1
eCryptfs PKCS#11 Key Module
5
eCryptfs PKCS#11 key module enables use of PKCS#11 token private key
8
ecryptfsd must be running in order to use the key module.
10
The key module expects a private key and certificate on token, both
11
should have the same value in CKA_ID attribute.
15
Configuration is stored at ~/.ecryptfsrc.pkcs11.
18
pkcs11-log-level (Integer, decimal)
19
Log level of pkcs11-helper, can be from 0-5.
21
pkcs11-pin-cache-timeout (Integer, decimal)
22
Maximum PIN/session cache period in seconds.
23
-1 is infinite, until provider invalidates session.
27
Provider unique friendly name.
30
Provider library to load.
32
allow-protected-auth (Boolean)
33
Enable protected authentication if provider supports the feature.
35
cert-private (Boolean)
36
Provider stores the certificates as private objects.
38
private-mask (Integer, hex)
39
Provider private key mask:
40
0 Determine automatically.
48
pkcs11-provider1,name=myprovider1,library=/usr/lib/pkcs11/myprovider1.so
49
pkcs11-provider2,name=myprovider2,library=/usr/lib/pkcs11/myprovider2.so
55
PKCS#11 serialized object id, this object id can be
56
aquired using ecryptfs-manager, the default value of
57
this field is a list of "DN (serial) [serialized id]".
60
Optional (may be empty) reference to a X.509 PEM file
61
holding id certificate. It is required if the key is
62
added when the token is not available.
65
key=pkcs11:id=<serialized-id>
68
Alon Bar-Lev <alon.barlev@gmail.com>
added
removed
doc/ecryptfs-pkcs11-helper-doc.txt
