A newer version of this documentation is available.

View Latest

SmartCardReader

[SmartCardReader]
AllowReaderRemoval=1
:CacheAcceptUnknown=0
:CacheValidateCounter=1
CacheValidity=10080
CacheReconnect=10
Detect=-1
:KeepLoggedInLocked=0
:KeepPinCache=0
:LockDelay=0
LockTimeout=30
MaxTransfer=255
NameAllow=
NameDeny=Microsoft Virtual Smart Card*;Windows Hello*;Intercede Virtual Reader*
Poll=333
Protocol=-1
ReloadOnError=1
:ReuseSlotId=0
:ShutdownWait=1500
:TypeList=

AllowReaderRemoval

The normal behavior is to remove the smart card reader as a slot from the PKCS#11 library when the reader is removed, but some application has a problem with this behavior. This parameter control whether the reader is removed or not.

[SmartCardReader]
AllowReaderRemoval=1

CacheAcceptUnknown

This parameter specifies the number of minutes that the cache is valid when unable to retrieve the current status of smart card presence.

[SmartCardReader]
CacheAcceptUnknown=0

CacheValidateCounter

This parameter should always be active, since it validates the update counter for the smart card. The cache is reset if the update counter is changed.

[SmartCardReader]
CacheValidateCounter=1

CacheValidity

Cache validity tells the number of seconds that the cache is valid.

[SmartCardReader]
CacheValidity=10080

CacheReconnect

The cache will try to use the cache service, but if the cache service is down will this parameter specify the number of minutes until next reconnect attempt.

[SmartCardReader]
CacheReconnect=10

Detect

This parameter tells the number of seconds the Client should be scanning for smart card readers. The default behavior is infinite scanning.

[SmartCardReader]
Detect=-1

KeepLoggedInLocked

The normal Client behavior is to release the smart card as soon as we are done working with it. To allow other processes access the same smart card. This will not work well with PIN PAD readers, since the smart card PIN status will be reset when the smart card is released. This parameter will tell the number of seconds the smart card should be locked after logged in.

[SmartCardReader]
KeepLoggedInLocked=0

KeepPinCache

The normal behavior of the Client is to clear the PIN cache when the smart card is removed, but you may specify the number of milliseconds that the PIN should be kept after removal to allow for reconnect.

[SmartCardReader]
KeepPinCache=0

LockDelay

Lock delay tells the number of seconds that the Client will keep the reader locked after stopped using it. This will allow for reconnect without losing the PIN verify status. Lock delay will be automatically activated when used with secure messaging (3 seconds) and also when used with PIN PAD reader (10 seconds).

[SmartCardReader]
LockDelay=0

LockTimeout

Lock timeout tells the number of seconds that the Client should continue to try to lock the smart card when the smart card is busy (by another process accessing).

[SmartCardReader]
LockTimeout=30

MaxTransfer

The max transfer parameter tells the maximum number of bytes that may be sent in each call towards the smart card. The maximum value is 256 bytes without command chaining or extended data transfer (supported by some smart cards).

[SmartCardReader]
MaxTransfer=255

NameAllow, NameDeny

The NameAllow and NameDeny is used as a whitelist or blacklist of smart card reader names.

[SmartCardReader]
NameAllow=
NameDeny=Microsoft Virtual Smart Card*;Windows Hello*;Intercede Virtual Reader*

Poll

The poll variable tells the number of milliseconds between asking the smart card reader service about the smart card status. May be 0 to disable the polling.

[SmartCardReader]
Poll=333

Protocol

The protocol variable tells the protocol that may be used to connect towards the smart card.

0 ⇒ T=0

1 ⇒ T=1

-1 ⇒ T=0 or T=1

Always set to -1, to allow the smart card and smart card reader to negotiate the protocol to use.

[SmartCardReader]
Protocol=-1

ReloadOnError

The Client may reload the smart card reader connections on errors. This allow for better reconnect behavior when the smart card reader driver is failing.

0 ⇒ No reloading

1 ⇒ Reconnect

2 ⇒ Reload everything

[SmartCardReader]
ReloadOnError=1

ReuseSlotId

Some applications expect the PKCS#11 slot id to never change, always the same, even when the reader is removed and later reinserted. The default behavior is to allocate a new slot id when the smart card reader is replaced, but this variable may change this behavior.

[SmartCardReader]
ReuseSlotId=0

ShutdownWait

Shutdown wait tells the number of milliseconds our smart card reader service should wait at shutdown to allow applications to finish the work against the smart card.

[SmartCardReader]
ShutdownWait=1500

TypeList

Type list is used to limit the number of used smart card reader implementations.

std ⇒ Standard PC/SC

ctapi ⇒ Standard CT-API

ykf ⇒ YubiKey PC/SC look-alike (iOS only)

macos ⇒ macOS CryptoTokenKit (macOS only)

[SmartCardReader]
TypeList=std;ykf