Java sample programs
This section describes the Java sample programs that Thales includes in the ProtectToolkit-J SDK package. The binaries for the sample programs are included in jcprovsamples.jar. However, in order to use the sources provided, you must compile them first. Refer to the following sections:
Note
The Java samples described in this section are used with the the JCPROV interface, a lightweight proprietary Java wrapper for the PKCS#11 API. While the samples are included in the ProtectToolkit-J SDK package, the libraries required to compile the samples are included in the ProtectToolkit-C Runtime package.
To avoid running into issues, move samples out of the installation directory before modifying, compiling, or running them.
Compiling and running the Java sample programs
Note
OpenJDK 7 or newer is required to compile these samples.
For best results, ensure that jcprov.jar is in your CLASSPATH environment variable before compiling the applications. Since all the applications are registered under the name space SafeNet_tech.jcprov.samples, a path that allows this namespace to be used must also be added to the CLASSPATH. If the samples are compiled in their installed locations, the path leading to the “samples” directory in the installation location will allow them to be executed as documented below.
To compile and run the sample programs
-
Set the CLASSPATH environment variable to point to jcprov.jar and the root path of sample programs.
C:\> set "CLASSPATH=C:\Program Files\Safenet\ProtectToolkit 7\Runtime\bin\jcprov.jar" -
Use javac to compile the samples.
C:\Program Files\SafeNet\ProtectToolkit 7\JSDK\src\samples\jcprov> javac GetInfo.java -
Use java to run samples.
C:\Program Files\SafeNet\ProtectToolkit 7\JSDK\src\samples\jcprov>java GetInfo -Info
-
Create a temporary compile directory.
% mkdir -p SafeNet_tech/jcprov/samples -
Copy the sample program and Makefile into that directory.
% cp /opt/safenet/protecttoolkit7/ptk/src/SafeNet_tech/jcprov/samples/* SafeNet_tech/jcprov/samples -
Set the CLASSPATH environment variable to point to jcprov.jar and sample programs’ root path.
% export CLASSPATH=/opt/safenet/protecttoolkit7/ptk/lib/jcprov.jar:`pwd` -
Change directory to sample programs’ path.
% cd SafeNet_tech/jcprov/samples -
Use javac program to compile the examples.
% javac GetInfo.java -
Use java program to run samples.
% java SafeNet_tech.jcprov.samples.GetInfo -info
Note
If an error appears stating that a shared object file could not be opened, add the directory of the required shared object library to the LD_LIBRARY_PATH environment variable and run the sample again.
Using the Java sample programs
The following Java sample programs are included:
DeleteKey
This sample demonstrates the deletion of keys.
java SafeNet_tech.jcprov.samples.DeleteKey -keyType <keytype> -keyName <keyname> [-slot <slotId>] [-password <password>]
| Option | Description |
|---|---|
| keytype | One of (des, des2, des3, rsa). The types of keys supported are: - des — single DES key - des2 — double length Triple DES key - des3 — triple length Triple DES key - rsa — RSA Key Pair |
| keyname | The name (label) of the key to delete. |
| slotId | The slot containing the token to delete the key from. The default is (0). |
| password | The user password of the slot. If specified, a private key is deleted. |
EccDemo
This sample demonstrates the generation of EC keys (prime192v1) and optionally performs sign/verify option with generated keys
java SafeNet_tech.jcprov.samples.EccDemo [-g] -n<keylabel>
| Option | Description |
|---|---|
| -g | Generate Key Pair only (do not perform sign/verify). |
| -n<keylabel> | Labels for key pair. |
EncDec
This sample demonstrates the encryption and decryption operations.
java SafeNet_tech.jcprov.samples.EncDec -keyType <keytype> -keyName <keyname> [-slot <slotId>] [-password <password>]
| Option | Description |
|---|---|
| keytype | One of (des, des2, des3, rsa). The types of keys supported are: - des — single DES key - des2 — double length Triple DES key - des3 — triple length Triple DES key - rsa — RSA Key Pair |
| keyname | The name (label) of the key to delete. |
| slotId | The slot containing the token to delete the key from. The default is (0). |
| password | The user password of the slot. If specified, a private key is used. |
EnumAttributes
This sample demonstrates the SafeNet extension to enumerate all attributes of an object.
java SafeNet_tech.jcprov.samples.EnumAttributes -name <objectname> [-slot <slotId>] [-password <password>]
| Option | Description |
|---|---|
| objectName | The name (label) of the object to enumerate over. |
| slotId | The slot containing the object. The default is (0). |
| password | The user password of the slot. If specified, a private object is used. |
GenerateKey
This sample demonstrates the generation of keys.
java SafeNet_tech.jcprov.samples.GenerateKey -keyType <keytype> -keyName <keyname> [-slot <slotId>] [-password <password>]
| Option | Description |
|---|---|
| keytype | One of (des, des2, des3, rsa). The types of keys supported are: - des — single DES key - des2 — double length Triple DES key - des3 — triple length Triple DES key - rsa — RSA Key Pair - ec — EC key pair |
| keyname | The name (label) of the key to delete. |
| slotId | The slot containing the token to delete the key from. The default is (0). |
| password | The user password of the slot. If specified, a private key is created. |
GetInfo
The sample demonstrates the retrieval of Slot and Token Information.
java SafeNet_tech.jcprov.samples.GetInfo (-info, -slot, -token) [<slotId>]
| Option | Description |
|---|---|
| info | Retrieve the general information. |
| slot | Retrieve the slot information of the specified slot. |
| token | Retrieve the token information of the token in the specified slot. |
| slotId | The related slot ID of the slot or token information to retrieve. The default is (all). |
ListObjects
This sample demonstrates the listing of Token objects.
java SafeNet_tech.jcprov.samples.ListObjects [-slot <slotId>] [-password <password>]
| Option | Description |
|---|---|
| slotId | The slot containing the token objects to list. The default is (0). |
| password | The user password of the slot. If specified, private objects are also listed. |
ReEncrypt
This sample demonstrates re-encryption of variable length data.
Re-encryption is where ciphertext (encrypted key or data) is decrypted with one key, and then the resulting plain text is encrypted with another key. Typically you want this operation to occur in such a way as to avoid having the intermediate plain text leaving the security of the adapter.
This is achieved in PKCS#11 via the C_UnwrapKey and C_WrapKey functions. By specifying the intermediate plain text data as a GENERIC_SECRET, SENSITIVE, Session object, you can keep variable length data securely in the adapter. This program assumes that slot 0 exists. All objects generated during program execution are session objects, and as such the contents of the token in slot 0 are not modified.
java SafeNet_tech.jcprov.samples.ReEncrypt
Threading
Sample program to show use of different ways to handle multi-threading.
This program initializes the Cryptoki library according to the specified locking model. Then a shared handle to the specified key is created. The specified number of threads is started, where each thread opens a session and then enters a loop which does a triple DES encryption operation using the shared key handle.
It is assumed that the key exists in slot 0, and is a Public Token object.
java ...Threading -numThreads <numthreads> -keyName <keyname> -locking <lockingmodel> [-v]
| Option | Description |
|---|---|
| numthreads | The number of threads to start. |
| keyname | The name of the Triple DES key to use for encryption operation. |
| lockingmodel | The locking model, one of: - None — No locking performed. Some of the threads should report failures. - OS — Use native OS mechanisms to perform locking. - Functions — Use Java functions to perform locking. |
