# Botan configuration (v1.4.2) # This config, as shipped, matches the library defaults, but is much easier to # tweak than recompiling everything. You can use it as a base for your own # configurations. Read section 10.4 "Configuration Files" in the API doc for # more information. [base] memory_chunk = 32*1024 # size of the chunk of memory allocated at once default_pbe = PBE-PKCS5v20(SHA-1,TripleDES/CBC) pkcs8_tries = 3 [pk] blinder_size = 64 test/public = basic test/private = basic test/private_gen = all [pem] search = 4*1024 forgive = 8 width = 64 [rng] # LibraryInitializer will try to acquire at least this many bits of entropy min_entropy = 384 es_files = /dev/urandom:/dev/random # path for random devices egd_path = /var/run/egd-pool:/dev/egd-pool # path to search for an EGD socket ms_capi_prov_type = INTEL_SEC:RSA_FULL # prefered MS CryptoAPI providers unix_path = /usr/ucb:/usr/etc:/etc [x509] validity_slack = 24h # how much wiggle room is given when checking validity v1_assume_ca = false # should v1/v2 certificates be considered CA certs? cache_verify_results = 30m # how long to cache verification results [x509/ca] allow_ca = false # should PKCS #10 requests be able to ask to be a CA? # should basic_constraints be included in all certs, including end-user? basic_constraints = always default_expire = 1y # default expire time for new certs signing_offset = 30s # offset the PKCS #10 validity times by this amount rsa_hash = SHA-1 # what hash to use when using RSA to sign new certs str_type = latin1 # default string encoding (latin1 or utf8) [x509/crl] # can be 'ignore' or 'throw': ignore matches X.509-2000 behavior, throw is PKIX unknown_critical = ignore # When generating a new CRL, this is the default next update time. Can also be # set in the call to X509_CA::update_crl/X509_CA::new_crl as the last arg next_update = 7d [x509/exts] # Each of these can be one of: # - critical: Extension is marked as critical, if we have the info for it # - yes or noncritical: Extension is included if needed, but not critical # - no: Extension is not included, even if the information is available basic_constraints = critical subject_key_id = yes authority_key_id = yes subject_alternative_name = yes issuer_alternative_name = yes key_usage = critical extended_key_usage = yes crl_number = yes [aliases] Rijndael = AES 3DES = TripleDES DES-EDE = TripleDES CAST5 = CAST-128 3-Way = ThreeWay SHARK = SHARK-E SEAL = SEAL-3.0-BE SHA1 = SHA-160 SHA-1 = SHA-160 # Don't change or remove this MARK-4 = ARC4(256) OpenPGP.Cipher.1 = IDEA OpenPGP.Cipher.2 = TripleDES OpenPGP.Cipher.3 = CAST-128 OpenPGP.Cipher.4 = Blowfish OpenPGP.Cipher.5 = SAFER-SK(13) OpenPGP.Cipher.7 = AES-128 OpenPGP.Cipher.8 = AES-192 OpenPGP.Cipher.9 = AES-256 OpenPGP.Cipher.10 = Twofish OpenPGP.Digest.1 = MD5 OpenPGP.Digest.2 = SHA-1 OpenPGP.Digest.3 = RIPEMD-160 OpenPGP.Digest.5 = MD2 OpenPGP.Digest.6 = Tiger(24,3) OpenPGP.Digest.7 = HAVAL(20,5) OpenPGP.Digest.8 = SHA-256 TLS.Digest.0 = Parallel(MD5,SHA-1) EME-PKCS1-v1_5 = PKCS1v15 OAEP-MGF1 = EME1 EME-OAEP = EME1 X9.31 = EMSA2 EMSA-PKCS1-v1_5 = EMSA3 PSS-MGF1 = EMSA4 EMSA-PSS = EMSA4 [oids] ISO_MEMBER = 1.2 US_BODY = ISO_MEMBER.840 X500 = 2.5 RSA_DSI = US_BODY.113549 ANSI_X957 = US_BODY.10040 ANSI_X942 = US_BODY.10046 NIST_ALGO = 2.16.840.1.101.3.4 PKIX_USAGE = 1.3.6.1.5.5.7.3 GNU_PROJECT = 1.3.6.1.4.1.11591 OIW_ALGO = 1.3.14.3.2 DN_ATTR = X500.4 X509_KU = X500.29 PKCS = RSA_DSI.1 PKCS1 = PKCS.1 PKCS5 = PKCS.5 PKCS7 = PKCS.7 PKCS9 = PKCS.9 DES/CBC = OIW_ALGO.7 TripleDES/CBC = RSA_DSI.3.7 RC2/CBC = RSA_DSI.3.2 CAST-128/CBC = US_BODY.113533.7.66.10 AES-128/CBC = NIST_ALGO.1.2 AES-192/CBC = NIST_ALGO.1.22 AES-256/CBC = NIST_ALGO.1.42 MD5 = RSA_DSI.2.5 SHA-160 = OIW_ALGO.26 Tiger(24,3) = GNU_PROJECT.12.2 KeyWrap.TripleDES = PKCS9.16.3.6 KeyWrap.RC2 = PKCS9.16.3.7 KeyWrap.CAST-128 = US_BODY.113533.7.66.15 KeyWrap.AES-128 = NIST_ALGO.1.5 KeyWrap.AES-192 = NIST_ALGO.1.25 KeyWrap.AES-256 = NIST_ALGO.1.45 Compression.Zlib = PKCS9.16.3.8 RSA = PKCS1.1 RSA = X500.8.1.1 DSA = ANSI_X957.4.1 DH = ANSI_X942.2.1 DSA/EMSA1(SHA-160)/DER = ANSI_X957.4.3 DSA/EMSA1(SHA-160) = ANSI_X957.4.3 RSA/EMSA3(MD2) = PKCS1.2 RSA/EMSA3(MD5) = PKCS1.4 RSA/EMSA3(SHA-160) = PKCS1.5 RSA/EMSA3(SHA-256) = PKCS1.11 RSA/EMSA3(SHA-384) = PKCS1.12 RSA/EMSA3(SHA-512) = PKCS1.13 RSA/EMSA3(RIPEMD-160) = 1.3.36.3.3.1.2 PBE-PKCS5v15(MD2,DES/CBC) = PKCS5.1 PBE-PKCS5v15(MD2,RC2/CBC) = PKCS5.4 PBE-PKCS5v15(MD5,DES/CBC) = PKCS5.3 PBE-PKCS5v15(MD5,RC2/CBC) = PKCS5.6 PBE-PKCS5v15(SHA-160,DES/CBC) = PKCS5.10 PBE-PKCS5v15(SHA-160,RC2/CBC) = PKCS5.11 PBE-PKCS5v20 = PKCS5.13 PKCS5.PBKDF2 = PKCS5.12 CMS.DataContent = PKCS7.1 CMS.SignedData = PKCS7.2 CMS.EnvelopedData = PKCS7.3 CMS.DigestedData = PKCS7.5 CMS.EncryptedData = PKCS7.6 CMS.AuthenticatedData = PKCS9.16.1.2 CMS.CompressedData = PKCS9.16.1.9 PKCS9.EmailAddress = PKCS9.1 PKCS9.UnstructuredName = PKCS9.2 PKCS9.ContentType = PKCS9.3 PKCS9.MessageDigest = PKCS9.4 PKCS9.ChallengePassword = PKCS9.7 PKCS9.ExtensionRequest = PKCS9.14 X520.CommonName = DN_ATTR.3 X520.Surname = DN_ATTR.4 X520.SerialNumber = DN_ATTR.5 X520.Country = DN_ATTR.6 X520.Locality = DN_ATTR.7 X520.State = DN_ATTR.8 X520.Organization = DN_ATTR.10 X520.OrganizationalUnit = DN_ATTR.11 X520.Title = DN_ATTR.12 X520.GivenName = DN_ATTR.42 X520.Initials = DN_ATTR.43 X520.GenerationalQualifier = DN_ATTR.44 X520.DNQualifier = DN_ATTR.46 X520.Pseudonym = DN_ATTR.65 X509v3.SubjectKeyIdentifier = X509_KU.14 X509v3.KeyUsage = X509_KU.15 X509v3.SubjectAlternativeName = X509_KU.17 X509v3.IssuerAlternativeName = X509_KU.18 X509v3.BasicConstraints = X509_KU.19 X509v3.CRLNumber = X509_KU.20 X509v3.ReasonCode = X509_KU.21 X509v3.HoldInstructionCode = X509_KU.23 X509v3.InvalidityDate = X509_KU.24 X509v3.CertificatePolicies = X509_KU.32 X509v3.AuthorityKeyIdentifier = X509_KU.35 X509v3.PolicyConstraints = X509_KU.36 X509v3.ExtendedKeyUsage = X509_KU.37 PKIX.ServerAuth = PKIX_USAGE.1 PKIX.ClientAuth = PKIX_USAGE.2 PKIX.CodeSigning = PKIX_USAGE.3 PKIX.EmailProtection = PKIX_USAGE.4 PKIX.IPsecEndSystem = PKIX_USAGE.5 PKIX.IPsecTunnel = PKIX_USAGE.6 PKIX.IPsecUser = PKIX_USAGE.7 PKIX.TimeStamping = PKIX_USAGE.8