Introduction
ProtectToolkit-C is a cryptographic service provider using the PKCS #11 application programming interface (API) standard, as specified by RSA Labs. It includes a lightweight, proprietary Java API to access these PKCS #11 functions from Java.
The PKCS #11 API, also known as Cryptoki, includes a suite of cryptographic services for encryption, decryption, signature generation, signature verification, and permanent key storage. The software found on the installation DVD is compliant with PKCS #11 v. 2.20. The latest versions of the client software and HSM firmware can be found on the Thales Technical Support Customer Portal. See Support Contacts for more information.
To provide the highest level of security, ProtectToolkit-C interfaces with SafeNet access provider software and the SafeNet range of hardware security modules (HSMs):
>ProtectServer Network HSM
>ProtectServer PCIe HSM
HSMs include high-speed DES and RSA hardware acceleration, as well as generic security processing. Secure, persistent, tamper-resistant CMOS key storage is included. Multiple adapters may be used in a single host computer to improve throughput or to provide redundancy. HSMs may be installed locally, on the same host system as ProtectToolkit-C or they may be located remotely across a network.
Two product packages are available:
>Runtime for operational use
>Software Development Kit (SDK) for developer use
With ProtectToolkit-C SDK installed, the API may operate in Software-Only mode for testing and development. In this mode, access to an HSM is not required.
Who Should Read This Manual?
This manual is intended for the ProtectToolkit-C Administrator, responsible for installation, configuration, security policy and number of applications (or users) of ProtectToolkit-C. This configuration of ProtectToolkit-C will determine the functionality and services available to the ProtectToolkit-C applications. The Administrator is strongly encouraged to read this manual thoroughly before attempting any operations.
The manual also provides information on the structure and features of ProtectToolkit-C, and therefore serves as a valuable reference for any user.
This manual also provides configuration details for some standard PKCS #11 applications compatible with ProtectToolkit-C.
Further Documentation
SafeNet Manuals
In addition to this Administration Guide, the following manuals contain relevant information. They are referenced in this manual when applicable.
>About the ProtectServer HSM and ProtectToolkit Installation Guide
>
SafeNet Application Integration Guides
A number of integration guides are available, outlining the use of SafeNet products with third-party applications. For more information, contact your Thales representative (see Support Contacts).
Utility Normal Mode vs. Work Load Distribution and HA Mode
In this document, any references to the name of a utility without any further qualification refer to the utility operating in NORMAL mode. Any references to the name of a utility with the qualification (WLD/HA) refer to the utility operating in Work Load Distribution and High Availability Mode.
For example ctkmu refers to the ctkmu utility operating in NORMAL mode, while, ctkmu (WLD) refers to the ctkmu utility operating in WLD mode. Refer to section Operation in WLD Mode for details.