D-TA Configuration

The configuration file for the Customer D-TA service resides in: installation-folder/config_dta.py

The table below lists alphabetically the available Customer D-TA configuration options. An option is considered required if its absence from the configuration file produces a system error.

Option Name Option Type Option Description
address Required IP address of the local interface on which the service is listening. A value of means listening on all interfaces. The default listening interface is
backup Optional When True, the Customer D-TA Master Key Share is saved to a non-volatile memory storage. Not saving the Master Key Share to a non-volatile storage provides better security but entails in re-setting the Master Key each time the D-TA is restarted resulting in revocation of all end-users' credentials (i.e. all users will have to register anew). The default setting is True.
backupFile Conditional, Required Path and name of the file to which the Master Secret is to be saved. Required if the backup option is set to False. The default is <installation-folder>/backup.json.
configFile Required Path and name of the D-TA config file. You can create as many configurations as you want, store each as a separate file, and use the configFile option to switch configurations as needed. The default path and filename is <installation-folder>/config_dta.py.
credentialsFile Required Path and name of the file storing the Milagro Server Credentials. The default is <installation-folder>/credentials.json.
encrypt_master_secret Conditional, Required When True, a backup of the Master Secret is saved in encrypted form. Required if the backup option is set to True.
EntropySources Optional Entropy source for the service together with the entropy size. The service needs 100 bytes of entropy for performing its authentication function. Entropy retrieval can optionally be distributed among several different sources. For each source there is plugin module with the same name as the source. Further entropy source plugins can be developed to accommodate other sources. The entropy plugins that are supported "out of the box"" are the following:

dev_random – reads from the local /dev/random device. It is a good source but might be slow especially on a virtual machine.

dev_urandom – reads from the local /dev/urandom device. This source is not as good as the local /dev/random device but still reliable enough, and doesn't suffer from performance issues.

MIRACL – reads from the MIRACL entropy server.

The following example configures distributed retrieval of 40 bytes of entropy from the MIRACL server and 60 bytes from the local /dev/random source: MIRACL:40,dev_urandom:60.

The default setting is dev_urandom:100.
logLevel Optional Level of detail for the messages logged to the service's log file. Increasing the level of detail might be necessary for the development/integration of the Relying Party Application (RPA). The valid settings (in increasing level of detail) are ERROR, WARN, INFO, DEBUG. The default is ERROR.
passphrase Conditional, Required A pre-set passphrase to the backup of the Master Secret if the Master Secret is to be backed up in encrypted form. The passphrase is used for generating the AES key for the Master Secret encryption. If not set (default), the Milagro System admin will be prompted to generate the passphrase when the encryption is attempted. Pre-setting the pass-phrase is not recommended for security reasons. Required if the encrypt_master_secret option is set to True.
port Required Port on which the service is listening. The default port is 8001.
salt Conditional, Required A pre-set salt value to be used for generating the AES key for the encryption of the Master Secret. The Milagro Core installation provides a randomly generated pre-set salt value, yet, for security reasons, it is strongly recommended to change that value with a randomly generated string of your own. Required if the encrypt_master_secret option is set to True.
syncTime Optional When True, the service syncs its time with the MIRACL servers; if syncronization fails, an attempt will be made each 5 seconds until success is achieved. When False (recommended), this time synchronization is disabled and the service will rely on the system time. The default is False. Time synchronization is needed to perform time-based verification. Consequently, if you disable the syncing of the service with the MIRACL servers, you should then be syncing your system with an NTP server to ensure that correct and precise system time is maintained.
timePeriod Conditional, Required Time interval (in ms) at which the service syncs with the MIRACL's time servers. Required if the syncTime option is enabled. The default setting is 86400000, which amounts to one synchronization a day.