6.15. Using Different Applets for Different SCP Versions
In Certificate System, the following parameter in the
/var/lib/instance_name/tps/conf/CS.cfg
file specifies which applet should be loaded for all Secure Channel Protocol (SCP) versions for each token operation:
op.operation.token_type.update.applet.requiredVersion=version
However, you can also set individual applets for specific SCP versions, by adding the following parameter:
op.operation.token_type.update.applet.requiredVersion.prot.protocol_version=version
Certificate System supports setting individual protocol versions for the following operations:
format
enroll
pinReset
Example 6.3. Setting Protocol Versions for Enrollment Operations
To configure a specific applet for SCP03 and a different applet for all other protocols when performing enrollment operations for the
userKey
token:
- Edit the
/var/lib/instance_name/tps/conf/CS.cfg
file:- Set the
op.enroll.userKey.update.applet.requiredVersion
parameter to specify the applet used by default. For example:op.enroll.userKey.update.applet.requiredVersion=1.4.58768072
- Set the
op.enroll.userKey.update.applet.requiredVersion.prot.3
parameter to configure the applet Certificate System uses for the SCP03 protocol. For example:op.enroll.userKey.update.applet.requiredVersion.prot.3=1.5.558cdcff
- Restart Certificate System:
systemctl restart pki-tomcatd@instance_name.service
For details about enabling SCP03 for Giesecke & Devrient (G&D) Smart Cafe 6 smart cards in a TKS, see Section 6.12, “Setting Up New Key Sets”.