not use this. op.enroll.userKey._053=# op.enroll.userKey._054=# op.enroll..keyGen..keyUsage=0 op.enroll.userKey._055=# op.enroll..keyGen..keyUser=0 op.enroll.userKey._056=# - user specifies which PIN user should be granted op.enroll.userKey._057=# use privilege of the generated private key, or op.enroll.userKey._058=# 15 if all users have use privilege for the private key op.enroll.userKey._059=# - Valid uage: (only specifies the usage for the private key) op.enroll.userKey._060=# 0 - default usage (Signing only for this APDU) op.enroll.userKey._061=# 1 - signing only op.enroll.userKey._062=# 2 - decryption only op.enroll.userKey._063=# 3 - signing and decryption op.enroll.userKey._064=# op.enroll.userKey._065=# op.enroll..pkcs11obj.enable=true|false op.enroll.userKey._066=# - enable writing of PKCS11 cache object to the token op.enroll.userKey._067=# op.enroll.userKey._068=# op.enroll..pkcs11obj.compress.enable=true|false op.enroll.userKey._069=# - enable compression for writing of PKCS11 cache object to the token op.enroll.userKey._070=# op.enroll.userKey._071=# op.enroll..pinReset.pin.maxRetries=127 op.enroll.userKey._072=# - max number of retries before blocking the token op.enroll.userKey._073=# - max value: 127 op.enroll.userKey._074=# op.enroll.userKey._075=# There is a special case of tokenType userKeyTemporary. op.enroll.userKey._076=# Make sure the profile specified by the profileId to have op.enroll.userKey._077=# short validity period (eg, 7 days) for the certificate. op.enroll.userKey._078=# op.enroll.userKey._079=# The three recovery schemes supported are: op.enroll.userKey._080=# op.enroll.userKey._081=# * GenerateNewKey - Generate a new op.enroll.userKey._082=# cert for the op.enroll.userKey._083=# encryption cert. op.enroll.userKey._084=# * RecoverLast - Recover the most op.enroll.userKey._085=# recent cert for the op.enroll.userKey._086=# encryption cert. op.enroll.userKey._087=# * GenerateNewKeyandRecoverLast - Generate new cert AND op.enroll.userKey._088=# recover last for op.enroll.userKey._089=# encryption cert. op.enroll.userKey._090=######################################### op.enroll.allowUnknownToken=true op.enroll.userKey.temporaryToken.tokenType=userKeyTemporary op.enroll.userKey.keyGen.recovery.destroyed.keyType.num=2 op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.0=signing op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.1=encryption op.enroll.userKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert=true op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0 op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=false op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0 op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.num=2 op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.0=signing op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption op.enroll.userKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert=true op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1 op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1 op.enroll.userKey.keyGen.recovery.onHold.keyType.num=2 op.enroll.userKey.keyGen.recovery.onHold.keyType.value.0=signing op.enroll.userKey.keyGen.recovery.onHold.keyType.value.1=encryption op.enroll.userKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert=true op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert.reason=6 op.enroll.userKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert=true op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6 op.enroll.userKey.keyGen.tokenName=$auth.cn$ op.enroll.userKey.keyGen.keyType.num=2 op.enroll.userKey.keyGen.keyType.value.0=signing op.enroll.userKey.keyGen.keyType.value.1=encryption op.enroll.userKey.keyGen.signing.keySize=1024 op.enroll.userKey.keyGen.signing.public.keyCapabilities.encrypt=false op.enroll.userKey.keyGen.signing.public.keyCapabilities.sign=false op.enroll.userKey.keyGen.signing.public.keyCapabilities.signRecover=false op.enroll.userKey.keyGen.signing.public.keyCapabilities.decrypt=false op.enroll.userKey.keyGen.signing.public.keyCapabilities.derive=false op.enroll.userKey.keyGen.signing.public.keyCapabilities.unwrap=false op.enroll.userKey.keyGen.signing.public.keyCapabilities.wrap=false op.enroll.userKey.keyGen.signing.public.keyCapabilities.verifyRecover=true op.enroll.userKey.keyGen.signing.public.keyCapabilities.verify=true op.enroll.userKey.keyGen.signing.public.keyCapabilities.sensitive=false op.enroll.userKey.keyGen.signing.public.keyCapabilities.private=false op.enroll.userKey.keyGen.signing.public.keyCapabilities.token=true op.enroll.userKey.keyGen.signing.private.keyCapabilities.encrypt=false op.enroll.userKey.keyGen.signing.private.keyCapabilities.sign=true op.enroll.userKey.keyGen.signing.private.keyCapabilities.signRecover=true op.enroll.userKey.keyGen.signing.private.keyCapabilities.decrypt=false op.enroll.userKey.keyGen.signing.private.keyCapabilities.derive=false op.enroll.userKey.keyGen.signing.private.keyCapabilities.unwrap=false op.enroll.userKey.keyGen.signing.private.keyCapabilities.wrap=false op.enroll.userKey.keyGen.signing.private.keyCapabilities.verifyRecover=false op.enroll.userKey.keyGen.signing.private.keyCapabilities.verify=false op.enroll.userKey.keyGen.signing.private.keyCapabilities.sensitive=true op.enroll.userKey.keyGen.signing.private.keyCapabilities.private=true op.enroll.userKey.keyGen.signing.private.keyCapabilities.token=true op.enroll.userKey.keyGen.signing.label=signing key for $userid$ op.enroll.userKey.keyGen.signing.cuid_label=$cuid$ op.enroll.userKey.keyGen.signing.overwrite=true op.enroll.userKey.keyGen.signing.certId=C1 op.enroll.userKey.keyGen.signing.certAttrId=c1 op.enroll.userKey.keyGen.signing.privateKeyAttrId=k2 op.enroll.userKey.keyGen.signing.publicKeyAttrId=k3 op.enroll.userKey.keyGen.signing.keyUsage=0 op.enroll.userKey.keyGen.signing.keyUser=0 op.enroll.userKey.keyGen.signing.privateKeyNumber=2 op.enroll.userKey.keyGen.signing.publicKeyNumber=3 op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment op.enroll.userKey.keyGen.signing.ca.conn=ca1 op.enroll.userKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher op.enroll.userKey.keyGen.encryption.keySize=1024 op.enroll.userKey.keyGen.encryption.public.keyCapabilities.encrypt=true op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sign=false op.enroll.userKey.keyGen.encryption.public.keyCapabilities.signRecover=false op.enroll.userKey.keyGen.encryption.public.keyCapabilities.decrypt=false op.enroll.userKey.keyGen.encryption.public.keyCapabilities.derive=false op.enroll.userKey.keyGen.encryption.public.keyCapabilities.unwrap=false op.enroll.userKey.keyGen.encryption.public.keyCapabilities.wrap=true op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verify=false op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sensitive=false op.enroll.userKey.keyGen.encryption.public.keyCapabilities.private=false op.enroll.userKey.keyGen.encryption.public.keyCapabilities.token=true op.enroll.userKey.keyGen.encryption.private.keyCapabilities.encrypt=false op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sign=false op.enroll.userKey.keyGen.encryption.private.keyCapabilities.signRecover=false op.enroll.userKey.keyGen.encryption.private.keyCapabilities.decrypt=true op.enroll.userKey.keyGen.encryption.private.keyCapabilities.derive=false op.enroll.userKey.keyGen.encryption.private.keyCapabilities.unwrap=true op.enroll.userKey.keyGen.encryption.private.keyCapabilities.wrap=false op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verify=false op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sensitive=true op.enroll.userKey.keyGen.encryption.private.keyCapabilities.private=true op.enroll.userKey.keyGen.encryption.private.keyCapabilities.token=true op.enroll.userKey.keyGen.encryption.label=encryption key for $userid$ op.enroll.userKey.keyGen.encryption.cuid_label=$cuid$ op.enroll.userKey.keyGen.encryption.overwrite=true op.enroll.userKey.keyGen.encryption.certId=C2 op.enroll.userKey.keyGen.encryption.certAttrId=c2 op.enroll.userKey.keyGen.encryption.privateKeyAttrId=k4 op.enroll.userKey.keyGen.encryption.publicKeyAttrId=k5 op.enroll.userKey.keyGen.encryption.keyUsage=0 op.enroll.userKey.keyGen.encryption.keyUser=0 op.enroll.userKey.keyGen.encryption.privateKeyNumber=4 op.enroll.userKey.keyGen.encryption.publicKeyNumber=5 op.enroll.userKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment op.enroll.userKey.keyGen.encryption.ca.conn=ca1 op.enroll.userKey.pkcs11obj.enable=true op.enroll.userKey.pkcs11obj.compress.enable=true op.enroll.userKey.update.applet.emptyToken.enable=true op.enroll.userKey.update.applet.enable=true op.enroll.userKey.update.applet.requiredVersion=1.4.4d40a449 op.enroll.userKey.update.applet.directory=[TPS_DIR]/applets op.enroll.userKey.update.applet.encryption=true op.enroll.userKey.update.symmetricKeys.enable=false op.enroll.userKey.update.symmetricKeys.requiredVersion=1 op.enroll.userKey.loginRequest.enable=true op.enroll.userKey.pinReset.enable=true op.enroll.userKey.pinReset.pin.maxRetries=127 op.enroll.userKey.pinReset.pin.minLen=4 op.enroll.userKey.pinReset.pin.maxLen=10 op.enroll.userKey.cardmgr_instance=A0000000030000 op.enroll.userKey.tks.conn=tks1 op.enroll.userKey.auth.id=ldap1 op.enroll.userKey.auth.enable=true op.enroll.userKey.issuerinfo.enable=true op.enroll.userKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.num=2 op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0 op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0 op.enroll.userKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN] op.enroll.userKey.keyGen.encryption.serverKeygen.drm.conn=drm1 op.enroll.userKey.keyGen.encryption.serverKeygen.archive=true op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable=true op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1 op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.archive=true op.enroll.userKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary) op.enroll.userKeyTemporary.keyGen.keyType.num=3 op.enroll.userKeyTemporary.keyGen.keyType.value.0=auth op.enroll.userKeyTemporary.keyGen.keyType.value.1=signing op.enroll.userKeyTemporary.keyGen.keyType.value.2=encryption op.enroll.userKeyTemporary.keyGen.auth.keySize=1024 op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.private=false op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.token=true op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.private=false op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.token=true op.enroll.userKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ op.enroll.userKeyTemporary.keyGen.auth.cuid_label=$cuid$ op.enroll.userKeyTemporary.keyGen.auth.overwrite=false op.enroll.userKeyTemporary.keyGen.auth.certId=C0 op.enroll.userKeyTemporary.keyGen.auth.certAttrId=c0 op.enroll.userKeyTemporary.keyGen.auth.privateKeyAttrId=k0 op.enroll.userKeyTemporary.keyGen.auth.publicKeyAttrId=k1 op.enroll.userKeyTemporary.keyGen.auth.keyUsage=0 op.enroll.userKeyTemporary.keyGen.auth.keyUser=15 op.enroll.userKeyTemporary.keyGen.auth.privateKeyNumber=0 op.enroll.userKeyTemporary.keyGen.auth.publicKeyNumber=1 op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment op.enroll.userKeyTemporary.keyGen.auth.ca.conn=ca1 op.enroll.userKeyTemporary.keyGen.signing.keySize=1024 op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.private=false op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.token=true op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.private=true op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.token=true op.enroll.userKeyTemporary.keyGen.signing.label=signing key for $userid$ op.enroll.userKeyTemporary.keyGen.signing.cuid_label=$cuid$ op.enroll.userKeyTemporary.keyGen.signing.overwrite=true op.enroll.userKeyTemporary.keyGen.signing.certId=C1 op.enroll.userKeyTemporary.keyGen.signing.certAttrId=c1 op.enroll.userKeyTemporary.keyGen.signing.privateKeyAttrId=k2 op.enroll.userKeyTemporary.keyGen.signing.publicKeyAttrId=k3 op.enroll.userKeyTemporary.keyGen.signing.keyUsage=0 op.enroll.userKeyTemporary.keyGen.signing.keyUser=0 op.enroll.userKeyTemporary.keyGen.signing.privateKeyNumber=2 op.enroll.userKeyTemporary.keyGen.signing.publicKeyNumber=3 op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment op.enroll.userKeyTemporary.keyGen.signing.ca.conn=ca1 op.enroll.userKey._080=#op.enroll.userKeyTemporary.keyGen.signing.publisherId=fileBasedPublisher op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024 op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true op.enroll.userKeyTemporary.keyGen.encryption.label=encryption key for $userid$ op.enroll.userKeyTemporary.keyGen.encryption.cuid_label=$cuid$ op.enroll.userKeyTemporary.keyGen.encryption.overwrite=true op.enroll.userKeyTemporary.keyGen.encryption.certId=C2 op.enroll.userKeyTemporary.keyGen.encryption.certAttrId=c2 op.enroll.userKeyTemporary.keyGen.encryption.privateKeyAttrId=k4 op.enroll.userKeyTemporary.keyGen.encryption.publicKeyAttrId=k5 op.enroll.userKeyTemporary.keyGen.encryption.keyUsage=0 op.enroll.userKeyTemporary.keyGen.encryption.keyUser=0 op.enroll.userKeyTemporary.keyGen.encryption.privateKeyNumber=4 op.enroll.userKeyTemporary.keyGen.encryption.publicKeyNumber=5 op.enroll.userKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment op.enroll.userKeyTemporary.keyGen.encryption.ca.conn=ca1 op.enroll.userKeyTemporary.pkcs11obj.enable=true op.enroll.userKeyTemporary.pkcs11obj.compress.enable=true op.enroll.userKeyTemporary.update.applet.emptyToken.enable=true op.enroll.userKeyTemporary.update.applet.enable=true op.enroll.userKeyTemporary.update.applet.requiredVersion=1.4.4d40a449 op.enroll.userKeyTemporary.update.applet.directory=[TPS_DIR]/applets op.enroll.userKeyTemporary.update.applet.encryption=true op.enroll.userKeyTemporary.update.symmetricKeys.enable=false op.enroll.userKeyTemporary.update.symmetricKeys.requiredVersion=1 op.enroll.userKeyTemporary.loginRequest.enable=true op.enroll.userKeyTemporary.pinReset.enable=true op.enroll.userKeyTemporary.pinReset.pin.maxRetries=127 op.enroll.userKeyTemporary.pinReset.pin.minLen=4 op.enroll.userKeyTemporary.pinReset.pin.maxLen=10 op.enroll.userKeyTemporary.tks.conn=tks1 op.enroll.userKeyTemporary.cardmgr_instance=A0000000030000 op.enroll.userKeyTemporary.auth.id=ldap1 op.enroll.userKeyTemporary.auth.enable=true op.enroll.userKey.renewal._000=######################################### op.enroll.userKey.renewal._001=# Token Renewal. op.enroll.userKey.renewal._002=# op.enroll.userKey.renewal._003=# For each token in TPS UI, set the op.enroll.userKey.renewal._004=# following to trigger renewal op.enroll.userKey.renewal._005=# operations: op.enroll.userKey.renewal._006=# op.enroll.userKey.renewal._007=# RENEW=YES op.enroll.userKey.renewal._008=# op.enroll.userKey.renewal._009=# Optional grace period enforcement op.enroll.userKey.renewal._010=# must coincide exactly with what op.enroll.userKey.renewal._011=# the CA enforces. op.enroll.userKey.renewal._012=# op.enroll.userKey.renewal._013=# In case of renewal, encryption certId op.enroll.userKey.renewal._014=# values are for completeness only, server op.enroll.userKey.renewal._015=# code calculates actual values used. op.enroll.userKey.renewal._016=# op.enroll.userKey.renewal._017=######################################### op.enroll.userKey.renewal.keyType.num=2 op.enroll.userKey.renewal.keyType.value.0=signing op.enroll.userKey.renewal.keyType.value.1=encryption op.enroll.userKey.renewal.signing.enable=true op.enroll.userKey.renewal.signing.gracePeriod.enable=false op.enroll.userKey.renewal.signing.gracePeriod.before=30 op.enroll.userKey.renewal.signing.gracePeriod.after=30 op.enroll.userKey.renewal.signing.certId=C1 op.enroll.userKey.renewal.encryption.certId=C2 op.enroll.userKey.renewal.signing.certAttrId=c1 op.enroll.userKey.renewal.encryption.certAttrId=c2 op.enroll.userKey.renewal.encryption.enable=true op.enroll.userKey.renewal.encryption.gracePeriod.enable=false op.enroll.userKey.renewal.encryption.gracePeriod.before=30 op.enroll.userKey.renewal.encryption.gracePeriod.after=30 op.enroll.userKey.renewal.signing.ca.conn=ca1 op.enroll.userKey.renewal.encryption.ca.conn=ca1 op.enroll.userKey.renewal.signing.ca.profileId=caTokenUserSigningKeyRenewal op.enroll.userKey.renewal.encryption.ca.profileId=caTokenUserEncryptionKeyRenewal op.enroll.soKey.temporaryToken.tokenType=soKeyTemporary op.enroll.soKey.keyGen.recovery.destroyed.keyType.num=2 op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.0=signing op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.1=encryption op.enroll.soKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert=true op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0 op.enroll.soKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert=false op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0 op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.num=2 op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.0=signing op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption op.enroll.soKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert=true op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1 op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1 op.enroll.soKey.keyGen.recovery.onHold.keyType.num=2 op.enroll.soKey.keyGen.recovery.onHold.keyType.value.0=signing op.enroll.soKey.keyGen.recovery.onHold.keyType.value.1=encryption op.enroll.soKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert=true op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert.reason=6 op.enroll.soKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert=true op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6 op.enroll.soKey.keyGen.tokenName=$auth.cn$ op.enroll.soKey.keyGen.keyType.num=2 op.enroll.soKey.keyGen.keyType.value.0=signing op.enroll.soKey.keyGen.keyType.value.1=encryption op.enroll.soKey.keyGen.signing.keySize=1024 op.enroll.soKey.keyGen.signing.public.keyCapabilities.encrypt=false op.enroll.soKey.keyGen.signing.public.keyCapabilities.sign=false op.enroll.soKey.keyGen.signing.public.keyCapabilities.signRecover=false op.enroll.soKey.keyGen.signing.public.keyCapabilities.decrypt=false op.enroll.soKey.keyGen.signing.public.keyCapabilities.derive=false op.enroll.soKey.keyGen.signing.public.keyCapabilities.unwrap=false op.enroll.soKey.keyGen.signing.public.keyCapabilities.wrap=false op.enroll.soKey.keyGen.signing.public.keyCapabilities.verifyRecover=true op.enroll.soKey.keyGen.signing.public.keyCapabilities.verify=true op.enroll.soKey.keyGen.signing.public.keyCapabilities.sensitive=false op.enroll.soKey.keyGen.signing.public.keyCapabilities.private=false op.enroll.soKey.keyGen.signing.public.keyCapabilities.token=true op.enroll.soKey.keyGen.signing.private.keyCapabilities.encrypt=false op.enroll.soKey.keyGen.signing.private.keyCapabilities.sign=true op.enroll.soKey.keyGen.signing.private.keyCapabilities.signRecover=true op.enroll.soKey.keyGen.signing.private.keyCapabilities.decrypt=false op.enroll.soKey.keyGen.signing.private.keyCapabilities.derive=false op.enroll.soKey.keyGen.signing.private.keyCapabilities.unwrap=false op.enroll.soKey.keyGen.signing.private.keyCapabilities.wrap=false op.enroll.soKey.keyGen.signing.private.keyCapabilities.verifyRecover=false op.enroll.soKey.keyGen.signing.private.keyCapabilities.verify=false op.enroll.soKey.keyGen.signing.private.keyCapabilities.sensitive=true op.enroll.soKey.keyGen.signing.private.keyCapabilities.private=true op.enroll.soKey.keyGen.signing.private.keyCapabilities.token=true op.enroll.soKey.keyGen.signing.label=signing key for $userid$ op.enroll.soKey.keyGen.signing.cuid_label=$cuid$ op.enroll.soKey.keyGen.signing.overwrite=true op.enroll.soKey.keyGen.signing.certId=C1 op.enroll.soKey.keyGen.signing.certAttrId=c1 op.enroll.soKey.keyGen.signing.privateKeyAttrId=k2 op.enroll.soKey.keyGen.signing.publicKeyAttrId=k3 op.enroll.soKey.keyGen.signing.keyUsage=0 op.enroll.soKey.keyGen.signing.keyUser=0 op.enroll.soKey.keyGen.signing.privateKeyNumber=2 op.enroll.soKey.keyGen.signing.publicKeyNumber=3 op.enroll.soKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment op.enroll.soKey.keyGen.signing.ca.conn=ca1 op.enroll.soKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher op.enroll.soKey.keyGen.encryption.keySize=1024 op.enroll.soKey.keyGen.encryption.public.keyCapabilities.encrypt=true op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sign=false op.enroll.soKey.keyGen.encryption.public.keyCapabilities.signRecover=false op.enroll.soKey.keyGen.encryption.public.keyCapabilities.decrypt=false op.enroll.soKey.keyGen.encryption.public.keyCapabilities.derive=false op.enroll.soKey.keyGen.encryption.public.keyCapabilities.unwrap=false op.enroll.soKey.keyGen.encryption.public.keyCapabilities.wrap=true op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verify=false op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sensitive=false op.enroll.soKey.keyGen.encryption.public.keyCapabilities.private=false op.enroll.soKey.keyGen.encryption.public.keyCapabilities.token=true op.enroll.soKey.keyGen.encryption.private.keyCapabilities.encrypt=false op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sign=false op.enroll.soKey.keyGen.encryption.private.keyCapabilities.signRecover=false op.enroll.soKey.keyGen.encryption.private.keyCapabilities.decrypt=true op.enroll.soKey.keyGen.encryption.private.keyCapabilities.derive=false op.enroll.soKey.keyGen.encryption.private.keyCapabilities.unwrap=true op.enroll.soKey.keyGen.encryption.private.keyCapabilities.wrap=false op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verify=false op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sensitive=true op.enroll.soKey.keyGen.encryption.private.keyCapabilities.private=true op.enroll.soKey.keyGen.encryption.private.keyCapabilities.token=true op.enroll.soKey.keyGen.encryption.label=encryption key for $userid$ op.enroll.soKey.keyGen.encryption.cuid_label=$cuid$ op.enroll.soKey.keyGen.encryption.overwrite=true op.enroll.soKey.keyGen.encryption.certId=C2 op.enroll.soKey.keyGen.encryption.certAttrId=c2 op.enroll.soKey.keyGen.encryption.privateKeyAttrId=k4 op.enroll.soKey.keyGen.encryption.publicKeyAttrId=k5 op.enroll.soKey.keyGen.encryption.keyUsage=0 op.enroll.soKey.keyGen.encryption.keyUser=0 op.enroll.soKey.keyGen.encryption.privateKeyNumber=4 op.enroll.soKey.keyGen.encryption.publicKeyNumber=5 op.enroll.soKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment op.enroll.soKey.keyGen.encryption.ca.conn=ca1 op.enroll.soKey.pkcs11obj.enable=true op.enroll.soKey.pkcs11obj.compress.enable=true op.enroll.soKey.update.applet.emptyToken.enable=true op.enroll.soKey.update.applet.enable=true op.enroll.soKey.update.applet.requiredVersion=1.4.4d40a449 op.enroll.soKey.update.applet.directory=[TPS_DIR]/applets op.enroll.soKey.update.applet.encryption=true op.enroll.soKey.update.symmetricKeys.enable=false op.enroll.soKey.update.symmetricKeys.requiredVersion=1 op.enroll.soKey.loginRequest.enable=true op.enroll.soKey.pinReset.enable=true op.enroll.soKey.pinReset.pin.maxRetries=127 op.enroll.soKey.pinReset.pin.minLen=4 op.enroll.soKey.pinReset.pin.maxLen=10 op.enroll.soKey.cardmgr_instance=A0000000030000 op.enroll.soKey.tks.conn=tks1 op.enroll.soKey.auth.id=ldap2 op.enroll.soKey.auth.enable=true op.enroll.soKey.issuerinfo.enable=true op.enroll.soKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/so/index.cgi op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.num=2 op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0 op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0 op.enroll.soKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN] op.enroll.soKey.keyGen.encryption.serverKeygen.drm.conn=drm1 op.enroll.soKey.keyGen.encryption.serverKeygen.archive=true op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable=true op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1 op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.archive=true op.enroll.soKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary) op.enroll.soKeyTemporary.keyGen.keyType.num=3 op.enroll.soKeyTemporary.keyGen.keyType.value.0=auth op.enroll.soKeyTemporary.keyGen.keyType.value.1=signing op.enroll.soKeyTemporary.keyGen.keyType.value.2=encryption op.enroll.soKeyTemporary.keyGen.auth.keySize=1024 op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.private=false op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.token=true op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.private=false op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.token=true op.enroll.soKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ op.enroll.soKeyTemporary.keyGen.auth.cuid_label=$cuid$ op.enroll.soKeyTemporary.keyGen.auth.overwrite=false op.enroll.soKeyTemporary.keyGen.auth.certId=C0 op.enroll.soKeyTemporary.keyGen.auth.certAttrId=c0 op.enroll.soKeyTemporary.keyGen.auth.privateKeyAttrId=k0 op.enroll.soKeyTemporary.keyGen.auth.publicKeyAttrId=k1 op.enroll.soKeyTemporary.keyGen.auth.keyUsage=0 op.enroll.soKeyTemporary.keyGen.auth.keyUser=15 op.enroll.soKeyTemporary.keyGen.auth.privateKeyNumber=0 op.enroll.soKeyTemporary.keyGen.auth.publicKeyNumber=1 op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1 op.enroll.soKeyTemporary.keyGen.signing.keySize=1024 op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.private=false op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.token=true op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.private=true op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.token=true op.enroll.soKeyTemporary.keyGen.signing.label=signing key for $userid$ op.enroll.soKeyTemporary.keyGen.signing.cuid_label=$cuid$ op.enroll.soKeyTemporary.keyGen.signing.overwrite=true op.enroll.soKeyTemporary.keyGen.signing.certId=C1 op.enroll.soKeyTemporary.keyGen.signing.certAttrId=c1 op.enroll.soKeyTemporary.keyGen.signing.privateKeyAttrId=k2 op.enroll.soKeyTemporary.keyGen.signing.publicKeyAttrId=k3 op.enroll.soKeyTemporary.keyGen.signing.keyUsage=0 op.enroll.soKeyTemporary.keyGen.signing.keyUser=0 op.enroll.soKeyTemporary.keyGen.signing.privateKeyNumber=2 op.enroll.soKeyTemporary.keyGen.signing.publicKeyNumber=3 op.enroll.soKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment op.enroll.soKeyTemporary.keyGen.signing.ca.conn=ca1 op.enroll.soKeyTemporary.keyGen.encryption.keySize=1024 op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true op.enroll.soKeyTemporary.keyGen.encryption.label=encryption key for $userid$ op.enroll.soKeyTemporary.keyGen.encryption.cuid_label=$cuid$ op.enroll.soKeyTemporary.keyGen.encryption.overwrite=true op.enroll.soKeyTemporary.keyGen.encryption.certId=C2 op.enroll.soKeyTemporary.keyGen.encryption.certAttrId=c2 op.enroll.soKeyTemporary.keyGen.encryption.privateKeyAttrId=k4 op.enroll.soKeyTemporary.keyGen.encryption.publicKeyAttrId=k5 op.enroll.soKeyTemporary.keyGen.encryption.keyUsage=0 op.enroll.soKeyTemporary.keyGen.encryption.keyUser=0 op.enroll.soKeyTemporary.keyGen.encryption.privateKeyNumber=4 op.enroll.soKeyTemporary.keyGen.encryption.publicKeyNumber=5 op.enroll.soKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment op.enroll.soKeyTemporary.keyGen.encryption.ca.conn=ca1 op.enroll.soKeyTemporary.pkcs11obj.enable=true op.enroll.soKeyTemporary.pkcs11obj.compress.enable=true op.enroll.soKeyTemporary.update.applet.emptyToken.enable=true op.enroll.soKeyTemporary.update.applet.enable=true op.enroll.soKeyTemporary.update.applet.requiredVersion=1.4.4d40a449 op.enroll.soKeyTemporary.update.applet.directory=[TPS_DIR]/applets op.enroll.soKeyTemporary.update.applet.encryption=true op.enroll.soKeyTemporary.update.symmetricKeys.enable=false op.enroll.soKeyTemporary.update.symmetricKeys.requiredVersion=1 op.enroll.soKeyTemporary.loginRequest.enable=true op.enroll.soKeyTemporary.pinReset.enable=true op.enroll.soKeyTemporary.pinReset.pin.maxRetries=127 op.enroll.soKeyTemporary.pinReset.pin.minLen=4 op.enroll.soKeyTemporary.pinReset.pin.maxLen=10 op.enroll.soKeyTemporary.cardmgr_instance=A0000000030000 op.enroll.soKeyTemporary.tks.conn=tks1 op.enroll.soKeyTemporary.tks.keySet=defKeyset op.enroll.soKeyTemporary.auth.id=ldap2 op.enroll.soKeyTemporary.auth.enable=true op.pinReset._000=######################################### op.pinReset._001=# Certificate Chain Imports op.pinReset._002=# op.pinReset._003=# op.enroll.certificates.num=1 op.pinReset._004=# op.enroll.certificates.value.0=caCert op.pinReset._005=# op.enroll.certificates.caCert.nickName=caCert0 pki-tps op.pinReset._006=# op.enroll.certificates.caCert.certId=C5 op.pinReset._007=# op.enroll.certificates.caCert.certAttrId=c5 op.pinReset._008=# op.enroll.certificates.caCert.label=caCert Label op.pinReset._009=######################################### op.pinReset._010=######################################### op.pinReset._011=# Pin Reset Operation For CoolKey op.pinReset._012=# op.pinReset._013=# op.pinReset.userKey.update.applet.emptyToken.enable=false op.pinReset._014=# - update applet or not if token is empty op.pinReset._015=# op.pinReset._016=# - N/A for HouseKey op.pinReset._017=# - N/A for HouseKey with Legacy Applet op.pinReset._018=######################################### op.pinReset.userKey.update.applet.emptyToken.enable=true op.pinReset.userKey.update.applet.enable=false op.pinReset.userKey.update.applet.requiredVersion=1.4.4d40a449 op.pinReset.userKey.update.applet.directory=[TPS_DIR]/applets op.pinReset.userKey.update.applet.encryption=true op.pinReset.userKey.update.symmetricKeys.enable=false op.pinReset.userKey.update.symmetricKeys.requiredVersion=1 op.pinReset.userKey.loginRequest.enable=true op.pinReset.userKey.pinReset.pin.minLen=4 op.pinReset.userKey.pinReset.pin.maxLen=10 op.pinReset.userKey.tks.conn=tks1 op.pinReset.userKey.cardmgr_instance=A0000000030000 op.pinReset.userKey.auth.id=ldap1 op.pinReset.userKey.auth.enable=true op.format._000=######################################### op.format._001=# Format Operation For tokenKey op.format._002=# op.format._003=# op.format.tokenKey.update.applet.emptyToken.enable=false op.format._004=# - update applet or not if token is empty op.format._005=# op.format._006=# - applicable to CoolKey op.format._007=# - applicable to HouseKey op.format._008=# - applicable to HouseKey with Legacy Applet op.format._009=######################################### op.format.allowUnknownToken=true op.format.soCleanUserToken.update.applet.emptyToken.enable=true op.format.soCleanUserToken.update.applet.requiredVersion=1.4.4d40a449 op.format.soCleanUserToken.update.applet.directory=[TPS_DIR]/applets op.format.soCleanUserToken.update.applet.encryption=true op.format.soCleanUserToken.update.symmetricKeys.enable=false op.format.soCleanUserToken.update.symmetricKeys.requiredVersion=1 op.format.soCleanUserToken.revokeCert=true op.format.soCleanUserToken.ca.conn=ca1 op.format.soCleanUserToken.loginRequest.enable=false op.format.soCleanUserToken.cardmgr_instance=A0000000030000 op.format.soCleanUserToken.tks.conn=tks1 op.format.soCleanUserToken.auth.id=ldap1 op.format.soCleanUserToken.auth.enable=false op.format.soCleanUserToken.issuerinfo.enable=true op.format.soCleanUserToken.issuerinfo.value= op.format.soCleanSOToken.update.applet.emptyToken.enable=true op.format.soCleanSOToken.update.applet.requiredVersion=1.4.4d40a449 op.format.soCleanSOToken.update.applet.directory=[TPS_DIR]/applets op.format.soCleanSOToken.update.applet.encryption=true op.format.soCleanSOToken.update.symmetricKeys.enable=false op.format.soCleanSOToken.update.symmetricKeys.requiredVersion=1 op.format.soCleanSOToken.revokeCert=true op.format.soCleanSOToken.ca.conn=ca1 op.format.soCleanSOToken.loginRequest.enable=false op.format.soCleanSOToken.cardmgr_instance=A0000000030000 op.format.soCleanSOToken.tks.conn=tks1 op.format.soCleanSOToken.auth.id=ldap1 op.format.soCleanSOToken.auth.enable=false op.format.soCleanSOToken.issuerinfo.enable=true op.format.soCleanSOToken.issuerinfo.value= op.format.cleanToken.update.applet.emptyToken.enable=true op.format.cleanToken.update.applet.requiredVersion=1.4.4d40a449 op.format.cleanToken.update.applet.directory=[TPS_DIR]/applets op.format.cleanToken.update.applet.encryption=true op.format.cleanToken.update.symmetricKeys.enable=false op.format.cleanToken.update.symmetricKeys.requiredVersion=1 op.format.cleanToken.revokeCert=true op.format.cleanToken.ca.conn=ca1 op.format.cleanToken.loginRequest.enable=true op.format.cleanToken.cardmgr_instance=A0000000030000 op.format.cleanToken.tks.conn=tks1 op.format.cleanToken.auth.id=ldap1 op.format.cleanToken.auth.enable=false op.format.cleanToken.issuerinfo.enable=true op.format.cleanToken.issuerinfo.value= op.format.soUserKey.update.applet.emptyToken.enable=true op.format.soUserKey.update.applet.requiredVersion=1.4.4d40a449 op.format.soUserKey.update.applet.directory=[TPS_DIR]/applets op.format.soUserKey.update.applet.encryption=true op.format.soUserKey.update.symmetricKeys.enable=false op.format.soUserKey.update.symmetricKeys.requiredVersion=1 op.format.soUserKey.revokeCert=true op.format.soUserKey.ca.conn=ca1 op.format.soUserKey.loginRequest.enable=false op.format.soUserKey.cardmgr_instance=A0000000030000 op.format.soUserKey.tks.conn=tks1 op.format.soUserKey.auth.id=ldap1 op.format.soUserKey.auth.enable=false op.format.soUserKey.issuerinfo.enable=true op.format.soUserKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi op.format.soKey.update.applet.emptyToken.enable=true op.format.soKey.update.applet.requiredVersion=1.4.4d40a449 op.format.soKey.update.applet.directory=[TPS_DIR]/applets op.format.soKey.update.applet.encryption=true op.format.soKey.update.symmetricKeys.enable=false op.format.soKey.update.symmetricKeys.requiredVersion=1 op.format.soKey.revokeCert=true op.format.soKey.ca.conn=ca1 op.format.soKey.loginRequest.enable=true op.format.soKey.cardmgr_instance=A0000000030000 op.format.soKey.tks.conn=tks1 op.format.soKey.auth.id=ldap2 op.format.soKey.auth.enable=true op.format.soKey.issuerinfo.enable=true op.format.soKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/so/index.cgi op.format.userKey.update.applet.emptyToken.enable=true op.format.userKey.update.applet.requiredVersion=1.4.4d40a449 op.format.userKey.update.applet.directory=[TPS_DIR]/applets op.format.userKey.update.applet.encryption=true op.format.userKey.update.symmetricKeys.enable=false op.format.userKey.update.symmetricKeys.requiredVersion=1 op.format.userKey.revokeCert=true op.format.userKey.ca.conn=ca1 op.format.userKey.loginRequest.enable=true op.format.userKey.cardmgr_instance=A0000000030000 op.format.userKey.tks.conn=tks1 op.format.userKey.auth.id=ldap1 op.format.userKey.auth.enable=true op.format.userKey.issuerinfo.enable=true op.format.userKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi op.format.tokenKey.update.applet.emptyToken.enable=true op.format.tokenKey.update.applet.requiredVersion=1.4.4d40a449 op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets op.format.tokenKey.update.applet.encryption=true op.format.tokenKey.update.symmetricKeys.enable=false op.format.tokenKey.update.symmetricKeys.requiredVersion=1 op.format.tokenKey.revokeCert=true op.format.tokenKey.ca.conn=ca1 op.format.tokenKey.loginRequest.enable=true op.format.tokenKey.cardmgr_instance=A0000000030000 op.format.tokenKey.tks.conn=tks1 op.format.tokenKey.auth.id=ldap1 op.format.tokenKey.auth.enable=true op.format.tokenKey.issuerinfo.enable=true op.format.tokenKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi tokendb._000=######################################### tokendb._001=# tokendb.auditLog: tokendb._002=# - audit log path tokendb._003=# tokendb.host: tokendb._004=# - tokendb host name tokendb._005=# tokendb.port: tokendb._006=# - tokendb port number tokendb._007=# tokendb.bindDN: tokendb._008=# - tokendb administration DN (i.e. cn=Directory Manager) tokendb._009=# tokendb.bindPassPath: tokendb._010=# - tokendb administration password file path tokendb._011=# tokendb.templateDir tokendb._012=# - directory where all the tokendb templates are located tokendb._013=# tokendb.userBaseDN: tokendb._014=# - directory base DN for users and groups tokendb._015=# tokendb.baseDN: tokendb._016=# - directory base DN for tokens tokendb._017=# tokendb.activityBaseDN: tokendb._018=# - directory base DN for activities tokendb._019=# tokendb.indexTemplate=index.template tokendb._020=# - index template tokendb._021=# tokendb.newTemplate=new.template tokendb._022=# - add template tokendb._023=# tokendb.showTemplate=show.template tokendb._024=# - show template tokendb._025=# tokendb.errorTemplate=error.template tokendb._026=# - error template tokendb._027=# tokendb.searchTemplate=search.template tokendb._028=# - search template tokendb._029=# tokendb.searchResultTemplate=searchResults.template tokendb._030=# - search result template tokendb._031=# tokendb.editTemplate=edit.template tokendb._032=# - edit template tokendb._033=# tokendb.editResultTemplate=editResults.template tokendb._034=# - edit result template tokendb._035=# tokendb.addResultTemplate=addResults.template tokendb._036=# - add result template tokendb._037=# tokendb.deleteResultTemplate=deleteResults.template tokendb._038=# - delete result template tokendb._039=# tokendb.searchActivityTemplate=searchActivity.template tokendb._040=# - search activity template tokendb._041=# tokendb.searchActivityResultTemplate=searchActivityResults.template tokendb._042=# - search activity result template tokendb._043=# tokendb.showAdminTemplate=showAdmin.template tokendb._044=# - show admin template tokendb._045=# tokendb.editAdminTemplate=editAdmin.template tokendb._046=# - edit admin template tokendb._047=# tokendb.editAdminResultTemplate=editAdminResults.template tokendb._048=# - edit admin result template tokendb._049=# tokendb.searchAdminTemplate=searchAdmin.template tokendb._050=# - search admin template tokendb._051=# tokendb.searchAdminResultTemplate=searchAdminResults.template tokendb._052=# - search admin result template tokendb._053=# tokendb.defaultPolicy: tokendb._054=# Supported Policy (Separated by ; [Semicolon]): tokendb._055=# For example, PIN_RESET=YES|NO;RE_ENROLL=YES|NO tokendb._056=# PIN_RESET=YES|NO tokendb._057=# - If not present, pin reset by user is allowed. tokendb._058=# - If present and agent change PIN_RESET from NO tokendb._059=# to YES, user is allowed to do pin reset. This tokendb._060=# policy will be changed back to NO after pin reset. tokendb._061=# RE_ENROLL=YES|NO tokendb._062=# - If not present, re-enrollment is allowed. tokendb._063=# - If present, re-enrollment is allowed when RE_ENROLL tokendb._064=# is set to YES. Otherwise, re-enrollment is not tokendb._065=# allowed. tokendb._066=# tokendb.allowedTransitions: tokendb._067=# - has transitions between the following states tokendb._068=# TOKEN_UNINITIALIZED = 0, tokendb._069=# TOKEN_DAMAGED =1, tokendb._070=# TOKEN_PERM_LOST=2, tokendb._071=# TOKEN_TEMP_LOST=3, tokendb._072=# TOKEN_FOUND =4, tokendb._073=# TOKEN_TEMP_LOST_PERM_LOST =5, tokendb._074=# TOKEN_TERMINATED = 6 tokendb._075=######################################### tokendb.auditLog=[SERVER_ROOT]/logs/tokendb-audit.log tokendb.hostport=[TOKENDB_HOST]:[TOKENDB_PORT] tokendb.ssl=false tokendb.bindDN=cn=Directory Manager tokendb.bindPassPath=[SERVER_ROOT]/conf/password.conf tokendb.templateDir=[SERVER_ROOT]/docroot/tus tokendb.userBaseDN=[TOKENDB_ROOT] tokendb.baseDN=ou=Tokens,[TOKENDB_ROOT] tokendb.activityBaseDN=ou=Activities,[TOKENDB_ROOT] tokendb.certBaseDN=ou=Certificates,[TOKENDB_ROOT] tokendb.indexTemplate=index.template tokendb.indexAdminTemplate=indexAdmin.template tokendb.newTemplate=new.template tokendb.showTemplate=show.template tokendb.showCertTemplate=showCert.template tokendb.errorTemplate=error.template tokendb.searchTemplate=search.template tokendb.searchResultTemplate=searchResults.template tokendb.searchCertificateResultTemplate=searchCertificateResults.template tokendb.editTemplate=edit.template tokendb.editResultTemplate=editResults.template tokendb.addResultTemplate=addResults.template tokendb.deleteTemplate=delete.template tokendb.deleteResultTemplate=deleteResults.template tokendb.searchActivityTemplate=searchActivity.template tokendb.searchCertificateTemplate=searchCertificate.template tokendb.searchActivityResultTemplate=searchActivityResults.template tokendb.searchActivityAdminTemplate=searchActivityAdmin.template tokendb.searchActivityAdminResultTemplate=searchActivityAdminResults.template tokendb.showAdminTemplate=showAdmin.template tokendb.doTokenTemplate=doToken.template tokendb.doTokenConfirmTemplate=doTokenConfirm.template tokendb.revokeTemplate=revoke.template tokendb.searchAdminTemplate=searchAdmin.template tokendb.searchAdminResultTemplate=searchAdminResults.template tokendb.defaultPolicy=RE_ENROLL=YES tokendb.newUserTemplate=newUser.template tokendb.userDeleteTemplate=userDelete.template tokendb.searchUserResultTemplate=searchUserResults.template tokendb.searchUserTemplate=searchUser.template tokendb.editUserTemplate=editUser.template tokendb.indexOperatorTemplate=indexOperator.template tokendb.selfTestTemplate=selfTest.template tokendb.selfTestResultsTemplate=selfTestResults.template tokendb.auditAdminTemplate=auditAdmin.template tokendb.selectConfigTemplate=selectConfig.template tokendb.agentSelectConfigTemplate=agentSelectConfig.template tokendb.editConfigTemplate=editConfig.template tokendb.agentViewConfigTemplate=agentViewConfig.template tokendb.addConfigTemplate=addConfig.template tokendb.confirmConfigChangesTemplate=confirmConfigChanges.template tokendb.confirmDeleteConfigTemplate=confirmDeleteConfig.template log.instance.SignedAudit.selected.events=ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL log.instance.SignedAudit.selectable.events=ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE,PRIVATE_KEY_ARCHIVE_PROCESSED,KEY_RECOVERY_REQUEST,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_PROCESSED,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL log.instance.SignedAudit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_PROCESSED,SERVER_SIDE_KEYGEN_REQUEST tokendb.allowedTransitions=0:1,0:2,0:3,0:4,0:5,0:6,3:4,3:5,3:6,4:1,4:2,4:3,4:6 target._000=######################################### target._001=# entries to enable configuration of parameter sets through the TPS UI agent and admin tabs target._002=# target._003=# target.configure.list = comma separated lists of all parameter sets that can be configured by the admin. target._004=# Each entry will show up (with underscore replaced by space) under Advanced Configuration on the admin tab. target._005=# target._006=# target.agent_approve.list = comma separated subset of above list. Parameter sets in this list target._007=# will show up in the agent tab (under advanced configuration) and will require agent involvement target._008=# (enable/ disable) to be edited. target._009=# target._010=# For the wording to display correctly, the values in the above list should be plurals. target._011=# target._012=# Each parameter set in the lists above requires three parameters: target._013=# target..list : list of choices of this parameter set type (will display in the drop down box) target._014=# target..pattern : the regular expression to select parameters in CS.cfg for this parameter set. target._015=# target..displayname: used in the UI display text. This should be the singular form of . target._016=# target._017=# The exception is the parameter set Generals, which has only a pattern and displayname defined. target._018=# target._019=######################################## target.configure.list=Profiles,Subsystem_Connections,Profile_Mappings,Authentication_Sources target.agent_approve.list=Profiles target.Profiles.list=userKey,soKey,soCleanUserToken,soUserKey,cleanToken,soCleanSoToken,tokenKey target.Profiles.pattern=op\..*\.$name\..* target.Profiles.displayname=Profile target.Subsystem_Connections.list=ca1,drm1,tks1 target.Subsystem_Connections.pattern=conn\.$name\..* target.Subsystem_Connections.displayname=Subsystem Connection target.Profile_Mappings.list=enroll,format,pinReset target.Profile_Mappings.pattern=op\.$name\.mapping\..* target.Profile_Mappings.displayname=Profile Mapping target.Authentication_Sources.list=0,1 target.Authentication_Sources.pattern=auth\.instance\.$name\..* target.Authentication_Sources.displayname=Authentication Source target.Generals.displayname=General target.Generals.pattern=^applet\..*\|^general\..*\|^failover.pod.enable\|^channel\..* config.Generals.General.state=Enabled config.Generals.General.timestamp=1280283607424406 tps._000=######################################## tps._001=# For verifying system certificates tps._002=# tps.cert.list=sslserver,subsystem,audit_signing tps._003=# tps.cert.sslserver.nickname=xxx tps._005=# tps.cert.subsystem.nickname=xxx tps._007=# tps.cert.audit_signing.nickname=xxx tps._008=# operations.allowedTransitions: tps._009=# - token operations, like formatting and enrollment have transitions between the following states tps._010=# TOKEN_UNINITIALIZED = 0, tps._011=# TOKEN_DAMAGED =1, tps._012=# TOKEN_PERM_LOST=2, tps._013=# TOKEN_TEMP_LOST=3, tps._014=# TOKEN_FOUND =4, tps._015=# TOKEN_TEMP_LOST_PERM_LOST =5, tps._016=# TOKEN_TERMINATED = 6 tps._017=# Sample: tps.operations.allowedTransitions=0:0,0:4,4:6,6:0 tps._018=######################################## tps.operations.allowedTransitions=0:0,0:4,4:0 tps.cert.list=sslserver,subsystem,audit_signing tps.cert.sslserver.nickname=[HSM_LABEL][NICKNAME] tps.cert.subsystem.nickname=[HSM_LABEL][NICKNAME] tps.cert.audit_signing.nickname=[HSM_LABEL][NICKNAME]