Introduction

SafeNet ProtectToolkit-C is a cryptographic service provider using the PKCS #11 application programming interface (API) standard, as specified by RSA Labs. It includes a lightweight, proprietary Java API to access these PKCS #11 functions from Java.

The PKCS #11 API, also known as Cryptoki, includes a suite of cryptographic services for encryption, decryption, signature generation, signature verification, and permanent key storage. The software found on the installation DVD is compliant with PKCS #11 v. 2.20. The latest versions of the client software and HSM firmware can be found on the Thales Technical Support Customer Portal. See Support Contacts for more information.

To provide the highest level of security, SafeNet ProtectToolkit-C interfaces with SafeNet access provider software and the SafeNet range of hardware security modules (HSMs):

>SafeNet ProtectServer Network HSM

>SafeNet ProtectServer PCIe HSM

HSMs include high-speed DES and RSA hardware acceleration, as well as generic security processing. Secure, persistent, tamper-resistant CMOS key storage is included. Multiple adapters may be used in a single host computer to improve throughput or to provide redundancy. HSMs may be installed locally, on the same host system as SafeNet ProtectToolkit-C or they may be located remotely across a network.

Two product packages are available:

>Runtime for operational use

>Software Development Kit (SDK) for developer use

With SafeNet ProtectToolkit-C SDK installed, the API may operate in Software-Only mode for testing and development. In this mode, access to an HSM is not required.

Who Should Read This Manual?

This manual is intended for the SafeNet ProtectToolkit-C Administrator, responsible for installation, configuration, security policy and number of applications (or users) of SafeNet ProtectToolkit-C. This configuration of SafeNet ProtectToolkit-C will determine the functionality and services available to the SafeNet ProtectToolkit-C applications. The Administrator is strongly encouraged to read this manual thoroughly before attempting any operations.

The manual also provides information on the structure and features of SafeNet ProtectToolkit-C, and therefore serves as a valuable reference for any user.

This manual also provides configuration details for some standard PKCS #11 applications compatible with SafeNet ProtectToolkit-C.

Further Documentation

SafeNet Manuals

In addition to this Administration Guide, the following manuals contain relevant information. They are referenced in this manual when applicable.

Hardware

>SafeNet ProtectServer PCIe HSM Installation Guide

>SafeNet ProtectServer Network HSM Installation Guide

Software

>SafeNet HSM Access Provider Installation Guide

>SafeNet ProtectToolkit-C Programming Guide

SafeNet Application Integration Guides

A number of integration guides are available, outlining the use of SafeNet products with third-party applications. For more information, contact your SafeNet representative (see Support Contacts).

Utility Normal Mode vs. Work Load Distribution and HA Mode

In this document, any references to the name of a utility without any further qualification refer to the utility operating in NORMAL mode. Any references to the name of a utility with the qualification (WLD/HA) refer to the utility operating in Work Load Distribution and High Availability Mode.

For example ctkmu refers to the CTKMU utility operating in NORMAL mode, while, ctkmu (WLD) refers to the CTKMU utility operating in WLD mode. Refer to section Operation in WLD Mode for details.