SmartCard PrimeMD

[SmartCard PrimeMD]
:RequireUniquePinPurpose=0
:SingleUsePin=0
StoreLabel=1
UseBadContainerKeyMapping=1
UseBadDecimalKeyIndex=0
:UseBadNoWritePublicKey=0
UseShortSerialNumber=

RequireUniquePinPurpose

Thales IDPrime MD profile tells the PIN purpose for each PIN, which should be unique, but sometimes they are not. The RequireUniquePinPurpose parameter controls the behavior when the same PIN purpose is used several times.

SingleUsePin

The SingleUsePin parameter controls key-single-use. Default 0, control PIN purpose and PIN policy according to token specification.

Values

0x01

PIN1.

0x02

PIN2.

0x03

PIN3.

Example 1. Set behavior for specified card models by using ATR/Token.
[SmartCard PrimeMD]
SingleUsePin=0x02,3B7F96000080318065B084565110120FFE829000;0x03,3BFF9600008131804380318065B084413DF6120FFE829000;

StoreLabel

The StoreLabel parameter enables storage of CKA_LABEL attribute for PKCS11 key and certificate objects, default enabled. The parameter can be set based on specific ATR/Token.

[SmartCard PrimeMD]
StoreLabel=1,3B7F96000080318065B084565110120FFE829000;0,*;
FriendlyName will overwrite custom label. Disable friendly name when using custom labels.

UseBadContainerKeyMapping

Because of an earlier error in the Thales IDPrime 4.ODD documentation, the Key ID and Container ID mapping functionality is now updated. This will now cause smart cards issued with earlier versions of Net iD not to work. But cards issued with Thales minidriver will start to work. The UseBadContainerKeyMapping parameter makes it possible to set to use the old or the new mapping behavior. It is also possible to set if a specified card model should use the new or the old behavior by using the ATR.

Values

0

Use new mapping.

1

Use old mapping.

ATR

The card model ATR.

Example 2. Set mapping behavior for specified card models by using ATR.
[SmartCard PrimeMD]
UseBadContainerKeyMapping=1,3B7F96000080318065B084565110120FFE829000;1,3BFF9600008131804380318065B084413DF6120FFE829000;

UseBadDecimalKeyIndex

The UseBadDecimalKeyIndex parameter makes the key index use decimal encoding instead of hexadecimal encoding. This is due to previously encoded IDPrime 940 SIS smart cards that require decimal encoding.

0

Encode key index using hexadecimal encoding.

1

Encode key index using decimal encoding.

UseBadNoWritePublicKey

Because of that the smartcard Thales IDPrime MD 840 (Applet version 4.2.0 or later) cannot write the public key to the card after it is generated, this parameter makes it possible to prevent that the public key is written.

Do not make changes to this parameter, that is, make sure it is inactivated using a colon (:) character. This makes sure that it uses the default value 0.

When the value is set to 0, Net iD Client makes automatical checks if it should write or not write the public key to the card by examining the smart card model. That is, if the smart card is an IDPrime MD 840 applet ver. 4.2.0 or later it will not write the public key. But if the card is of a different model, it will write the public key to the card.

Values

0

Do not write public key when the card is an IDPrime MD 840 applet ver. 4.2.0 or later.
For other cards Net iD Client will automatically change this value to 1.

1

Write public key to card.

Examples

Example 3. Manage a specific card using ATR

Using the ATR for the IDPrime MD 840 card to specify that it should write the public key to the card.

[SmartCard PrimeMD]
UseBadNoWritePublicKey=1,3B7F96000080318065B0850300EF120FFE829000;0

UseShortSerialNumber

Possibility to use short serial number on Thales eTokens.

Values

0

Internal serial number.

1

4 byte serial number.

2

8 byte serial number.

Examples

Example 4. Manage a specific card using ATR/Token

Using ATR/Token to specify different values.

[SmartCard PrimeMD]
UseShortSerialNumber=2,eToken Fusion*;1,eToken*;0,*