1#
2# EP11 token configuration
3#
4# In order to use the EP11 Token you need to specify a list of
5# adapter/domain pairs installed and configured on your system.
6#
7# To force that the default for CKA_SENSITIVE is CK_TRUE for
8# secret keys specify the following option:
9#
10#      FORCE_SENSITIVE
11#
12# To enable strict-mode, specify the following option:
13#
14#      STRICT_MODE
15#
16# In strict-mode all session-keys will strictly belong to the PKCS#11
17# session that created it. When the PKCS#11 session ends, all session
18# keys created for this session can no longer be used.
19#
20#      VHSM_MODE
21#
22# In VHSM-mode (virtual-HSM), all keys generated by the EP-11 token will
23# strictly belong to the EP11 token that created it. Every EP11 token
24# requires a VHSM-pin to be set using the pkcsep11_session tool.
25#
26# The list of mechanisms returned by C_GetMechanismList is filtered
27# using the control point settings of the used crypto adapters.
28# The EP11 CP-filter config file is used to associate certain
29# control points with mechanisms that are dependent on these control
30# points. The default CP-filter config file is 'ep11cpfilter.conf' located
31# in the same directory as this EP11 token configuration file.
32# You can optionally specify the name and/or location of the CP-filter
33# file:
34#
35#      CPFILTER /etc/opencryptoki/ep11cpfilter.conf
36#
37# To enable optimization of single part Sign/Verify and Encrypt/Decrypt
38# operations specify the following option:
39#
40#      OPTIMIZE_SINGLE_PART_OPERATIONS
41#
42# To optimize digest operations using CPACF the libica library is used.
43# Use the DIGEST_LIBICA option to control which libica library is loaded.
44# Specify the path of the libica library to use a specific libica library,
45# or specify 'DEFAULT' to use the system default libica library.
46# Specify 'OFF' to turn digest optimizations off.
47#
48#      DIGEST_LIBICA <libica-path> | DEFAULT | OFF
49#
50# There are 2 ways to specify the crypto adapters:
51#   1) explicitly list of adapter/domain pairs
52#
53#      APQN_WHITELIST
54#       8 13
55#      10 13
56#      END
57#
58#      The adapter and domain may be given in decimal,
59#      octal (with leading 0) or hexadecimal (with leading 0x):
60#
61#      APQN_WHITELIST
62#       8    0x0d
63#       0x0a 13
64#      END
65#
66#      Valid adapter and domain values are in the range 0...255
67#
68#   2) any available crypto adapters
69#
70#      APQN_ANY
71#
72
73APQN_ANY
74