Getting started
Refer to the sections below to get started with the integration.
Supported configurations
Note
OpenSSL is included in the GemEngine toolkit that can be acquired from the Thales Customer Support Portal.
Thales has tested integration with OpenSSL 1.0.2k-fips/GemEngine 1.5 using the configurations shown in the table below.
| Operating system | PTK version | PS3 HSM hardware | PS3 HSM firmware |
|---|---|---|---|
| CentOS 7 | 7.2.0 | PCIe3, PSE3, PSE3+ | 7.02.00 |
Setting up your environment for the integration
Before beginning the integration, you must set up your environment for the integration.
To set up your environment for the integration
-
Install one of the supported operating systems on the client machine. Refer to Supported configurations for more information.
-
Set up, initialize, provision, and prepare a ProtectServer 3 HSM for deployment. Refer to ProtectServer 3 HSM and ProtectToolkit 7 installation and configuration for more information.
-
Install the ProtectToolkit-C Runtime package on the client machine. Refer to ProtectToolkit 7 software installation for more information.
-
Configure the ProtectServer 3 HSM for the integration.
-
Create a slot on the HSM that will be used by OpenSSL. Refer to Adding and removing slots for more information.
-
Verify that the the HSM is successfully configured by running hsmstate.
[root@localhost ~]# hsmstate HSM device 0: HSM in NORMAL MODE. RESPONDING. Usage Level=0% [root@localhost ~]# ctkmu l ProtectToolkit C Key Management Utility 7.2.0 Copyright (c) Safenet, Inc. 2009-2022 Cryptoki Version = 2.20 Manufacturer = Safenet, Inc. Test (Slot 0) AdminToken (524128) (Slot 1) [root@localhost ~]#
-
-
Familiarize yourself with OpenSSL. For more information about this library, refer to the OpenSSL Documentation.
-
Acquire the GemEngine toolkit from Thales Customer Support.
-
Extract the GemEngine toolkit to the opt directory.
tar -xvf 610-012987-005_SW_OPENSSL_TOOLKIT_GemEngine_v1.5_RevA.tar -C /opt
