|
Home > |
Utilities Reference Guide > CKlog
|
|---|
SafeNet Software Development Kit can record all interactions between an application and our PKCS#11-compliant library, allowing a developer to debug an application by viewing what the library receives.
The tool is the Cryptoki Logging Facility or cklog. In function, cklog is a library that displaces our PKCS#11 library. When it receives a call it does not service the request but, instead, logs the call to a file and passes the request to the originally intended library.
For cklog to function properly, perform these two steps:
1.Direct the application to use the cklog library instead of the regular Chrystoki library.
2.Instruct the cklog library where to access the regular library.
Achieve the first step by modifying the configuration files to instruct CkBridge to load the Cklog library. This redirection is described in the next sub-section. The second step involves different blocks in the configuration file.
Here are descriptions of entries that might be applicable:
•LibNT - references to a Cryptoki library for Windows 2008 and Windows 2012.
•LibUNIX - references to a Cryptoki library for UNIX (meaning Solaris, Linus and AIX).
•LibHPUX - references to a Cryptoki library specific to HP-UX.
•Enabled - 0 or 1. Allows turning the logging facility off or on.
•File - references the file to which the requests should be logged.
•Error - references a file where the logging facility can record fatal errors.
•NewFormat - 0 or 1 disables/enables a more compact output format, which is the format preferred by SafeNet Customer Support.
The following example shows a typical initialization file under Windows where cklog is in use:
[Chrystoki2]
LibNT=c:\Program Files\SafeNet\LunaClient\cklog201.dll
[CkLog2]
LibNT=c:\Program Files\SafeNet\LunaClient\cryptoki.dll
Enabled=1
File=c:\Program Files\SafeNet\LunaClient\cklog2.txt
Error=c:\Program Files\SafeNet\LunaClient\error2.txt
NewFormat=1
LoggingMask=ALL_FUNC
The following example shows a typical configuration file under UNIX where cklog is in use:
Chrystoki2 = {LibUNIX=/usr/lib/libcklog2.so;
}
CkLog2 = {LibUNIX=/usr/lib/libCryptoki2.so;
Enabled=1;
File=/tmp/cklog.txt;
Error=/tmp/error.txt;
NewFormat=1;
LoggingMask=ALL_FUNC;
}
When logging is turned on, all functions are logged, by default. If you wish to restrict logging to particular functions of interest only, you can edit the “LoggingMask=” parameter in the crystoki.ini [Windows] or Chrystoki.conf [UNIX] file to include flags for the desired logging.
Here is the list of possible flags for cklog:
| Flag | Description |
|---|---|
|
GEN_FUNCS |
General Functions |
|
SLOT_TOKEN_FUNC |
Slot/Token related functions |
|
SESSION_FUNC |
Session related functions |
|
OBJ_MNGMNT_FUNC |
Object Management functions |
|
ENC_DEC_FUNC |
Encrypt/Decrypt related functions |
|
DIGEST_FUNC |
Digest Related functions |
|
SIGN_VERIFY_FUNC |
Signing/Verifying related functions |
|
KEY_MNGMNT_FUNC |
Key Management related functions |
|
MISC_FUNC |
Misc functions |
|
CHRYSALIS_FUNC |
SafeNet Extensions functions |
|
ALL_FUNC |
All functions logged; |
You can mix and match any or all of the flags, using the “|” operator. For example, the following:
LoggingMask=GEN_FUNC | SLOT_TOKEN_FUNC | ENC_DEC_FUNC | SIGN_VERIFY_FUNC;
would be valid.
Note: You can use the flags in any order. Using the ALL_FUNC flag overrides any other flag.
If you have the “LoggingMask=” parameter, with NO flags set,
then nothing is logged. If logging capability is enabled (cklog), but
there is no “LoggingMask=” line, then default behavior prevails and everything
is logged.