Introduction

This section provides an overview of ProtectToolkit-C, the relevant audience of this section of the documentation, and information about how utilities are referred to in the documentation.

ProtectToolkit-C overview

ProtectToolkit-C is a cryptographic service provider using the PKCS#11 application programming interface (API) standard, as specified by RSA Labs. It includes a lightweight, proprietary Java API to access these PKCS#11 functions from Java.

The PKCS#11 API, also known as Cryptoki, includes a suite of cryptographic services for encryption, decryption, signature generation, signature verification, and permanent key storage. The software found on the installation DVD is compliant with PKCS#11 v. 2.20. The latest versions of the client software and HSM firmware can be found on the Thales Technical Support Customer Portal. Refer to Support contacts for more information.

To provide the highest level of security, ProtectToolkit-C interfaces with SafeNet Access Provider software and the Thales range of hardware security modules (HSMs):

• ProtectServer 3 PCIe

• ProtectServer 3 External

• ProtectServer 3+ External

HSMs include high-speed DES and RSA hardware acceleration, as well as generic security processing. Secure, persistent, tamper-resistant CMOS key storage is included. Multiple adapters can be used in a single host computer to improve throughput or to provide redundancy. HSMs can be installed locally, on the same host system as ProtectToolkit-C or they may be located remotely across a network.

Two product packages are available:

• Runtime for operational use

• Software development kit (SDK) for developer use

With ProtectToolkit-C SDK installed, the API can operate in Software Emulation mode for testing and development. In this mode, access to an HSM is not required.

ProtectToolkit-C administration guide audience

This guide is intended for the ProtectToolkit-C Administrator, responsible for the installation, configuration, security policy, and number of applications (or users) of ProtectToolkit-C. This configuration of ProtectToolkit-C will determine the functionality and services available to the ProtectToolkit-C applications. The Administrator is strongly encouraged to read this guide thoroughly before attempting any operations.

The guide also provides information on the structure and features of ProtectToolkit-C, and therefore serves as a valuable reference for any user.

This guide also provides configuration details for some standard PKCS#11 applications compatible with ProtectToolkit-C.

Utility Normal Mode vs. Work Load Distribution and HA Mode

In this guide, any references to the name of a utility without any further qualification refer to the utility operating in NORMAL mode. Any references to the name of a utility with the qualification (WLD/HA) refer to the utility operating in Work Load Distribution (WLD) and High Availability (HA) mode.

For example, ctkmu refers to the utility operating in NORMAL mode, while ctkmu (WLD) refers to the utility operating in WLD mode. For more information about WLD and HA mode, refer to Work Load Distribution (WLD) Model and High Availability (HA).