Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

HashiCorp Vault

Installing and Configuring the SafeNet ProtectApp PKCS#11 Provider

search

Installing and Configuring the SafeNet ProtectApp PKCS#11 Provider

This section covers the following:

Installing the SafeNet ProtectApp PKCS#11 Provider

Perform the following steps to install the SafeNet ProtectApp PKCS#11 Provider.

  1. Unzip the SafeNet ProtectApp PKCS#11 installer.

    For example:

    tar -xzf <source_directory/tar_file_name> -C <destination_directory>

  2. Create the /opt/hashi/<ARCH>/hsm/safenet/<VERSION> directory. The HashiCorp Vault user must have appropriate access permissions on /opt/.

    Note

    <ARCH> is the system architecture (either 32 or 64), and <VERSION> is the software version number (for example, 8.3.2). This point onward, in this document, <ARCH> is used as 64 and <VERSION> as 8.3.2. If the system architecture and version are different, adjust these values accordingly.

  3. Copy the library file libIngPKCS11.so-8.3.2.000 from the extracted /root/Ingrian_pkcs11-8.3.2.000/lib directory to /opt/hashi/64/hsm/safenet/8.3.2.

    For example:

    cp libIngPKCS11.so-8.3.2.000 /opt/hashi/64/hsm/safenet/8.3.2

    Note

    The receiving directory is a fixed location. HashiCorp Vault searches for this directory. It cannot be changed. Changing the directory name results in a "cannot find PKCS11 library" error.

  4. Copy the IngrianNAE.properties file from extracted /root/Ingrian_pkcs11-8.3.2.000 directory to /opt/hashi/64/hsm/safenet/8.3.2.

    For example:

    cp IngrianNAE.properties /opt/hashi/64/hsm/safenet/8.3.2

  5. Rename libIngPKCS11.so-8.3.2.000 as libIngPKCS11.so.

    For example:

    mv libIngPKCS11.so-8.3.2.000 libIngPKCS11.so

  6. Export the following environment variables.

    export SFNT_HSMAPI_BASE=/opt/hashi/64/hsm/safenet/8.3.2
export NAE_Properties_Conf_Filename=$SFNT_HSMAPI_BASE/IngrianNAE.properties
export IngrianNAE_Properties_Conf_Slot_ID_Max=100
export IngrianNAE_Properties_Conf_SessionID_Max=100
export AES_GCM_TAG_LEN=6

Configuring the SafeNet ProtectApp PKCS#11 Provider

The basic configuration parameters that are required to be changed are:

  • NAE_IP‌

  • NAE_Port

  • Protocol

  • CA_File

  • Cert_File

  • Key_File

  • Log_Level

  • Log_File

You can further configure the SafeNet ProtectApp PKCS#11 Provider to meet the requirements of your environment. Refer to Configuring the Properties File for more details.

On this page