Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Administration

Quick Start

search

Please Note:

You are not viewing the most recent version of this page. 8.17.1 is the latest version available.

print

Quick Start

This article covers the steps involved in installing CADP for Java.

copy link to clipboardPrerequisites

This Quick Start deployment scenario assumes that:

  • Any of the supported Java versions must be installed.

  • A user must exist on the CipherTrust Manager. You can either use an existing user or create a new user by following the instructions mentioned here. Ensure the user has permission to create keys.

  • The encryption policy files for unlimited strength ciphers (US_export_policy.jar and local_policy.jar) should be downloaded. For Java 8, these files should be installed in the JRE_HOME/lib/security directory. For Java 10 and higher versions, the encryption policy files are not required to be installed separately.

    Note

    For Sun/Oracle or IBM Java, download the corresponding version of the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.

copy link to clipboardSteps to install CADP for Java

  1. Download the provider from our customer support site. The software adheres to the following naming convention:

    Product Name - Product Version - File Format

    CADP_for_JAVA_v8.13.1.000.zip

  2. Extract the file using any standard archive utility.

    Extracting the archive creates the following directory structure:

    For information on directory structure and its content, refer to Directory Structure

  3. Navigate to the directory where the CADP for Java is extracted.

  4. Navigate to the CADP_for_JAVA/lib/ext directory and run the following command to install CADP for Java.

    java -jar CADP_for_JAVA_Installer-8.13.1.000.jar

    The license agreement is displayed on the console.

  5. Press return/enter to continue or s to skip to the end.

  6. Enter Yes, If you agree to the license terms.

    The installer verifies the Java version.

  7. Specify the installation location for CADP for Java.

    • For Java 8, enter Yes to install CADP for Java in the default directory that is <JAVA_HOME>\lib\ext. Enter No to select a different location.

    • For Java 10 and higher versions, the installer will prompt for the installation directory.

    The installer displays the following properties that are required to connect to the Key Manager.

    • NAE_IP.1

    • NAE_Port

    • Log_File

  8. Enter Yes to update these properties. Enter No to continue with the existing values.

    The installation setup is complete; now, you need to perform Post Installation Steps. Navigate to the installation directory to view the files.

copy link to clipboardDirectory Structure

Here are the files that you need to be aware of.

FilenameDescription
commons-codec-1.15.jarApache Commons reusable Java components. Apache Commons Codec (TM) software provides implementations of common encoders and decoders such as Base64, Hex, and others.
commons-lang3-3.12.0.jarApache Commons reusable Java components. Lang provides methods for manipulation of core classes in the standard Java library, utilities for the java.lang API, and helps with building methods, such as hashCode, toString and equals.
commons-collections4-4.4.jarApache Commons reusable Java components. Extends or augments the Java Collections Framework.
gson-2.9.0.jarA Java library to convert JSON to Java objects and vice versa.
guava-31.1-jre.jarGuava is a suite of core and expanded libraries that include utility classes, Google's collections, I/O classes, and much more. This library is used for key caching.
failureaccess-1.0.1.jarContains com.google.common.
util.concurrent.internal.InternalFutureFailureAccess
and InternalFutures classes.
CADP_for_JAVA.propertiesCADP for Java’s configuration file.
CADP_for_JAVA-8.13.1.000.jarThe Java components of the CADP for Java (Ingrian) Provider. Required for all installations.
CADP_for_JAVA_Installer-8.13.1.000.jarAutomates the CADP for Java installation by placing the CADP for Java jar files at default Java path or user provided path and setting basic Key Manager configuration parameters such as IP, Port, and Log path.
cryptodatautility.jarCADP for Java utility used to decrypt a string without specifying the keyName and algorithm.
Passphrase.jarRequired for obfuscation of username and password, client cert and keystore password. openssl.conf
license.rtfCADP for Java license file.
NOTICE.txtCADP for Java’s open source notice.
log4j-core-2.17.2.jarThe Apache Log4j ImplementationLogging application.
log4j-api-2.17.2.jarProvides the interface that applications should code to and provides the adapter components required for implementers to create a logging implementation.
bcprov-jdk15to18-1.71.jarRequired for AES/GCM and SEED algorithms when symmetric cache is enabled.
bcpkix-jdk15on-1.70.jarBouncy castle jar required for format conversion of EC keys.
bcutil-jdk15on-1.70.jarBouncy Castle Java APIs required for ASN.1 extension and utility APIs to support bcpkix and bctls.
ecies.jarIt contains the required libraries for the ECIES support.
SafeNetVaultlessTokenization.propertiesContains the parameters used for tokenization. Required for all installations.
SafeNetVaultlessTokenization-8.10.0.000.jarContains the Java components required for tokenization. Required for all installations.
unicode.propertiesContains the parameters required to tokenize Unicode characters.
migration.propertiesContains the parameters used to set up the bulk migration feature.
detokenization.propertiesContains the parameters used to set up the bulk detokenization feature.

copy link to clipboardImportant Notes

  1. In case of Java 10, the java.se.ee module needs to be added as a JVM argument.

  2. For Java 11 and higher versions, download the following JAR files from a trusted source and add their paths in Tomcat's CLASSPATH:

    • jaxb-api-2.3.1.jar

    • jaxb-impl-2.3.1.jar

    • jaxb-core-2.3.0.1.jar

    • javax.activation-1.2.0.jar

  3. For Java 8, the following jar files are OSGI compliant:

    • ecies.jar

    • cryptodatautility.jar

    • CADP_for_JAVA-8.13.1.000.jar

    These jar files access some non-public APIs, user needs to enable the org.osgi.framework.bootdelegation=sun.,com.sun. property in the OSGI framework to provide access to these APIs.

  4. User can configure an external logger to capture logs instead of the default logging jar files log4j-core-2.17.2.jar and log4j-api-2.17.2.jar.

copy link to clipboardPost Installation Steps

Post installation steps ensures that application is ready and properly configured. Below are some steps which must be performed after the installation.

  1. Configure the CADP_for_JAVA.properties file. These properties determine how the CADP for Java Provider communicates with the Key Manager. You can configure these properties using the CADP_for_ JAVA.properties file or by setting individual properties in your application. Refer to Configuration Parameters for details.

  2. Import Ingrian package. The interface to the CADP for Java Provider requires only a few packages to perform cryptographic operations. Before your application can use the CADP for Java Provider, you have to import the Ingrian package that contains the JAVA–related class files. This is done in the first line of code below. This code must be present in all applications that use the CADP for Java Provider. This package is contained in the signed CADP for Java jar file (CADP_for_JAVA-8.13.1.000.jar). The next two lines import the other standard packages needed to perform crypto operations.

    import com.ingrian.security.nae.*;
import java.security.*;
import javax.crypto.*;

After completing these steps, based on your needs, you can go through any of these topics:

  • Tasks: Contains the list of tasks that can be performed by a CADP for Java developer.

  • Advance: Describes some concepts of CADP for Java.

  • Troubleshooting: Provide some tips to overcome issues that you might face while using CADP for Java.

On this page