Changing the Cryptoki Provider

This section applies to the SDK package only.

Different SafeNet ProtectToolkit-C Cryptoki provider files are required if an HSM is present (PCI or network mode) or not (software-only mode).

Both Cryptoki provider files are installed with the SDK package. On Windows systems, the user is prompted during installation to choose which is made active. On Unix/Linux systems, the software-only Cryptoki provider is made active by default.

CAUTION!   Software-only mode is not secure, as cryptographic material is stored on the host system and not a SafeNet ProtectServer HSM. See Changing the Cryptoki provider for information on changing the operating mode on Unix/Linux systems.

This section provides instructions for changing the Cryptoki provider on Windows systems.

Set Mode

The executable binary file setmode allows the user to toggle between software emulator and hardware modes.

To change the active Cryptoki provider

1.Execute setmode from the command line or open the SetMode.cmd file in the SafeNet install directory (default path: C:\Program Files\SafeNet\Protect Toolkit 5\Protect Toolkit C SDK\bin\SetMode.cmd).

NOTE   This tool edits the Windows registry, so you must have Administrator privileges on the client machine or an Unauthorized Access error will be returned. If you receive this error, open the command prompt or SetMode.cmd file by right-clicking and selecting Run as Administrator.

The Select Cryptoki Provider dialog appears.

2.Select your desired operating mode and click Next to complete the operation.


Customer Support Portal

SafeNet ProtectToolkit 5.7 Product Documentation  08 January 2020  Copyright 2009-2020 Gemalto. All rights reserved.