Home > |
---|
Cryptographic applications that are not specifically adapted to use an HSM Server can nevertheless be run using Luna SAs, with the aid of the salogin utility. This section provides the settings required for some widely-used applications.
An example of a situation where you might use salogin is where you wish to use a Luna HSM appliance with openssl, which can be used with HSMs, but which has no inherent ability to provide credentials to the HSM.
The salogin client-side utility is provided to assist clients that do not include the requisite HSM login and logout capability within the client application. Run the utility from a shell or command prompt, or include it in scripts.
The salogin utility has a single command, with several arguments, as follows:
>salogin -h
Luna Login Utility 1.0 Arguments:
o |
|
open application access |
c |
|
close application access |
i |
hi:lo |
application id; high and low component |
s |
slot |
token slot id number (default = 1) |
u |
|
specifies that login should be performed as the Crypto-User if no user type is supplied, the Crypto-Officer will be used |
p |
pswd |
challenge password - if not included, login will not be performed |
r | server IP | remote ped server ip |
v |
|
verbose |
h |
|
this help |
salogin -o -s 1 -i 1:1
# open a persistent application connection
# on slot 1 with app id 1:1
salogin -o -s 1 -i 1:1 -p HT7bHTHPRp/4/Cdb
# open a persistent application connection
# and login with Luna HSM challenge
salogin -c -s 1 -i 1:1
# close persistent application connection 1:1
# on slot 1
Note: The applications in the integrations documents
have been explicitly integrated by SafeNet, to work with your SafeNet HSM product. Contact your SafeNet representative.
If you are a developer, you might prefer to create or modify
your own application to include support for the HSM or appliance.
Refer to the Software Development Kit and the Extensions sections of this document set.
For java applications you could consider the KeyStore interface. It is internally consistent with the service provider interface defined by SUN/Oracle and does not require any proprietary code or applications.
If you are using an integration that does not refer to a KeyStore then the salogin method might be required. You are then limited to working with 1 partition. The type of HSM doesn’t matter, as long as it is Luna and visible by the client at the time that the library is initialized.