3 SafeNet Luna HSM Client Software Installation
• Put LunaAPI.dll in an arbitrary folder and add that folder to the system path. Java 7 or Java 8 will search the
system path for LunaAPI.dll.
• Put LunaAPI.dll in the <java_install_dir>/bin folder.
Alternatively, at the command line, specify: "%JAVA_HOME%/jre/bin/java" -
Djava.library.path="C:\path\to\lunaapi.dll" -jar jMultitoken.jar
For additional Java-related information,see "Java Interfaces" on page 1 in the SDK Reference Guide.
JSP Static Registration
You would choose static registration of providers if you want all applications to default to the SafeNet provider.
Once your client has externally logged in using salogin (see "SAlogin"on page 1 in the Utilities Reference Guide) or
your own HSM-aware utility, any application is able to use the SafeNet product without being designed to login to the
HSM Partition.
Edit the java.security file located in the \jre\lib\security directory of your Java SDK/JRE 1.7.x or 1.8.x installation to
read as follows:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=com.safenetinc.luna.provider.LunaProvider
security.provider.4=com.sun.rsajca.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
You can set our provider in first position for efficiency if SafeNet Luna HSM operations are your primary mode.
However, if your application needs to perform operations not supported by the LunaProvider (secure random generation
or random publickey verification, for example) then it would receive error messages from the HSM and would need to
handle those gracefully before resorting to providers further down the list. We have found that having our provider in
third position works well for most applications.
The modifications in the "java.security" file are global, and they might result in the breaking of another application that
uses the default KeyPairGenerator without logging into the SafeNet Luna Network HSM first. This consideration might
argue for using dynamic registration, instead.
JSP Dynamic Registration
For your situation, you may prefer to employ dynamic registration of Providers, in order to avoid possible negative
impacts on other applications running on the same machine. As well, the use of dynamic registration allows you to keep
installation as straightforward as possible for your customers.
Compatibility
We formally test SafeNet Luna HSMs and our Java provider with Oracle JDK for all platforms except AIX, and with IBM
JDK for the AIX platform. The SafeNet JCE provider is compliant with the JCE specification, and should work with any
JVM that implements the Java language specification.
Occasional problems have been encountered with respect to IBM JSSE.
GNU JDK shipped with most Linux systems has historically been incomplete and not suitable.
SafeNet Luna Network HSM Installation Guide
Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 GemaltoAll rights reserved.
45
To Next Page
Loading...
Need help?
General