“smartcardid”

Unique minidriver-based token identifier. This parameter is used to identify the token in case of a profile-less operation.

"profileid"

Identifies the profile within the Smart Id Desktop App, on which the operation is executed. (If the values for "smartcardid" and "profileid" identified with the profile are different, the value for "smartcardid" should be used.)

“nonce”

This value is generated by Smart ID Desktop App and sent to the server to be encrypted by adminkey, and returned using the Epin command as proof of adminkey possession. 

“encryptednonce”

Encrypted nonce that was sent in Spin command to Hermod.

“smartcardid”

If the intended profile has it’s smartcardid different from profileid, you need to use smartcardid to identify it.

"desktopKeyProtectionLevel"

• "NONE" means there is no confirmation action required to use the key.

• "CONSENT" means you get a dialogue from Windows asking for simple confirmation.

• "PASSWORD" means you need to enter it once you session to use it.

These options are only supported for software keys.

“deviceinfo”:”true”/”false”

If true, the response will contain a set named deviceinfo with the following content:

• “operatingsystem” - version of Windows 10

• “name” - computer name

• “model” - version of Smart ID Desktop App

“profileinfo”:”true”/”false”

If true, the response will contain an array with each set having the following content:

• "guid" - a unique card identifier (a 16 byte random number tied to the given smartcard/token)

• "name" - profile human readable name

• "issuer" - issuer name

• “pid” - profile id

• “activated” - date of profile activation

• “certificates” - comma separated list of cert hashes

“profileid”

Used if you want to receive profileinfo. Use a specific profileid to gather all profiles associated with it in a given installation.

“vscinfo”:”smartcardid”

“vscinfo”:”adminkey”

“vscinfo”:”oldadminkey”

“desktopExtensions”:”singleprofile”

If set to true, provisioning is only allowed if there is no other profile created on the machine.

“desktopExtensions”:”deletedisabled”

If set to true, the profile cannot be deleted locally and the only way to delete it is via remote delete command.

“desktopExtensions”:”deleteafterimport”

This option is designed to support a specific use case of Yubico Yubikey provisioning in Windows kiosk mode, but may be useful elsewhere. Default it is set to false.

If set to true, the certificates from the cert store are deleted and the profile itself is deleted from Smart ID Desktop App, upon successful conclusion of the ImportCertificate process. Note that reinserting a Yubico Yubikey token imports the certificates to the cert store, as the token also stores these certificates and shares this property with most physical smart cards.

For information about importing certificates, see Import PKCS#12 file into Smart ID Desktop App. You can set Yubikey as Target for P12 import, see Advanced settings in Smart ID Desktop App.

“desktopExtensions”:"disableactivatebutton"

If set to true, the Activate button is not shown and a process is executed directly.

“desktopExtensions”:"disablepinresetbutton"

If set to true, the Pin Reset button is not shown and a command is executed directly.

“desktopExtensions”:"congratsmessage"

Value: [message]. When this key is included, [message] is displayed upon successful provisioning and import cert is concluded instead of a default one.

“desktopExtensions”:”hybridprofile”

If the TPM does not accept a certain key to be imported via Smart ID Desktop App, the Hybrid Profile can be used. With the Hybrid Profile concept, one Virtual Smart Card (VSC) can store non-accepted keys in Microsoft keystore (soft store).

Storageprio defines the behavior of the Hybrid Profile, for example, storageprio 1=APP (or VSC), storageprio 2=OS will try VSC and fallback to OS if VSC fails.

If this desktopExtensions is set, a Hybrid Profile is created,

"desktopKeyProtectionLevel"

• "NONE" means there is no confirmation action required to use the key.

• "CONSENT" means you get a dialogue from Windows asking for simple confirmation.

• "PASSWORD" means you need to enter it once you session to use it.

These options are only supported for software keys.

“storageprios”

• "YUBI" - means that Smart ID Desktop App shall store keys on Yubico YubiKey token

• "OS" - means that Smart ID Desktop App shall store keys in the software (use software keys)

• "APP" or “VSC” - means that Smart ID Desktop App shall store keys on a virtual smartcard

"wipeyubi"

• If set to true - wipe Yubico YubiKey token and force a pin change. After wipe, the pin is set to 123456.

• If set to false - do not wipe Yubico YubiKey token and do not force pin change.

Default: true

"wipe"

Same as for "wipeyubi" but for smart cards. The card must support wiping (that is, deleting the contents of a card and returning it to “factory” setting). This is not mandatory and not all cards support it. It is set by the token manufacturer.

Default: false

"straight_csrs"

• If set to true - Slightly simpler provisioning structure, which results in one less pin entry during provisioning as the signature does not have to be created. 

• If set to false - The provisioning process takes slightly longer as each created key has to perform extra signing operation, which also requires pin entry.

Default: false

"profileid”

Must match with the smartcardid.

“vscinfo”:”oldadminkey“

Old adminkey to change from.

“vscinfo”:”adminkey“

Adminkey to change to.

“vscinfo”:”smartcardid”

The ID of the profile to be deleted.

"confirmed“:“true“/“false“

If true, Hermod deletes the associated mailbox upon receiving OK from this message