This section specifies the behavior when inserting an empty smart card; should a certificate be enrolled to the smart card or not? The behavior is relying on an additional component called LRA (local registration authority) and is currently only available on project basis, since it will require a connection to a certificate authority.
These entries are used to generate the certificate request and the value is depending on the LRA component, see LRA documentation for more information.
This entry tells whether challenge/response should be used when unlocking the PIN. The smart card to be enrolled may be locked for security reasons.
Normal PUK is used to unlock PIN
Challenge/response used to unlock PIN
Default value is 0; normal PUK is used to unlock PIN.
This entry tells the number of seconds a challenge should be valid when using challenge/response mode.
|The smart card will be locked during the operation, since the next call after generating the challenge should be the response. No other application will be able to access the smart card until the timeout is reached or the operation is finished/aborted.|