Home > |
---|
This section explains how to make the Chrystoki library available to the other components of the SafeNet Software Development Kit.
An application has no knowledge of which library is to be loaded nor does the application know the library's location. For these reasons, a special scheme must be employed to tell the application, while it is running, where to find the library. The next paragraphs describe how applications connect to Chrystoki.
All applications provided in SafeNet Network HSM Software Development Kit have been compiled with a component called CkBridge, which uses a configuration file to find the library it is intended to load. Ckbridge first uses the environment variable "ChrystokiConfigurationPath" to locate the corresponding configuration file. If this environment variable is not set, it attempts to locate the configuration file in a default location depending on the product platform (/etc on Unix, and c:\Program Files\SafeNet\LunaClient on Windows).
Configuration files differ from one platform to the next - refer to the appropriate sub-section for the operating system and syntax applicable to your development platform.
In Windows, an initialization file called crystoki.ini specifies which library is to be loaded. The syntax of this file is standard to Windows.
The following example shows proper configuration files for Windows:
[Chrystoki2]
LibNT=C:\Program Files\SafeNet\LunaClient\cryptoki.dll
[LunaSA Client]
SSLConfigFile=C:\Program Files\SafeNet\LunaClient\openssl.cnf
ReceiveTimeout=20000
NetClient=1
ServerCAFile=C:\Program Files\SafeNet\LunaClient\cert\server\CAFile.pem
ClientCertFile=C:\Program Files\SafeNet\LunaClient\cert\client\ClientNameCert.pem
ClientPrivKeyFile=C:\Program Files\SafeNet\LunaClient\cert\client\ClientNameKey.pem
[Luna]
DefaultTimeOut=500000
PEDTimeout1=100000
PEDTimeout2=200000
PEDTimeout3=10000
[CardReader]
RemoteCommand=1
CAUTION: NEVER insert TAB characters into the crystoki.ini (Windows) or chrystoki.conf (UNIX) file.
In UNIX, a configuration file called "Chrystoki.conf" is used to guide CkBridge in finding the appropriate library.
The configuration file is a regular text file with a special format. It is made up of a number of sections, each section containing one or multiple entries. The following example shows a typical UNIX configuration file:
Chrystoki2 = {
LibUNIX=/usr/lib/libCryptoki2.so;
}
Luna = {
DefaultTimeOut=500000;
PEDTimeout1=100000;
PEDTimeout2=200000;
PEDTimeout3=10000;
KeypairGenTimeOut=2700000;
CloningCommandTimeOut=300000;
}
CardReader = {
RemoteCommand=1;
}
LunaSA Client = {
NetClient = 1;
ServerCAFile = /usr/safenet/lunaclient/cert/server/CAFile.pem;
ClientCertFile = /usr/safenet/lunaclient/cert/client/ClientNameCert.pem;
ClientPrivKeyFile = /usr/safenet/lunaclient/cert/client/ClientNameKey.pem;
SSLConfigFile = /usr/safenet/lunaclient/bin/openssl.cnf;
ReceiveTimeout = 20000;
}
The shared object "libcrystoki2.so" is a library supporting version 2.2.0 of the PKCS#11 standard.
CAUTION: NEVER insert TAB characters into the chrystoki.ini (Windows) or crystoki.conf (UNIX) file.
Tools used for SafeNet development are platform specific tools/development environments, where applicable (e.g., Visual C++ on Windows 2008 and Windows 2012, or Workshop on Solaris, or aCC on HP-UX). Current version information is provided in the Customer Release Notes.
Note: Contact SafeNet for information about the availability of newer versions of compilers.
See the About the Utilities Reference Guide for information about individual tools and utilities, provided for use with SafeNet HSMs.