To use PKI, you must specify a PKCS#11 module for your PKI device. To do this, perform the following steps:
Open a configuration file depending on your platform:
Microsoft Windows: C:\ProgramData\NetIQ\Device Service\config.properties.
Linux: /opt/NetIQ/Device Service/config.properties.
Apple Mac OS X: /Library/LaunchDaemons/NetIQ/Device Service/config.properties.
Remove the hash sign(#) before vendorModule to remove any comments from the parameter.
Specify a path to a PKCS#11 module.
Microsoft Windows:
for eToken PRO: vendorModule=eToken.dll.
for ruToken: vendorModule=rtPKCS11.dll.
Linux:
for eToken PRO: vendorModule=/usr/lib/libeTPkcs11.so.
Mac OS X:
for eToken PRO: vendorModule=libeTPkcs11.dylib
You can find a list of the known PKI modules from the link.
Specify the optional parameters (if required):
Hash method
hashMethod=SHA256
The default value is SHA256 and you can specify this value, if a parameter is not presented. The following methods are also supported: SHA224, SHA384, SHA512, RIPEMD160. To set the methods, ensure that the PKCS#11 module supports the required hash method.
Padding
padding=PKCS#1
The default value is PKCS#1 and you can specify this value, if a parameter is not presented.The following options are also supported: PSS, OAEP.
Key size
modulusBits=2048
The default value is 2048 bit. For example, eToken PRO 32k does not support it and you need to set 1024 to use it.
Blocking mode
blockingMode=True
The default value is True. OpenSC does not support the 'waiting for card' mechanism completely and it requires to change the option to False. Most of the vendors should work fine with the default mode.
Save the changes.
Restart the workstation.