Home >

Utilities Reference Guide > SAlogin

  
SAlogin

Cryptographic applications that are not specifically adapted to use an HSM Server can nevertheless be run using SafeNet Enterprise HSMs, with the aid of the salogin utility. This section provides the settings required for some widely-used applications.

An example of a situation where you might use salogin is where you wish to use a SafeNet HSM appliance with openssl, which can be used with HSMs, but which has no inherent ability to provide credentials to the HSM.

The salogin Command

The salogin client-side utility is provided to assist clients that do not include the requisite HSM login and logout capability within the client application. Run the utility from a shell or command prompt, or include it in scripts.

The salogin utility has a single command, with several arguments, as follows:

>salogin -h
Luna Login Utility 1.0 Arguments:

o

 

open application access

c

 

close application access

i

hi:lo

application id; high and low component

s

slot

token slot id number (default = 1)

u

 

specifies that login should be performed as the Crypto-User if no user type is supplied, the Crypto-Officer will be used

p

pswd

challenge password - if not included, login will not be performed

r server IP remote ped server ip

v

 

verbose

h

 

this help

Examples

salogin -o -s 1 -i 1:1 
# open a persistent application connection
# on slot 1 with app id 1:1
 
salogin -o -s 1 -i 1:1 -p HT7bHTHPRp/4/Cdb
# open a persistent application connection
# and login with Luna HSM challenge
 
salogin -c -s 1 -i 1:1 
# close persistent application connection 1:1
# on slot 1

Note:  The applications in the integrations documents have been explicitly integrated by SafeNet, to work with your SafeNet HSM product. Contact your SafeNet representative.  

If you are a developer, you might prefer to create or modify your own application to include support for the HSM or appliance. Refer to the Software Development Kit and the Extensions sections of this document set.

Other options

For java applications you could consider the KeyStore interface. It is internally consistent with the service provider interface defined by SUN/Oracle and does not require any proprietary code or applications.

If you are using an integration that does not refer to a KeyStore then the salogin method might be required. You are then limited to working with 1 partition. The type of HSM doesn’t matter, as long as it is SafeNet and visible by the client at the time that the library is initialized.