![]() |
![]() |
![]() |
p11-kit | ![]() |
---|
Each configured PKCS#11 module has its own config file. These files can be placed in various locations. Most importantly each config file specifies the path of the PKCS#11 module to load. A module config file has the following fields:
module: |
The filename of the PKCS#11 module to load.
This should include an extension like If this value is blank, then the module will be ignored. This can be used in the user configs to override loading of a module specified in the system configuration. If this is a relative path, then the module will be loaded from the default module directory. |
critical: |
Set to This argument is optional and defaults to |
enable-in: |
A comma and/or space separated list of names of programs that
this module should only be loaded in. The module will not be loaded
for other programs using p11-kit. The base name of the process executable
should be used here, for example
This is not a security feature. The argument is optional. If not present, then any process will load the module. |
disable-in: |
A comma and/or space separated list of names of programs that
this module should not be loaded in. The module will be loaded for any
other programs using p11-kit. The base name of the process
executable should be used here, for example
This is not a security feature. The argument is optional. If not present, then any process will load the module. |
Do not specify both enable-in
and disable-in
for the same module.
Other fields may be present, but it is recommended that field names
that are not specified in this document start with a x-
prefix.