Scroll to navigation

P11SAK_DEFINED_ATTRS.CONF(5) openCryptoki P11SAK_DEFINED_ATTRS.CONF(5)

NAME

p11sak_defined_attrs.conf - Configuration file for p11sak list-key command.

DESCRIPTION

The p11sak tool uses the configuration files ~/.p11sak_defined_attrs.conf and /etc/opencryptoki/p11sak_defined_attrs.conf to read information about custom attributes that shall be printed with the p11sak list-key command.

This configuration file path can be overwritten by the user with the environment variable P11SAK_DEFAULT_CONF_FILE. If the environment variable is not set, then .p11sak_defined_attrs.conf is first tried to be read from the current user's home directory. If this is not available, the global /etc/opencryptoki/p11sak_defined_attrs.conf config file is read. If none of these files are available, a warning message is displayed, and printing of custom attributes is not available.

SYNTAX

Each attribute description is composed of the attribute title, brackets and three key-value pairs.

Example:


attribute
{
name = CKA_IBM_RESTRICTABLE
id = 0x80010001
type = CK_BBOOL
}

All three keywords name , id , type are required to define an attribute.

The name must start with a letter followed by an arbitrary number of letters, numbers, underscores, dots, minuses, or slashes. The id can be in decimal as well as in hexadecimal, when started with 0x, format. The only valid values for type are:

  • CK_BBOOL
  • CK_ULONG
  • CK_BYTE
  • CK_DATE

Notes

The pound sign ('#') is used to indicate a comment up to and including the end of line.

SEE ALSO

p11sak(1)
September 2021 3.22.0