439
edits
NSS: Difference between revisions
Jump to navigation
Jump to search
→Softoken Specific Parameters
| Line 150: | Line 150: | ||
'''keyPrefix''' - Prefix for the key database. | '''keyPrefix''' - Prefix for the key database. | ||
'''minPWLen''' - Minimum password length in bytes. | '''minPWLen''' - Minimum password length in bytes. | ||
'''manufacturerID''' - Override the default value for the module | '''manufacturerID''' - Override the default manufactureID value for the module returned in the CK_INFO, CK_SLOT_INFO, and CK_TOKEN_INFO structures with an internationalize string (UTF8). This value will be truncated at 32 bytes (no NULL, partial UTF8 characters dropped). | ||
'''libraryDescription''' - Override the default value for the module | '''libraryDescription''' - Override the default libraryDescription value for the module returned in the CK_INFO structure with an internationalize string (UTF8). This value will be truncated at 32 bytes (no NULL, partial UTF8 characters dropped). | ||
'''cryptoTokenDescription''' - Override the default value for the internal crypto token | '''cryptoTokenDescription''' - Override the default label value for the internal crypto token returned in the CK_TOKEN_INFO structure with an internationalize string (UTF8). This value will be truncated at 32 bytes (no NULL, partial UTF8 characters dropped). | ||
'''dbTokenDescription''' - Override the default value for the internal DB token | '''dbTokenDescription''' - Override the default label value for the internal DB token returned in the CK_TOKEN_INFO structure with an internationalize string (UTF8). This value will be truncated at 32 bytes (no NULL, partial UTF8 characters dropped). | ||
'''FIPSTokenDescription''' - Override the default value for the internal FIPS token | '''FIPSTokenDescription''' - Override the default label value for the internal FIPS token returned in the CK_TOKEN_INFO structure with an internationalize string (UTF8). This value will be truncated at 32 bytes (no NULL, partial UTF8 characters dropped). | ||
'''cryptoSlotDescription''' - Override the default value for the internal crypto token | '''cryptoSlotDescription''' - Override the default slotDescription value for the internal crypto token returned in the CK_SLOT_INFO structure with an internationalize string (UTF8). This value will be truncated at 64 bytes (no NULL, partial UTF8 characters dropped). | ||
'''dbSlotDescription''' - Override the default value for the internal DB token | '''dbSlotDescription''' - Override the default slotDescription value for the internal DB token returned in the CK_SLOT_INFO structure with an internationalize string (UTF8). This value will be truncated at 64 bytes (no NULL, partial UTF8 characters dropped). | ||
'''FIPSSlotDescription''' - Override the default value for the internal FIPS token | '''FIPSSlotDescription''' - Override the default slotDecription value for the internal FIPS token returned in the CK_SLOT_INFO structure with an internationalize string (UTF8). This value will be truncated at 64 bytes (no NULL, partial UTF8 characters dropped). | ||
'''flags''' - comma separated list of flag values, parsed case-insensitive. | '''flags''' - comma separated list of flag values, parsed case-insensitive. | ||
Valid flags are: | Valid flags are: | ||
'''noModDB''' - don't open SECMOD.db and try to supply the strings. The MOD DB function is not through standard PKCS #11 interfaces. | '''noModDB''' - don't open SECMOD.db and try to supply the strings. The MOD DB function is not through standard PKCS #11 interfaces. | ||
'''readOnly''' - | '''readOnly''' - Databases should be opened read only. | ||
'''noCertDB''' - Don't try to open a certificate database. | '''noCertDB''' - Don't try to open a certificate database. | ||
'''noKeyDB''' - Don't try to open a key database. | '''noKeyDB''' - Don't try to open a key database. | ||
| Line 167: | Line 167: | ||
'''passwordRequired''' - zero length passwords are not acceptable (valid only if there is a keyDB). | '''passwordRequired''' - zero length passwords are not acceptable (valid only if there is a keyDB). | ||
'''optimizeSpace''' - allocate smaller hash tables and lock tables.When this flag is not specified, Softoken will allocate large tables to prevent lock contention. | '''optimizeSpace''' - allocate smaller hash tables and lock tables.When this flag is not specified, Softoken will allocate large tables to prevent lock contention. | ||
'''tokens''' - configure 'tokens' by hand. The tokens parameter specifies a space sparated list of slotIDS, each of which specify their own set of parameters affecting that token. Typically 'tokens' would not be specified unless additional databases are to be opened as additional tokens. If tokens is specified, then all tokens (including the default tokens) need to be specified. If tokens is not specified, then softoken would default to the following specs: | |||
In non-FIPS mode: tokens=<0x01=[configDir=''configDir'' tokenDescription=''cryptoTokenDescription'' slotDescription=''cryptoSlotDescription'' flags=noCertDB,noKeyDB,''optimizeSpace''] 0x02=[configDir=''configDir'' tokenDescription=''dbTokenDescription'' slotDescription=''dbSlotDescription'' | |||
certPrefix=''certPrefix'' keyPrefix=''keyPrefix'' flags=''flags'' minPWLen=''minPWLen'']> | |||
In FIPS mode: tokens=<0x03=[configDir=''configDir'' tokenDescription=''FIPSTokenDescription'' slotDescription=''FIPSSlotDescription'' | |||
certPrefix=''certPrefix'' keyPrefix=''keyPrefix'' flags=''flags'' minPWLen=''minPWLen'']> | |||
where ''configDir'', ''cryptoTokenDescription'', ''cryptoSlotDescription'', ''dbTokenDescription'', ''dbSlotDescription'', ''FIPSTokenDescription'', ''FIPSSlotDescription'', ''optimizeSpace'', ''certPrefix'', ''keyPrefix'', ''flags'', and ''minPWLen'' are copied from the parameters above. | |||
Parameters: | Parameters: | ||
'''configDir''' | '''configDir''' - The location of the databases for this token. If configDir is not specified, the default configDir specified earlier will be used. | ||
'''certPrefix''' | '''certPrefix''' - Cert prefix for this token. | ||
'''keyPrefix''' | '''keyPrefix''' - Prefix for the key database for this token. | ||
'''tokenDescription''' | '''tokenDescription''' - The label value for this token returned in the CK_TOKEN_INFO structure with an internationalize string (UTF8). This value will be truncated at 32 bytes (no NULL, partial UTF8 characters dropped). | ||
'''slotDescription''' | '''slotDescription''' - The slotDescription value for this token returned in the CK_SLOT_INFO structure with an internationalize string (UTF8). This value will be truncated at 64 bytes (no NULL, partial UTF8 characters dropped). | ||
'''minPWLen''' | '''minPWLen''' - minimum password length for this token. | ||
flags | flags | ||
Valid flags are: | Valid flags are: | ||
'''readOnly''' | '''readOnly''' - Databases should be opened read only. | ||
'''noCertDB''' | '''noCertDB''' - Don't try to open a certificate database. | ||
'''noKeyDB''' | '''noKeyDB''' - Don't try to open a key database. | ||
'''forceOpen''' | '''forceOpen''' - Don't fail to initialize the token if the databases could not be opened. | ||
'''passwordRequired''' | '''passwordRequired''' - zero length passwords are not acceptable (valid only if there is a keyDB). | ||
'''optimizeSpace''' | '''optimizeSpace''' - allocate smaller hash tables and lock tables.When this flag is not specified, Softoken will allocate large tables to prevent lock contention. | ||