From d05a04968e07f6a2084ceb747938dc7cc049cb5f Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Thu, 3 Mar 2011 15:50:56 +0100 Subject: The start of some documentation. --- doc/p11-kit-config.xml | 119 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 doc/p11-kit-config.xml (limited to 'doc/p11-kit-config.xml') diff --git a/doc/p11-kit-config.xml b/doc/p11-kit-config.xml new file mode 100644 index 0000000..851f5dc --- /dev/null +++ b/doc/p11-kit-config.xml @@ -0,0 +1,119 @@ + + + + PKCS#11 Configuration + +
+ Consistent configuration + + In order for multiple applications on the user's desktop to use + PKCS#11 modules in a consistent manner, there must be a configuration + or registry to specify which modules to load and how to use them. The + PKCS#11 specification does not specify such a configuration standard. + + + Because of the multi-library module initialization problem, use of + PKCS#11 modules must be coordinated within an application. p11-kit + provides that coordination. Since coordination is required, it follows + that p11-kit can also implement a consistent module configuration. + +
+ +
+ File format + + A complete configuration consists of several files. These files are + text files. Since p11-kit is built to be used in all + sorts of environments and at very low levels of the software stack, we + cannot make use of high level configuration APIs that you may find on a + modern desktop. + + Each setting in the config file is specified consists of a name and + a value. The name is a simple string consisting of characters and dashes. + The name consists of alpha numeric characters, dot, hyphen and + underscore. + + The value is specified after the name on the same line, separated + from it by a a : colon. White space between the + name and value is ignored. + + Blank lines are ignored. White space at the beginning or end of + lines is stripped. Lines that begin with a # character + are ignored as comments. Comments are not recognized when they come after + a value on a line. + + A fictitious sample configuration file might look like: + + + name:value + # Here is a comment + + setting.2: A long value with text. + x-custom : text + + +
+ +
+ Module Configuration + + Each configured PKCS#11 module has its own config file. The + location(s) of these files are described below. Most importantly each + config file specifies the location of the PKCS#11 module to load. Each + module config file has the following fields: + + + + module + The absolute path to the PKCS#11 module to load. + This should include an extension line .so + + + + Other fields may be present, but it is recommended that field names + that are not specified in this document start with a x- + prefix. +
+ +
+ Global Configuration + + A global configuration is also present. This file contains settings + that are not related to a single PKCS#11 module. The location(s) of the + global configuration are described below. The global configuration file + can contain the following fields: + + + + user-config + This will be equal to one of the following values: + none, merge, + override. + + + + Other fields may be present, but it is recommended that field names + that are not specified in this document start with a x- + prefix. +
+ +
+ Configuration Files + + Each configured PKCS#11 module is has its own config file. These + files are placed in a directory. In addition a global config file exists. + There is a system configuration consisting of the various module config + files and a file for global configuration. Optionally each user can provide + additional configuration or override the system configuration. + + The system global configuration file is in + /etc/pkcs11/pkcs11.conf and the user global + configuration file is in ~/.pkcs11/pkcs11.conf in the + user's home directory. + + + The module config files are located XXX> + +
+ -- cgit v1.2.3