GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
STRENGTH.CONF(5) openCryptoki STRENGTH.CONF(5)

strength.conf - Configuration file for openCryptoki strength configuration.

openCryptoki uses a strength configuration file at /etc/opencryptoki/strength.conf

This configuration file allows users to configure openCryptoki cryptographic key strength determination based on key attributes. This file is required by openCryptoki.

This file starts with a version specification of the form version strength-0 followed by the definition of various strengths.

Each strength definition is composed of a strength, brackets and key-value pairs.


strength number
{
...
}

Supported numbers are 112, 128, 192, and 256 representing the corresponding strength in bits.

Note: These definitions are optional. If a definition is missing, no key can have the strength. If no strength definition is present, all keys will have strength 0.

More than one key-value pair may be used within a strength description.

A key-value pair is composed of keyword = value where value is an unsigned number.

The following keywords are valid:

Specifies the minimum number of bits required for RSA moduli, and DH and DSA primes such that the corresponding key is of the currently defined strength.

Note: This key-value pair is optional. If not present, no RSA, DH, or DSA key can have the currently defined strength.

Specifies the minimum number of bits in the prime field of the elliptic curve such that the corresponding key is of the currently defined strength.

Note: This key-value pair is optional. If not present, no EC key can have the currently defined strength.

Specifies the minimum number of bits required for symmetric keys such that the corresponding key is of the currently defined strength.

Note: This key-value pair is optional. If not present, no symmetric key can have the currently defined strength.

Specifies the minimum size in bits of digest outputs required by the currently defined strength.

Note: This key-value pair is optional. If not present, this strength definition does not constrain the size of digests.

Specifies the minimum size in bits of signatures required by the currently defined strength.

Note: This key-value pair is optional. If not present, this strength definition does not constrain the size of signatures.

The strength configuration file has to be owned by root:pkcs11, have mode 0640, and be parsable. Otherwise, openCryptoki will return CKR_FUNCTION_FAILED on C_Initialize and log a corresponding message to syslog detailing the reason why the strength configuration could not be used. In this case, fix the problem described in syslog to be able to use openCryptoki again.

The pound sign ('#') is used to indicate a comment. Both the comment character and any text after it, up to the end of the line, are ignored. The comment character can be used at the beginning of a line (including before the file version specification), after a value, and before and after the braces.

/usr/share/doc/opencryptoki/strength-example.conf
September 2021 3.19.0
Search for    or go to Top of page |  Section 5 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.