# Sample crypto worker configuration using P11NG PKCS11 CryptoToken.
#

# Type of worker and implementation
WORKERGENID1.TYPE=CRYPTO_WORKER
WORKERGENID1.IMPLEMENTATION_CLASS=org.signserver.server.signers.CryptoWorker

# Uses a HSM or smart card through PKCS#11:
WORKERGENID1.CRYPTOTOKEN_IMPLEMENTATION_CLASS=org.signserver.p11ng.common.cryptotoken.P11NGCryptoToken

# Name for other workers to reference this worker:
WORKERGENID1.NAME=CryptoTokenP11NG1

# Name of the PKCS#11 shared library to use:
# The samples below corresponds to the ones set by default in the deploy
# configuration.
# To add new definitions or customize existing ones, see
# conf/signserver_deploy.properties.sample.
WORKERGENID1.SHAREDLIBRARYNAME=SafeNet ProtectServer Gold
#WORKERGENID1.SHAREDLIBRARYNAME=SafeNet ProtectServer Gold Emulator
#WORKERGENID1.SHAREDLIBRARYNAME=SoftHSM
#WORKERGENID1.SHAREDLIBRARYNAME=SafeNet Luna Client
#WORKERGENID1.SHAREDLIBRARYNAME=SafeNet Luna SA
#WORKERGENID1.SHAREDLIBRARYNAME=SafeNet Luna PCI
#WORKERGENID1.SHAREDLIBRARYNAME=Utimaco
#WORKERGENID1.SHAREDLIBRARYNAME=nCipher
#WORKERGENID1.SHAREDLIBRARYNAME=OpenSC

# Method for pointing out which slot to use:
WORKERGENID1.SLOTLABELTYPE=SLOT_NUMBER
#WORKERGENID1.SLOTLABELTYPE=SLOT_INDEX

# Which slot to use:
WORKERGENID1.SLOTLABELVALUE=1
#WORKERGENID1.SLOTLABELVALUE=0

# Optional password of the slot. If specified the token is "auto-activated".
#WORKERGENID1.PIN=foo123

# Signature algorithm for the dummy certificate stored in HSM
# as part of key generation
WORKERGENID1.SELFSIGNED_SIGNATUREALGORITHM=
#WORKERGENID1.SELFSIGNED_SIGNATUREALGORITHM=SHA256withRSA

# Optional PKCS#11 attributes used for key generation
WORKERGENID1.ATTRIBUTE.PUBLIC.RSA.CKA_ENCRYPT = false
WORKERGENID1.ATTRIBUTE.PUBLIC.RSA.CKA_VERIFY = false
WORKERGENID1.ATTRIBUTE.PUBLIC.RSA.CKA_WRAP = false
WORKERGENID1.ATTRIBUTE.PRIVATE.RSA.CKA_SIGN = true
WORKERGENID1.ATTRIBUTE.PRIVATE.RSA.CKA_PRIVATE = true
WORKERGENID1.ATTRIBUTE.PRIVATE.RSA.CKA_SENSITIVE = true
WORKERGENID1.ATTRIBUTE.PRIVATE.RSA.CKA_EXTRACTABLE = false
WORKERGENID1.ATTRIBUTE.PRIVATE.RSA.CKA_DECRYPT = false
WORKERGENID1.ATTRIBUTE.PRIVATE.RSA.CKA_UNWRAP = false
#WORKERGENID1.ATTRIBUTE.PRIVATE.RSA.CKA_ALLOWED_MECHANISMS=CKM_RSA_PKCS, CKM_SHA256_RSA_PKCS, CKM_SHA384_RSA_PKCS, CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS_PSS, CKM_SHA256_RSA_PKCS_PSS, CKM_SHA384_RSA_PKCS_PSS, CKM_SHA512_RSA_PKCS_PSS
#WORKERGENID1.ATTRIBUTE.PRIVATE.RSA.CKA_ALLOWED_MECHANISMS=CKM_RSA_PKCS_PSS, CKM_SHA256_RSA_PKCS_PSS, CKM_SHA384_RSA_PKCS_PSS, CKM_SHA512_RSA_PKCS_PSS

# If a default key is configured, activation is tested by using the default key. If there is no configured default key,
# the activation is tested by a test connection to the HSM.
WORKERGENID1.DEFAULTKEY=testkey0
#WORKERGENID1.DEFAULTKEY=