SmartCardReader

This section controls the behavior for smart card readers.

AllowReaderRemoval

This entry enables/disables the possibility to remove smart card readers as PKCS#11 slots at runtime when reader is removed.

0

Reader will continue to exist

1

Reader will be removed

Default value is 0; reader will not be removed.

The reason for not removing is that the PKCS#11 standard has no defined policy for slot removal. Removal of slots may cause undefined behavior for PKCS#11 applications.

Accepted

This entry contains a list of smart card reader names that are acceptable, separated with ;.

Default value is none; all reader names are accepted.

Use [SmartCardReader]>Denied parameter to specify a list of reader names that are denied.

CachePath

This entry contains a full path to a directory which will be used to store the smart card cache.

Default value is none; will use the standard temporary directory, location depending on operating system and version.

CacheValidity

This entry specifies the number of minutes the smart card cache is valid for user environment.

CacheValidity=10080

Default value is 10080; one week, 7*24*60=10080 minutes.

CacheAcceptUnknown

This entry tells the status of smart card cache when no update counter is available.

0

Will not use cache when status is unknown

X

Will tell the number of minutes cache is valid when no update counter is available

Default value is 0; cache is inactive when no update counter is available.

CheckInformation

This entry enables/disables the check for information from the smart card reader, for example driver version or PIN pad information.

0

Will not check for information

1

Will check for information

Default value is 0; will not check for information.

There are smart card reader drivers that will crash when checking for information. Avoid them!

CheckPinPad

This entry enables/disables the check for PIN pad from the smart card reader, will require that checkInformation above is enabled.

0

Will not check for PIN pad

1

Will check for PIN pad

Default value is 0; will not check for PIN pad.

Denied

This entry contains a list of smart card reader names that are not acceptable, separated with ;.

Default value is none, all reader names are accepted.

Use [SmartCardReader]>Accepted parameter to specify a list of reader names that are accepted.

Detect

This entry specifies the number of seconds from initialize that the library should search for smart card readers. This allows smart card readers to be inserted after the library has been initialized.

0

Will not search for readers

1

Will do a single search for readers

X

Will search X seconds for readers

-1

Will search forever for readers

Default value is 60; will search in 60 seconds for smart card readers.

This search may cause memory leaks if bad PC/SC smart card reader drivers are installed, so not recommended with value -1 for terminal servers.

KeepLoggedInLocked

This entry controls the behavior when smart card is opened and session is logged on.

0

Will not lock reader when logged on

1

Will lock reader when logged on

Default value is 0; will not lock reader when logged on.

Locking the reader will stop other applications from using the smart card reader in parallel. This may cause interoperability problems.
This behavior is identical to the situation when smart card is used with PIN pad, it will not release the reader until logged out to avoid multiple PIN entries.
Only use this feature when single-sign-on is enabled or a single application is using the smart card.

KeepPinCache

This entry specifies the number of milliseconds the PIN should be kept after card removal. This can be used to avoid clear of PIN cache when a smart card reader generates strange remove/insert events, but should not be used in normal situations.

0

Will not keep PIN cache after remove event

X

Number of miliseconds PIN is kept in cache after remove event

Default value is 0; PIN cache is cleared when the smart card is removed.

LockDelay

This entry specifies the number of seconds to keep the card locked after usage. This may be used to increase performance, since lock/release card may require some substantial time.

0

Will not delay release

X

Will delay X seconds before release

Default value is 0; no delay when releasing card.

LockTimeout

This entry specifies the number of seconds to keep trying to lock the card when it is in use by another application.

0

No lock timeout

X

Will try to lock in X seconds

Default value is 30; will try locking the card for 30 seconds.

MaxTransfer

This entry configures the maximum number of bytes that may be transmitted for each smart card call. Minimum value is 64 bytes and maximum value is 255 bytes.

MaxTransfer=255

Default value is 255; 255 bytes.

Mode

This entry specifies the mode to connect with towards the smart card, either exclusive or shared mode. Exclusive mode requires the application to work alone with the smart card. Shared mode allows simultaneous connections and will require transaction handling to handle atomic operations.

0

Exclusive mode

1

Shared mode

Default value is 1; shared mode used.

Exclusive mode will cause interoperability problems.

Poll

This entry specifies the number of milliseconds between polling for card presence.

Poll=333

Default value is 333; 333 milliseconds.

Protocol

This entry specifies the protocol to use when communicating with the smart card.

0

T0, supported by most cards

1

T1, faster but not supported by older cards.

  • -1 → T0 or T1, negotiated with card

Default value is -1; protocol negotiated with smart card.

ReloadOnError

This entry specifies the behavior when the reader connection fails for some reason.

0

Do nothing

1

Reload connections

2

Reload connection and library

Default value is 0; do nothing.

SingleConnection

This entry specifies the behavior when connecting to the smart card reader. Either uses one connection for all purposes or two connections, one connection for smart card status and one connection for transmitting smart card commands.

0

Two connections

1

One connection

2

One global connection (never released)

Default value is 0; two connections.

Scope

This entry specifies the scope for the smart card reader connection: user, terminal, system or global. The real meaning of scope is depending on smart card reader type, currently only used by PC/SC. See PC/SC documentation for more information.

0

User scope

1

Terminal scope

2

System scope

3

Global scope

Default value is 0 for user processes and 2 for system processes.

SystemCacheValidity

This entry specifies the number of minutes the smart card cache is valid for system environment.

SystemCacheValidity =10080

Default value is 10080; one week, 7*24*60=10080 minutes.