aboutsummaryrefslogtreecommitdiffstats
path: root/misc/botan.rc
diff options
context:
space:
mode:
Diffstat (limited to 'misc/botan.rc')
-rw-r--r--misc/botan.rc225
1 files changed, 225 insertions, 0 deletions
diff --git a/misc/botan.rc b/misc/botan.rc
new file mode 100644
index 000000000..aaa1b3f91
--- /dev/null
+++ b/misc/botan.rc
@@ -0,0 +1,225 @@
+# Botan configuration (v1.4.2)
+
+# This config, as shipped, matches the library defaults, but is much easier to
+# tweak than recompiling everything. You can use it as a base for your own
+# configurations. Read section 10.4 "Configuration Files" in the API doc for
+# more information.
+
+[base]
+memory_chunk = 32*1024 # size of the chunk of memory allocated at once
+default_pbe = PBE-PKCS5v20(SHA-1,TripleDES/CBC)
+pkcs8_tries = 3
+
+[pk]
+blinder_size = 64
+test/public = basic
+test/private = basic
+test/private_gen = all
+
+[pem]
+search = 4*1024
+forgive = 8
+width = 64
+
+[rng]
+# LibraryInitializer will try to acquire at least this many bits of entropy
+min_entropy = 384
+es_files = /dev/urandom:/dev/random # path for random devices
+egd_path = /var/run/egd-pool:/dev/egd-pool # path to search for an EGD socket
+ms_capi_prov_type = INTEL_SEC:RSA_FULL # prefered MS CryptoAPI providers
+unix_path = /usr/ucb:/usr/etc:/etc
+
+[x509]
+validity_slack = 24h # how much wiggle room is given when checking validity
+v1_assume_ca = false # should v1/v2 certificates be considered CA certs?
+cache_verify_results = 30m # how long to cache verification results
+
+[x509/ca]
+allow_ca = false # should PKCS #10 requests be able to ask to be a CA?
+ # should basic_constraints be included in all certs, including end-user?
+basic_constraints = always
+default_expire = 1y # default expire time for new certs
+signing_offset = 30s # offset the PKCS #10 validity times by this amount
+rsa_hash = SHA-1 # what hash to use when using RSA to sign new certs
+str_type = latin1 # default string encoding (latin1 or utf8)
+
+[x509/crl]
+# can be 'ignore' or 'throw': ignore matches X.509-2000 behavior, throw is PKIX
+unknown_critical = ignore
+
+# When generating a new CRL, this is the default next update time. Can also be
+# set in the call to X509_CA::update_crl/X509_CA::new_crl as the last arg
+next_update = 7d
+
+[x509/exts]
+# Each of these can be one of:
+# - critical: Extension is marked as critical, if we have the info for it
+# - yes or noncritical: Extension is included if needed, but not critical
+# - no: Extension is not included, even if the information is available
+basic_constraints = critical
+subject_key_id = yes
+authority_key_id = yes
+subject_alternative_name = yes
+issuer_alternative_name = yes
+key_usage = critical
+extended_key_usage = yes
+crl_number = yes
+
+[aliases]
+Rijndael = AES
+3DES = TripleDES
+DES-EDE = TripleDES
+CAST5 = CAST-128
+3-Way = ThreeWay
+SHARK = SHARK-E
+SEAL = SEAL-3.0-BE
+SHA1 = SHA-160
+SHA-1 = SHA-160 # Don't change or remove this
+MARK-4 = ARC4(256)
+
+OpenPGP.Cipher.1 = IDEA
+OpenPGP.Cipher.2 = TripleDES
+OpenPGP.Cipher.3 = CAST-128
+OpenPGP.Cipher.4 = Blowfish
+OpenPGP.Cipher.5 = SAFER-SK(13)
+OpenPGP.Cipher.7 = AES-128
+OpenPGP.Cipher.8 = AES-192
+OpenPGP.Cipher.9 = AES-256
+OpenPGP.Cipher.10 = Twofish
+
+OpenPGP.Digest.1 = MD5
+OpenPGP.Digest.2 = SHA-1
+OpenPGP.Digest.3 = RIPEMD-160
+OpenPGP.Digest.5 = MD2
+OpenPGP.Digest.6 = Tiger(24,3)
+OpenPGP.Digest.7 = HAVAL(20,5)
+OpenPGP.Digest.8 = SHA-256
+
+TLS.Digest.0 = Parallel(MD5,SHA-1)
+
+EME-PKCS1-v1_5 = PKCS1v15
+OAEP-MGF1 = EME1
+EME-OAEP = EME1
+X9.31 = EMSA2
+EMSA-PKCS1-v1_5 = EMSA3
+PSS-MGF1 = EMSA4
+EMSA-PSS = EMSA4
+
+[oids]
+ISO_MEMBER = 1.2
+US_BODY = ISO_MEMBER.840
+X500 = 2.5
+
+RSA_DSI = US_BODY.113549
+ANSI_X957 = US_BODY.10040
+ANSI_X942 = US_BODY.10046
+NIST_ALGO = 2.16.840.1.101.3.4
+PKIX_USAGE = 1.3.6.1.5.5.7.3
+GNU_PROJECT = 1.3.6.1.4.1.11591
+OIW_ALGO = 1.3.14.3.2
+DN_ATTR = X500.4
+X509_KU = X500.29
+
+PKCS = RSA_DSI.1
+PKCS1 = PKCS.1
+PKCS5 = PKCS.5
+PKCS7 = PKCS.7
+PKCS9 = PKCS.9
+
+DES/CBC = OIW_ALGO.7
+TripleDES/CBC = RSA_DSI.3.7
+RC2/CBC = RSA_DSI.3.2
+CAST-128/CBC = US_BODY.113533.7.66.10
+AES-128/CBC = NIST_ALGO.1.2
+AES-192/CBC = NIST_ALGO.1.22
+AES-256/CBC = NIST_ALGO.1.42
+
+MD5 = RSA_DSI.2.5
+SHA-160 = OIW_ALGO.26
+Tiger(24,3) = GNU_PROJECT.12.2
+
+KeyWrap.TripleDES = PKCS9.16.3.6
+KeyWrap.RC2 = PKCS9.16.3.7
+KeyWrap.CAST-128 = US_BODY.113533.7.66.15
+KeyWrap.AES-128 = NIST_ALGO.1.5
+KeyWrap.AES-192 = NIST_ALGO.1.25
+KeyWrap.AES-256 = NIST_ALGO.1.45
+
+Compression.Zlib = PKCS9.16.3.8
+
+RSA = PKCS1.1
+RSA = X500.8.1.1
+DSA = ANSI_X957.4.1
+DH = ANSI_X942.2.1
+
+DSA/EMSA1(SHA-160)/DER = ANSI_X957.4.3
+DSA/EMSA1(SHA-160) = ANSI_X957.4.3
+RSA/EMSA3(MD2) = PKCS1.2
+RSA/EMSA3(MD5) = PKCS1.4
+RSA/EMSA3(SHA-160) = PKCS1.5
+RSA/EMSA3(SHA-256) = PKCS1.11
+RSA/EMSA3(SHA-384) = PKCS1.12
+RSA/EMSA3(SHA-512) = PKCS1.13
+RSA/EMSA3(RIPEMD-160) = 1.3.36.3.3.1.2
+
+PBE-PKCS5v15(MD2,DES/CBC) = PKCS5.1
+PBE-PKCS5v15(MD2,RC2/CBC) = PKCS5.4
+PBE-PKCS5v15(MD5,DES/CBC) = PKCS5.3
+PBE-PKCS5v15(MD5,RC2/CBC) = PKCS5.6
+PBE-PKCS5v15(SHA-160,DES/CBC) = PKCS5.10
+PBE-PKCS5v15(SHA-160,RC2/CBC) = PKCS5.11
+PBE-PKCS5v20 = PKCS5.13
+PKCS5.PBKDF2 = PKCS5.12
+
+CMS.DataContent = PKCS7.1
+CMS.SignedData = PKCS7.2
+CMS.EnvelopedData = PKCS7.3
+CMS.DigestedData = PKCS7.5
+CMS.EncryptedData = PKCS7.6
+CMS.AuthenticatedData = PKCS9.16.1.2
+CMS.CompressedData = PKCS9.16.1.9
+
+PKCS9.EmailAddress = PKCS9.1
+PKCS9.UnstructuredName = PKCS9.2
+PKCS9.ContentType = PKCS9.3
+PKCS9.MessageDigest = PKCS9.4
+PKCS9.ChallengePassword = PKCS9.7
+PKCS9.ExtensionRequest = PKCS9.14
+
+X520.CommonName = DN_ATTR.3
+X520.Surname = DN_ATTR.4
+X520.SerialNumber = DN_ATTR.5
+X520.Country = DN_ATTR.6
+X520.Locality = DN_ATTR.7
+X520.State = DN_ATTR.8
+X520.Organization = DN_ATTR.10
+X520.OrganizationalUnit = DN_ATTR.11
+X520.Title = DN_ATTR.12
+X520.GivenName = DN_ATTR.42
+X520.Initials = DN_ATTR.43
+X520.GenerationalQualifier = DN_ATTR.44
+X520.DNQualifier = DN_ATTR.46
+X520.Pseudonym = DN_ATTR.65
+
+X509v3.SubjectKeyIdentifier = X509_KU.14
+X509v3.KeyUsage = X509_KU.15
+X509v3.SubjectAlternativeName = X509_KU.17
+X509v3.IssuerAlternativeName = X509_KU.18
+X509v3.BasicConstraints = X509_KU.19
+X509v3.CRLNumber = X509_KU.20
+X509v3.ReasonCode = X509_KU.21
+X509v3.HoldInstructionCode = X509_KU.23
+X509v3.InvalidityDate = X509_KU.24
+X509v3.CertificatePolicies = X509_KU.32
+X509v3.AuthorityKeyIdentifier = X509_KU.35
+X509v3.PolicyConstraints = X509_KU.36
+X509v3.ExtendedKeyUsage = X509_KU.37
+
+PKIX.ServerAuth = PKIX_USAGE.1
+PKIX.ClientAuth = PKIX_USAGE.2
+PKIX.CodeSigning = PKIX_USAGE.3
+PKIX.EmailProtection = PKIX_USAGE.4
+PKIX.IPsecEndSystem = PKIX_USAGE.5
+PKIX.IPsecTunnel = PKIX_USAGE.6
+PKIX.IPsecUser = PKIX_USAGE.7
+PKIX.TimeStamping = PKIX_USAGE.8