diff options
Diffstat (limited to 'misc/botan.rc')
-rw-r--r-- | misc/botan.rc | 225 |
1 files changed, 225 insertions, 0 deletions
diff --git a/misc/botan.rc b/misc/botan.rc new file mode 100644 index 000000000..aaa1b3f91 --- /dev/null +++ b/misc/botan.rc @@ -0,0 +1,225 @@ +# Botan configuration (v1.4.2) + +# This config, as shipped, matches the library defaults, but is much easier to +# tweak than recompiling everything. You can use it as a base for your own +# configurations. Read section 10.4 "Configuration Files" in the API doc for +# more information. + +[base] +memory_chunk = 32*1024 # size of the chunk of memory allocated at once +default_pbe = PBE-PKCS5v20(SHA-1,TripleDES/CBC) +pkcs8_tries = 3 + +[pk] +blinder_size = 64 +test/public = basic +test/private = basic +test/private_gen = all + +[pem] +search = 4*1024 +forgive = 8 +width = 64 + +[rng] +# LibraryInitializer will try to acquire at least this many bits of entropy +min_entropy = 384 +es_files = /dev/urandom:/dev/random # path for random devices +egd_path = /var/run/egd-pool:/dev/egd-pool # path to search for an EGD socket +ms_capi_prov_type = INTEL_SEC:RSA_FULL # prefered MS CryptoAPI providers +unix_path = /usr/ucb:/usr/etc:/etc + +[x509] +validity_slack = 24h # how much wiggle room is given when checking validity +v1_assume_ca = false # should v1/v2 certificates be considered CA certs? +cache_verify_results = 30m # how long to cache verification results + +[x509/ca] +allow_ca = false # should PKCS #10 requests be able to ask to be a CA? + # should basic_constraints be included in all certs, including end-user? +basic_constraints = always +default_expire = 1y # default expire time for new certs +signing_offset = 30s # offset the PKCS #10 validity times by this amount +rsa_hash = SHA-1 # what hash to use when using RSA to sign new certs +str_type = latin1 # default string encoding (latin1 or utf8) + +[x509/crl] +# can be 'ignore' or 'throw': ignore matches X.509-2000 behavior, throw is PKIX +unknown_critical = ignore + +# When generating a new CRL, this is the default next update time. Can also be +# set in the call to X509_CA::update_crl/X509_CA::new_crl as the last arg +next_update = 7d + +[x509/exts] +# Each of these can be one of: +# - critical: Extension is marked as critical, if we have the info for it +# - yes or noncritical: Extension is included if needed, but not critical +# - no: Extension is not included, even if the information is available +basic_constraints = critical +subject_key_id = yes +authority_key_id = yes +subject_alternative_name = yes +issuer_alternative_name = yes +key_usage = critical +extended_key_usage = yes +crl_number = yes + +[aliases] +Rijndael = AES +3DES = TripleDES +DES-EDE = TripleDES +CAST5 = CAST-128 +3-Way = ThreeWay +SHARK = SHARK-E +SEAL = SEAL-3.0-BE +SHA1 = SHA-160 +SHA-1 = SHA-160 # Don't change or remove this +MARK-4 = ARC4(256) + +OpenPGP.Cipher.1 = IDEA +OpenPGP.Cipher.2 = TripleDES +OpenPGP.Cipher.3 = CAST-128 +OpenPGP.Cipher.4 = Blowfish +OpenPGP.Cipher.5 = SAFER-SK(13) +OpenPGP.Cipher.7 = AES-128 +OpenPGP.Cipher.8 = AES-192 +OpenPGP.Cipher.9 = AES-256 +OpenPGP.Cipher.10 = Twofish + +OpenPGP.Digest.1 = MD5 +OpenPGP.Digest.2 = SHA-1 +OpenPGP.Digest.3 = RIPEMD-160 +OpenPGP.Digest.5 = MD2 +OpenPGP.Digest.6 = Tiger(24,3) +OpenPGP.Digest.7 = HAVAL(20,5) +OpenPGP.Digest.8 = SHA-256 + +TLS.Digest.0 = Parallel(MD5,SHA-1) + +EME-PKCS1-v1_5 = PKCS1v15 +OAEP-MGF1 = EME1 +EME-OAEP = EME1 +X9.31 = EMSA2 +EMSA-PKCS1-v1_5 = EMSA3 +PSS-MGF1 = EMSA4 +EMSA-PSS = EMSA4 + +[oids] +ISO_MEMBER = 1.2 +US_BODY = ISO_MEMBER.840 +X500 = 2.5 + +RSA_DSI = US_BODY.113549 +ANSI_X957 = US_BODY.10040 +ANSI_X942 = US_BODY.10046 +NIST_ALGO = 2.16.840.1.101.3.4 +PKIX_USAGE = 1.3.6.1.5.5.7.3 +GNU_PROJECT = 1.3.6.1.4.1.11591 +OIW_ALGO = 1.3.14.3.2 +DN_ATTR = X500.4 +X509_KU = X500.29 + +PKCS = RSA_DSI.1 +PKCS1 = PKCS.1 +PKCS5 = PKCS.5 +PKCS7 = PKCS.7 +PKCS9 = PKCS.9 + +DES/CBC = OIW_ALGO.7 +TripleDES/CBC = RSA_DSI.3.7 +RC2/CBC = RSA_DSI.3.2 +CAST-128/CBC = US_BODY.113533.7.66.10 +AES-128/CBC = NIST_ALGO.1.2 +AES-192/CBC = NIST_ALGO.1.22 +AES-256/CBC = NIST_ALGO.1.42 + +MD5 = RSA_DSI.2.5 +SHA-160 = OIW_ALGO.26 +Tiger(24,3) = GNU_PROJECT.12.2 + +KeyWrap.TripleDES = PKCS9.16.3.6 +KeyWrap.RC2 = PKCS9.16.3.7 +KeyWrap.CAST-128 = US_BODY.113533.7.66.15 +KeyWrap.AES-128 = NIST_ALGO.1.5 +KeyWrap.AES-192 = NIST_ALGO.1.25 +KeyWrap.AES-256 = NIST_ALGO.1.45 + +Compression.Zlib = PKCS9.16.3.8 + +RSA = PKCS1.1 +RSA = X500.8.1.1 +DSA = ANSI_X957.4.1 +DH = ANSI_X942.2.1 + +DSA/EMSA1(SHA-160)/DER = ANSI_X957.4.3 +DSA/EMSA1(SHA-160) = ANSI_X957.4.3 +RSA/EMSA3(MD2) = PKCS1.2 +RSA/EMSA3(MD5) = PKCS1.4 +RSA/EMSA3(SHA-160) = PKCS1.5 +RSA/EMSA3(SHA-256) = PKCS1.11 +RSA/EMSA3(SHA-384) = PKCS1.12 +RSA/EMSA3(SHA-512) = PKCS1.13 +RSA/EMSA3(RIPEMD-160) = 1.3.36.3.3.1.2 + +PBE-PKCS5v15(MD2,DES/CBC) = PKCS5.1 +PBE-PKCS5v15(MD2,RC2/CBC) = PKCS5.4 +PBE-PKCS5v15(MD5,DES/CBC) = PKCS5.3 +PBE-PKCS5v15(MD5,RC2/CBC) = PKCS5.6 +PBE-PKCS5v15(SHA-160,DES/CBC) = PKCS5.10 +PBE-PKCS5v15(SHA-160,RC2/CBC) = PKCS5.11 +PBE-PKCS5v20 = PKCS5.13 +PKCS5.PBKDF2 = PKCS5.12 + +CMS.DataContent = PKCS7.1 +CMS.SignedData = PKCS7.2 +CMS.EnvelopedData = PKCS7.3 +CMS.DigestedData = PKCS7.5 +CMS.EncryptedData = PKCS7.6 +CMS.AuthenticatedData = PKCS9.16.1.2 +CMS.CompressedData = PKCS9.16.1.9 + +PKCS9.EmailAddress = PKCS9.1 +PKCS9.UnstructuredName = PKCS9.2 +PKCS9.ContentType = PKCS9.3 +PKCS9.MessageDigest = PKCS9.4 +PKCS9.ChallengePassword = PKCS9.7 +PKCS9.ExtensionRequest = PKCS9.14 + +X520.CommonName = DN_ATTR.3 +X520.Surname = DN_ATTR.4 +X520.SerialNumber = DN_ATTR.5 +X520.Country = DN_ATTR.6 +X520.Locality = DN_ATTR.7 +X520.State = DN_ATTR.8 +X520.Organization = DN_ATTR.10 +X520.OrganizationalUnit = DN_ATTR.11 +X520.Title = DN_ATTR.12 +X520.GivenName = DN_ATTR.42 +X520.Initials = DN_ATTR.43 +X520.GenerationalQualifier = DN_ATTR.44 +X520.DNQualifier = DN_ATTR.46 +X520.Pseudonym = DN_ATTR.65 + +X509v3.SubjectKeyIdentifier = X509_KU.14 +X509v3.KeyUsage = X509_KU.15 +X509v3.SubjectAlternativeName = X509_KU.17 +X509v3.IssuerAlternativeName = X509_KU.18 +X509v3.BasicConstraints = X509_KU.19 +X509v3.CRLNumber = X509_KU.20 +X509v3.ReasonCode = X509_KU.21 +X509v3.HoldInstructionCode = X509_KU.23 +X509v3.InvalidityDate = X509_KU.24 +X509v3.CertificatePolicies = X509_KU.32 +X509v3.AuthorityKeyIdentifier = X509_KU.35 +X509v3.PolicyConstraints = X509_KU.36 +X509v3.ExtendedKeyUsage = X509_KU.37 + +PKIX.ServerAuth = PKIX_USAGE.1 +PKIX.ClientAuth = PKIX_USAGE.2 +PKIX.CodeSigning = PKIX_USAGE.3 +PKIX.EmailProtection = PKIX_USAGE.4 +PKIX.IPsecEndSystem = PKIX_USAGE.5 +PKIX.IPsecTunnel = PKIX_USAGE.6 +PKIX.IPsecUser = PKIX_USAGE.7 +PKIX.TimeStamping = PKIX_USAGE.8 |