Configure CSP and PKCS#11 in Personal Desktop Client

This article describes how to configure the cryptographic functions CSP and PKCS#11 in Nexus Personal Desktop Client. Read more here: Cryptographic functions in Personal Desktop Client.

CSP only applies to the Windows platform.

In the configuration file personal.cfg (on Windows and Linux) and se.nexus.personal.cfg (on Mac), there is a section named CSP_PKCS11 holding settings related to PKCS#11 and CSP.

In that section of the configuration file, there is a parameter named Sections defining which applications are using specific settings. If there is more than one application, they are separated by semicolons. CSP is using the config API to get settings from the configuration file. The config API works according to the following principles:

1. Get the process name and check if it is one of the applications specified by parameter Sections.

2. When the name is specified by Sections and there is a key defined for that process, use that key. If a key is missing use the value in [CSP_PKCS11] containing the global settings.

3. If the specified config parameter is neither in the process specific section nor in the global section,the application will behave according to the default settings compiled into CSP and PKCS#11.

When CSP and PKCS#11 are loaded by an application, the config file is automatically updated with a section for the calling application if that section does not already exists. This means that if, for example, the program CTest (CTest.exe) is loading PKCS#11, the first time, the config file will be updated. CTest.exe is added to the parameter Sections and a new section [cstest.exe] is created for CTest

This example shows a typical excerpt from a config file:

[CSP_PKCS11]
CSP_DefaultKeyContainer=\\.\Card Reader X 0\
CSP_IgnoreFlagSilent=0
P11_AlwaysLoggedInMode=0
Sections=app1.exe;app2.exe
[app1.exe]
CSP_EnableFlagNoHashOid=0
CSP_IgnoreFlagSilent=1
[app2.exe]
P11_AlwaysLoggedInMode=1
CSP_DefaultKeyContainer=\\.\Card Reader 2 0\