Dell BSAFE SSL-J User guide

Brand: Dell

Model: BSAFE SSL-J

Type: User guide

RSA BSAFE

SSL-J 6.2.6

Installation Guide

December 2019

Part Number

12.11.19

Notice and Trademarks

trademarks of Dell Inc. or its subsidiaries in the United States and/or other countries. All other products and services

mentioned are trademarks of their respective companies. For the most up-to-date listing of Dell trademarks, go to

www.dell.com/learn/us/en/19/shared-content/dell-trademark-list.

License agreement

This software and the associated documentation are proprietary and confidential to Dell Inc., are furnished under license, and

may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice

above. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any

other person.

No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any

unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.

This software is subject to change without notice and should not be construed as a commitment by Dell Inc.

Third-party licenses

This product may include software developed by parties other than Dell Inc. The text of the license agreements applicable to

third-party software in this product may be viewed in SSL-J_6.2.6_Third-partyLicenses.pdf.

Note on encryption technologies

This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption

technologies, and current use, import, and export regulations should be followed when using, importing or exporting this

product.

Disclaimer

Dell Inc. believes the information in this publication is accurate as of its publication date. The information is subject to

change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS”. DELL INC OR ITS

SUBSIDIARIES MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE

INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF

MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Distribution

Limit distribution of this document to trusted personnel.

Installation Guide

12.11.19

RSA BSAFE SSL-J 6.2.6 Installation Guide

This document provides installation instructions for RSA BSAFE SSL-J 6.2.6 (SSL-J)

for all released platforms. Instructions are provided for binary installations, including

installation on Google

Android™, and source installations of SSL-J, including

installation on Google Android.

Binary installations are suitable where the compiled version of SSL-J matches your

installation platform, and where there is no intention to alter the product. Source

installations are suitable where SSL-J is to be built for a specific platform.

Contents:

About the SSL-J Toolkit ................................................................................... 2

Binary Installation ............................................................................................. 5

Install the JCE Jurisdiction Policy Files ................................................. 6

Install SSL-J ............................................................................................... 7

Build and Run the Samples ................................................................... 13

Binary Installation for Android ...................................................................... 15

Install SSL-J ............................................................................................. 16

Build an Application to Run the SSL-J Samples ................................. 21

Source Installation ......................................................................................... 23

Install the JCE Jurisdiction Policy Files ............................................... 24

Install SSL-J ............................................................................................. 25

Install Third-party Software Tools ......................................................... 26

Create the Toolkit Jar Files .................................................................... 27

Source Installation for Android ..................................................................... 28

Install SSL-J ............................................................................................. 29

Install Third-party Software Tools ......................................................... 30

Create the Toolkit Jar Files .................................................................... 31

Build and Run the System Tests ........................................................... 31

System and Security Properties ................................................................... 33

Uninstallation Instructions ............................................................................. 33

2 About the SSL-J Toolkit

RSA BSAFE SSL-J 6.2.6 Installation Guide

About the SSL-J Toolkit

SSL-J is a Java™ software development toolkit for building Transport Layer Security

(TLS) into enterprise-to-enterprise and commercial Internet applications.

The SSL-J distribution media contains the following:

• Binary toolkit

– Toolkit Java archive (jar) files

– CodeBase shared libraries

– OpenLDAP library

– RSA BSAFE Crypto-C Micro Edition 4.1 (Crypto-C ME) shared libraries

– Sample source code.

• Source toolkit

– Java source code and build and test systems

– Crypto-C ME shared libraries

– Sample source code.

• The RSA BSAFE Crypto-J 6.2.5 (Crypto-J) binary toolkit, which includes the

FIPS validated Crypto-J 6.2.5 module. Crypto-J provides Java implementations of

all the required cryptographic and certificate management operations using the

JsafeJCE API.

• The RSA BSAFE Cert-J 6.2.4 (Cert-J) binary toolkit. Cert-J provides Java

implementations of all the required certificate management operations using the

proprietary CertJ API.

• Product documentation consisting of:

– This document, the RSA BSAFE SSL-J Installation Guide, in Portable

Document Format (PDF), with instructions on how to install and build SSL-J.

– RSA BSAFE SSL-J Release Notes, in PDF, with the latest information about

SSL-J.

– RSA BSAFE SSL-J Security Best Practices Guide, in PDF, that provides

security best practice recommendations and an overview of security

configuration settings available in SSL-J to help secure operations across a

range of scenarios.

– RSA BSAFE SSL-J Security Policy, in PDF, that describes how SSL-J uses the

RSA BSAFE Crypto-J JSAFE and JCE Software Module (Crypto-J JSAFE

and JCE Software Module), and how to operate the SSL-J toolkit in a manner

consistent with the requirements of the cryptographic module.

– RSA BSAFE SSL-J Third-party Licenses, in PDF, that list the licenses details

for the third-party software products used with SSL-J.

– RSA BSAFE SSL-J Troubleshooting Guide, in PDF, that provides information

and instructions for troubleshooting common issues with SSL-J.

About the SSL-J Toolkit 3

RSA BSAFE SSL-J 6.2.6 Installation Guide

– RSA BSAFE SSL-J Developers Guide, in HTML format, with information on

how to build SSL security into applications.

– The following Javadocs, in HTML format, provide Java API reference

information:

• RSA BSAFE SSLJJavadoc

• RSA BSAFE JSSE Javadoc

• Related product documentation, consisting of:

– RSA BSAFE Cert-J 6.2.4 Release Notes, in PDF, with the latest information

on Cert-J.

– RSA BSAFE Cert-J 6.2.4 Security Policy, in PDF, that describes how Cert-J

uses the Crypto-J JSAFE and JCE Software Module, and how to operate

Cert-J in a manner consistent with the requirements of the cryptographic

module.

– RSA BSAFE Crypto-C Micro Edition 4.1 Security Policy documents, Level 1

and Level 2, in PDF, which describe how the Crypto-C ME Cryptographic

Module meets Level 1 security requirements of FIPS 140-2, the Level 2

security requirements of FIPS 140-2 for Roles, Authentication and Services,

Level 3 security requirements for Design Assurance, and how to securely

operate it.

– RSA BSAFE Crypto-J 6.2.5 Release Notes, in PDF, with the latest

information on Crypto-J.

– RSA BSAFE Crypto-J 6.2.5 FIPS Compliance Guide, in PDF, which

describes how Crypto-J uses the Crypto-J JSAFE and JCE Software Module,

and how to operate Crypto-J in a manner consistent with the requirements of

the cryptographic module.

– RSA BSAFE Crypto-J JSAFE and JCE Software Module 6.2.5 Security Policy

documents, Level 1 and Level 2, in PDF, which describe how the Crypto-J

JSAFE and JCE Software Module meets the Level 1 security requirements of

FIPS 140-2, the Level 2 security requirements of FIPS 140-2 for Roles,

Authentication and Services, the Level 3 security requirements for Design

Assurance, and how to securely operate it.

– The following Javadocs, in HTML format, provide Java API reference

information:

• RSA BSAFE CertJ Javadoc

• RSA BSAFE JsafeJCE Javadoc

• RSA BSAFE Jsafe Javadoc

• RSA BSAFE Tools Javadoc.

4 About the SSL-J Toolkit

RSA BSAFE SSL-J 6.2.6 Installation Guide

Toolkit Configurations

There are eight toolkit configurations included in the SSL-J toolkit:

Table 1 Toolkit Configurations

Configuration API

Cryptographic

Implementation

Uses FIPS

Module

Uses either the FIPS 140 validated Crypto-J JSAFE and JCE Software Module or the Crypto-C ME cryptographic

module.

Pure JSSE JSSE Pure Java No

Native JSSE JSSE

Pure Java and Native

If there is no Native implementation for a particular algorithm, the toolkit automatically uses the Pure Java algorithm

implementation.

Native FIPS JSSE JSSE

Pure Java and Native

Yes

FIPS JSSE JSSE Pure Java Yes

Pure SSLJ SSLJ Pure Java No

Native SSLJ SSLJ

Pure Java and Native

Native FIPS SSLJ SSLJ

Pure Java and Native

Yes

FIPS SSLJ SSLJ Pure Java Yes

Binary Installation 5

RSA BSAFE SSL-J 6.2.6 Installation Guide

Binary Installation

This section describes how to install the SSL-J binary toolkit on your development

environment.

Note: For instructions to install the SSL-J binary toolkit on an Android

development environment, go to Binary Installation for Android.

Before you begin:

• Ensure the system you are installing onto has 500 MB of free disk space.

• Read these installation instructions.

• Install JDK 7.0 or above, and set the

JAVA_HOME environment variable

appropriately. The RSA BSAFE SSL-J Release Notes lists the supported platforms.

• Ensure the correct Java Cryptography Extension (JCE) Jurisdiction Policy Files is

installed. For instructions, see Install the JCE Jurisdiction Policy Files.

• Install one or more of the following, as required:

– Apache Ant™ 1.7.x or 1.8.x. Ant 1.8.x is required for Android development.

– JetBrains IntelliJ

9.0 IDE

– Eclipse 3.3 IDE or newer.

Steps to install SSL-J:

The following steps summarize the complete installation process which is detailed

below:

1. Install the JCE Jurisdiction Policy Files if necessary.

2. Install SSL-J.

3. Build and Run the Samples.

6 Binary Installation

RSA BSAFE SSL-J 6.2.6 Installation Guide

Install the JCE Jurisdiction Policy Files

The JCE requires that Unlimited Strength Jurisdiction Policy Files are downloaded

and installed in order to use some algorithms and key strengths using the JCE API.

The following algorithms require these policy files:

• AES, RC2, RC4, RC5 with key sizes greater than 128 bits

• RSA Encryption.

These algorithms are used by:

• Some PKCS #12 KeyStore files

• The

_AES_256_, TLS_RSA_ , SSL_R SA_ TLS cipher suites.

For the latest jurisdiction policy file guidelines, see the

install_jre/lib/security/java.security file.

The latest JDK updates use the unlimited policy files by default. To check that the

installed JDK does this, look for the

install_jre/lib/security/policy

directory. If this directory is not present, complete the following instructions to

manually download and install the unlimited policy files.

The JDK version installed determines the jurisdiction policy file to download.

For Oracle

JDK 9, follow the instructions in the README.txt located in the

install_jdk9/conf/security/policy directory of the JDK download.

For all other JDK versions, obtain the applicable jurisdiction policy file from the

following download locations:

• JCE Unlimited Strength Jurisdiction Policy Files 7 for:

– Oracle JDK 7.0

– HP JDK 7.0.

• JCE Unlimited Strength Jurisdiction Policy Files 8 for:

– Oracle JDK 8.0

– HP JDK 8.0.

• IBM Unrestricted JCE Policy Files for IBM

JDK 7.x and 8.0.

To install the Unlimited Jurisdiction Policy Files:

1. Extract the local_policy.jar and US_export_policy.jar files from the

downloaded zip file.

2. Copy

local_policy.jar and US_export_policy.jar to the

install_jre/lib/security directory, overwriting the existing policy files.

Binary Installation 7

RSA BSAFE SSL-J 6.2.6 Installation Guide

Install SSL-J

The following describes the SSL-J binary distribution directory structure.

To install SSL-J:

1. Copy the SSL-J binary distribution directory structure into a suitable location on

the target system.

2. There is a single SSL-J toolkit which contains both the SSL-J API and the JSSE

API. The toolkit operates differently, depending on the toolkit variants of Crypto-J

available, resulting in different configurations.

Directory Content

root/

license_bsafe.pdf

Product specific license text

readme.txt

SSL-J_6.2.6_InstallGuide.pdf

RSA BSAFE SSL-J Installation Guide

SSL-J_6.2.6_ReleaseNotes.pdf

RSA BSAFE SSL-J Release Notes Guide

SSL-J_6.2.6_TroubleshootingGuide.pdf

RSA BSAFE SSL-J Troubleshooting Guide

sslj/

android/

Files for use on the Android platform

BsafeAndroidSamples/

Android source sample code

doc/

SSL-J documentation and sub-directories

certj/

Cert-J documentation and sub-directories

cryptoj/

Crypto-J documentation files

DevGuide/

RSA BSAFE SSL-J Developers Guide

javadoc/

sslj/

RSA BSAFE SSLJ JavaDoc

jsse/

RSA BSAFE JSSE JavaDoc

lib/

SSL-J toolkit jar files

prebuilt/

certj/

Cert-J toolkit jar file

codebase/

CodeBase jar file and native libraries

cryptocme/

Crypto-C ME native libraries

cryptoj/

Crypto-J toolkit jar files

openldap/

Open LDAP jar file

sample/

Sample source code

8 Binary Installation

RSA BSAFE SSL-J 6.2.6 Installation Guide

The following table lists these configurations and the corresponding SSL-J, Cert-J

and Crypto-J jar files to be added to the class path.

Table 2 Configuration and Required jar Files

Configuration Jar Files to Add to the Class Path

Pure JSSE

root/sslj/lib/sslj-6.2.6.jar

root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar

The following jars are an alternative to cryptoj-6.2.5.jar. The resulting configuration will yield faster

start-up times:

root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar

root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar

root/sslj/prebuilt/cryptoj/jcm-6.2.5.jar

Native JSSE

Enables the selection of Java or Native implementations of cryptographic algorithms. Uses the

Crypto-C ME toolkit as the Native implementation, and CodeBase for native database access.

root/sslj/lib/sslj-6.2.6.jar

root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar

Native FIPS

JSSE

root/sslj/lib/sslj-6.2.6.jar

root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar

root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar

root/sslj/prebuilt/cryptoj/jcmFIPS-6.2.5.jar

FIPS JSSE root/sslj/lib/sslj-6.2.6.jar

root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar

root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar

root/sslj/prebuilt/cryptoj/jcmFIPS-6.2.5.jar

Pure SSLJ

root/sslj/lib/sslj-6.2.6.jar

root/sslj/prebuilt/certj/certj-6.2.4.jar

root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar

Native SSLJ

root/sslj/lib/sslj-6.2.6.jar

root/sslj/prebuilt/certj/certj-6.2.4.jar

root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar

Native FIPS

SSLJ

root/sslj/lib/sslj-6.2.6.jar

root/sslj/prebuilt/certj/certj-6.2.4.jar

root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar

root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar

root/sslj/prebuilt/cryptoj/jcmFIPS-6.2.5.jar

FIPS SSLJ

root/sslj/lib/sslj-6.2.6.jar

root/sslj/prebuilt/certj/certj-6.2.4.jar

root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar

root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar

root/sslj/prebuilt/cryptoj/jcmFIPS-6.2.5.jar

Binary Installation 9

RSA BSAFE SSL-J 6.2.6 Installation Guide

3. Depending on other features you intend to use, the addition of further jar files to

your class path may be required. The following table lists these features and the

corresponding jar files to be added to the class path.

4. If you do not wish to use a Native FIPS or Native non-FIPS configuration of

SSL-J, go to Step 6.

To use the Native FIPS or Native non-FIPS configuration of SSL-J, the

Crypto-C ME shared libraries must be added to the Java library path.

The subdirectories in

root/sslj/prebuilt/cryptocme that contain the

platform-specific shared libraries are detailed in the following table.

Table 3 Features and Required jar Files

Feature Jar Files to Add to the Class Path

LDAP

root/sslj/prebuilt/openldap/openldap.jar

CodeBase Native Database

root/sslj/prebuilt/codebase/codebase.jar

Table 4 Platform-specific Native Shared Libraries for Crypto-C ME

Platform-specific Native Shared Libraries

Subdirectory

Apple

Mac OS

X 10.6 x86 32-bit

macosx_x86

Apple Mac OS X 10.6 x86_64 64-bit

macosx_x64

FreeBSD

8.3 64-bit

freebsd_x64_gcc

HP HP-UX 11.31 Itanium2 32-bit

hpux1131ia32i2

HP HP-UX 11.31 Itanium2 64-bit

hpux1131ia64i2

IBM AIX 6.1 32-bit

IBM AIX 7.1 32-bit

aix6

IBM AIX 6.1 64-bit

IBM AIX 7.1 64-bit

aix6_64

Micro Focus

SUSE

Linux Enterprise Server 32-bit

linux_x86_lsb30

Micro Focus SUSE Linux Enterprise Server 64-bit

linux_x64_lsb30

Microsoft Windows

32-bit

win32vc8

Microsoft Windows 64-bit

win64x64

Oracle Solaris™ 10 x86 32-bit

solx86

Oracle Solaris 10 x86_64 64-bit

solx64

Oracle Solaris 10 Sparc v8+ 32-bit

solspv8p

10 Binary Installation

RSA BSAFE SSL-J 6.2.6 Installation Guide

For example, for systems running a Windows operating system:

copy root\sslj\prebuilt\cryptocme\win32vc8\*.*

c:\Windows\System32

For systems running a Unix-like operating system, add the Native library to the

library path. For example, for Solaris, add the Crypto-C ME library to the

LD_LIBRARY_PATH environment variable.

LD_LIBRARY_PATH=$LD_LIBRARY_PATH:

root/sslj/prebuilt/cryptocme/solspv8p

export LD_LIBRARY_PATH

Note: On some operating systems, it may be necessary to set the execute

permissions for the shared libraries. For example:

chmod 755 root/sslj/prebuilt/cryptocme/solspv8p/*.so

For details about how to use Native configurations of SSL-J, see the API-specific

section “Using Native Implementations” in the RSA BSAFE SSL-J Developers

Guide.

5. If you intend to use the Native configuration for native database access, copy the

CodeBase platform-specific Native library to the system directory, or put them in

the library path.

The subdirectories in

root/sslj/prebuilt/codebase that contain the relevant

platform-specific shared libraries are detailed in the following table.

Oracle Solaris 10 Sparc v9 64-bit

solspv9

Red Hat

Enterprise Server 32-bit

linux_x86_lsb30

Red Hat Enterprise Server 64-bit

linux_x64_lsb30

Short Platform Name.

Table 4 Platform-specific Native Shared Libraries for Crypto-C ME (continued)

Platform-specific Native Shared Libraries

Subdirectory

Table 5 Platform-specific CodeBase Native Shared Library directories

Platform Subdirectory

HP HP-UX 11.31 Itanium 2 32-bit

hpuxia32i2

IBM AIX 6.1 PowerPC 32-bit

IBM AIX 7.1 PowerPC 32-bit

aix5

Microsoft Windows 32-bit, multithreaded, dynamically

linked with C runtime library

win32

Red Hat Enterprise Server 32-bit

rhas30

Red Hat Enterprise Server 64-bit

rhas40_x86-64

Solaris 10 SPARC v8+ 32-bit

solspv8p

Binary Installation 11

RSA BSAFE SSL-J 6.2.6 Installation Guide

For example, for systems running a Windows operating system:

copy root\sslj\prebuilt\codebase\win32\*.dll c:\Windows\System32

For systems running a Unix-like operating system, add the Native library to the

library path. For example, for Solaris, add the library to

LD_LIBRARY_PATH

environment variable:

LD_LIBRARY_PATH=$LD_LIBRARY_PATH:

root/sslj/prebuilt/codebase/solspv8p

export LD_LIBRARY_PATH

Note: On some operating systems, it may be necessary to set the execute

permissions for the shared libraries. For example:

chmod 755 root/sslj/prebuilt/cryptocme/solspv8p/*.so

6. To use the Crypto-J JsafeJCE API, register the Crypto-J JCE provider, JsafeJCE,

either statically or dynamically.

To statically register the JsafeJCE provider:

a. Copy the relevant jar files to the install_jre/lib/ext directory.

b. Edit the

install_jre/lib/security/java.security file to add the

JsafeJCE Provider:

security.provider.n=com.rsa.jsafe.provider.JsafeJCE

To set the JsafeJCE Provider as the default provider, set n to 1.

Change the n values for any other providers listed in

java.security so

that each provider has a unique number. For example:

security.provider.1=com.rsa.jsafe.provider.JsafeJCE

security.provider.2=sun.security.provider.Sun

To dynamically register the JsafeJCE provider:

a. Add the relevant jar files to the class path.

b. Create the provider programmatically using the following Java code:

// Create a Provider object

Provider jsafeProvider = new com.rsa.jsafe.provider.JsafeJCE();

// Add the Crypto-J JsafeJCE Provider to the current

// list of providers available on the system.

Security.insertProviderAt (jsafeProvider, 1);

7. The SSL-J FIPS 140-2 toolkit may be configured to perform specific operations at

start-up (load). Edit the following file to configure these operations:

install_jre/lib/security/java.security.

The following table lists the property that must be set for FIPS 140-2 compliant

operation:

Table 6 FIPS 140-2 Property Setting

Property Name Value

com.rsa.sslj.fips140initialmode

FIPS140_MODE

12 Binary Installation

RSA BSAFE SSL-J 6.2.6 Installation Guide

For FIPS 140-2 Level 2 Roles, Authentication and Services compliance, add the

security properties listed in the following table:

8. SSL-J uses

CTRDRBG128 as the default random algorithm where no other random

algorithm is specified.

Use the security property

com.rsa.crypto.default.random to change this

as required. The following are valid values for this security property:

The installation of

SSL-J is complete. For information on how to run the sample

code, see Build and Run the Samples.

The fips140initialmode value can be any of FIPS140_MODE, FIPS140_SSL_MODE, FIPS140_ECC_MODE,

FIPS140_SSL_ECC_MODE or NON_FIPS140_MODE

Table 7 FIPS 140-2 Level 2 Property Settings

Property Name Value

com.rsa.sslj.fips140auth LEVEL2

com.rsa.sslj.configfile

This security property is optional. There are APIs to dynamically specify this property.

path and filename

The path and filename can be an absolute path or a path relative to the user.dir Java system property.

• CTRDRBG

• CTRDRBG128

• CTRDRBG192

• CTRDRBG256

• HASHDRBG

• HASHDRBG128

• HASHDRBG192

• HASHDRBG256

• HMACDRBG

• HMACDRBG128

• HMACDRBG192

• HMACDRBG256

Binary Installation 13

RSA BSAFE SSL-J 6.2.6 Installation Guide

Build and Run the Samples

This release of SSL-J has standalone and client-server samples. The standalone

samples demonstrate utility functionality such as obtaining the version number of the

toolkit and checking that the JRE configuration is correct for using SSL-J.

Sample source code is available for each API:

• The SSL-J samples are in

root/sslj/sample/src/sslj

• The JSSE samples are in root/sslj/sample/src/jsse.

There are two ways to build and run the samples for SSL-J; use the Integrated

Development Environment (IDE) project files, or use the build scripts:

• Use IDE project files

The project files to build and run the samples have been included in this release of

SSL-J for the following development environments:

– JetBrains IntelliJ 9.0 IDE

– Eclipse 3.3 IDE.

These project files are located at

root/sslj.

• Use Apache Ant build scripts

Build scripts to build and run the samples are included in this release of SSL-J at

root/sslj. Ensure that your execution path will allow the ant command to be

executed.

In the following instructions, replace api_name

with either sslj or jsse as

required.

To build the sample code:

1. Navigate to the sslj directory:

cd root/sslj

2. Build the samples. Compile all the samples for the relevant API:

ant -f build-api_name.xml

To run the sample code:

1. Run the samples from the sslj directory:

a. To execute the standalone API samples, run:

ant -f build-api_name.xml run.all

b. To execute client-server samples, choose a server and corresponding client

and then execute the server and client separately. This example shows how to

run the Simple client-server sample:

i. To find the list of client-server samples:

ant -f build-api_name.xml -projecthelp

14 Binary Installation

RSA BSAFE SSL-J 6.2.6 Installation Guide

ii. Execute the server in a command shell. For example, to run the Simple

server:

ant -f build-api_name.xml run.server.Simple

iii. Execute the client in another command shell. For example, to run the

Simple client:

ant -f build-api_name.xml run.client.Simple

Alternately, the complete set of client-server samples can be executed in a

single command shell. Use the following command:

ant -f build-api_name.xml run.client-server.all

Binary Installation for Android 15

RSA BSAFE SSL-J 6.2.6 Installation Guide

Binary Installation for Android

This section describes how to install the SSL-J binary toolkit on your Android

development environment.

Before you begin:

• Ensure that the system you are installing onto has 900 MB of free disk space.

• Obtain a decryption key from RSA.

• Download the SSL-J encrypted package file and the decryption utility from the

download server to a convenient directory.

• Install JDK 7.0 or above, and set the

JAVA_HOME environment variable

appropriately. The RSA BSAFE SSL-J Release Notes lists the supported platforms.

• Install Android SDK r24 or newer, or Android Studio 1.3.2 or newer, and set the

ANDROID_HOME environment variable appropriately.

• Ensure an Android device running a supported version of Android is available to

run SSL-J. A hardware device or an emulator can be used for this.

– Install a supported Android platform. This can be done using the Android

SDK Manager included with the SDK or Android Studio.

• Install Gradle 2.4 or newer.

• Add

android-sdk/platform-tools, andro id-sdk/tools and

gradle-home/bin to the path environment variable to allow the Android

commands to be called from the SSL-J build scripts.

• Install Apache™ Ant™ 1.8.x.

• Read these installation instructions.

To install SSL-J:

The following steps summarize the complete installation process which is detailed

below:

1. Install SSL-J.

2. Build an Application to Run the SSL-J Samples.

16 Binary Installation for Android

RSA BSAFE SSL-J 6.2.6 Installation Guide

Install SSL-J

The following describes the binary distribution directory structure.

To install SSL-J

1. Copy the SSL-J binary distribution directory structure into a suitable location on

the target system.

2. There is a single SSL-J toolkit which contains both the SSLJ API and the JSSE

API. The toolkit operates differently, depending on the toolkit variants of Crypto-J

available, resulting in different configurations.

Directory Content

root/

license_bsafe.pdf

Product specific license text

readme.txt

SSL-J_6.2.6_InstallGuide.pdf

RSA BSAFE SSL-J Installation Guide

SSL-J_6.2.6_ReleaseNotes.pdf

RSA BSAFE SSL-J Release Notes Guide

SSL-J_6.2.6_TroubleshootingGuide.pdf

RSA BSAFE SSL-J Troubleshooting Guide

sslj/

android/

Files for use on the Android platform

BsafeAndroidSamples/

Android source sample code

doc/

SSL-J documentation and sub-directories

certj/

Cert-J documentation files

cryptoj/

Crypto-J documentation files

DevGuide/

RSA BSAFE SSL-J Developers Guide

javadoc/

sslj/

RSA BSAFE SSLJ JavaDoc

jsse/

RSA BSAFE JSSE JavaDoc

lib/

SSL-J toolkit jar files

prebuilt/

certj/

Cert-J toolkit jar file

codebase/

CodeBase jar file and native libraries

cryptocme/

Crypto-C ME native libraries

cryptoj/

Crypto-J toolkit jar files

openldap/

Open LDAP jar file

sample/

Sample source code

Binary Installation for Android 17

RSA BSAFE SSL-J 6.2.6 Installation Guide

The following table lists these toolkit configurations and the corresponding SSL-J,

Cert-J and Crypto-J jar files to be added to the class path.

3. Copy the jar files to the specified directories:

– To work with non-FIPS 140-2 compliant SSL-J:

• Copy all jar files for the selected configuration from Configuration and

Required jar Files to the external library file folder in the Android project,

for example, android-project

/libs.

Table 8 Configuration and Required jar Files

Configuration Jar Files to Add to the Class Path

Pure JSSE root/sslj/lib/sslj-6.2.6.jar

root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar

The following jars are an alternative to cryptoj-6.2.5.jar. The resulting configuration yields faster start-up times:

root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar

root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar

root/sslj/prebuilt/cryptoj/jcm-6.2.5.jar

Native JSSE

Enables the selection of Java or Native implementations of cryptographic algorithms. Uses the Crypto-C ME

toolkit as the Native implementation, and CodeBase for native database access.

root/sslj/lib/sslj-6.2.6.jar

root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar

Native FIPS

JSSE

root/sslj/lib/sslj-6.2.6.jar

root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar

root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar

root/sslj/prebuilt/cryptoj/jcmandroidfips-6.2.5.jar

FIPS JSSE root/sslj/lib/sslj-6.2.6.jar

root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar

root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar

root/sslj/prebuilt/cryptoj/jcmandroidfips-6.2.5.jar

Pure SSLJ root/sslj/lib/sslj-6.2.6.jar

root/sslj/prebuilt/certj/certj-6.2.4.jar

root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar

Native SSLJ

root/sslj/lib/sslj-6.2.6.jar

root/sslj/prebuilt/certj/certj-6.2.4.jar

root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar

Native FIPS

SSLJ

root/sslj/lib/sslj-6.2.6.jar

root/sslj/prebuilt/certj/certj-6.2.4.jar

root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar

root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar

root/sslj/prebuilt/cryptoj/jcmandroidfips-6.2.5.jar

FIPS SSLJ root/sslj/lib/sslj-6.2.6.jar

root/sslj/prebuilt/certj/certj-6.2.4.jar

root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar

root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar

root/sslj/prebuilt/cryptoj/jcmandroidfips-6.2.5.jar

18 Binary Installation for Android

RSA BSAFE SSL-J 6.2.6 Installation Guide

– To work with FIPS 140-2 compliant SSL-J:

• With the exception of

jcmandroidfips-6.2.5.jar,copy all jar files

for the selected configuration to the external library file folder in the

Android project, for example, android-project

/libs.

• Copy the FIPS140 jar,

jcmandroidfips-6.2.5.jar, to the relevant

folder for loading.

• To load the FIPS140 jar from the raw resources folder in the Android

project, copy

jcmandroidfips-6.2.5.jar to the raw resources

folder, android-project

/res/raw as jcmandroidfips.raw.

• To load the FIPS140 jar from a file, the jar must be available on the

Android device that is running the application as a file, in a location

such as

/sdcard.

For details about how to load the jar file, see the section Introduction to

SSL-J > Android in the RSA BSAFE SSL-J Developers Guide.

4. Depending on other features to be used, additional jar

files may be required to be

added to the class path. If required, add the LDAP jar file to the class path:

root/sslj/prebuilt/openldap/openldap.jar

5. If you do not wish to use a Native FIPS or Native non-FIPS configuration of

SSL-J, go to Step 7.

To use a Native FIPS or Native non-FIPS configuration of SSL-J, the

Crypto-C ME platform-specific shared libraries must be added to the Java library

path. The following table details the subdirectories in

root/sslj/prebuilt/cryptocme

that contain the platform-specific shared

libraries.

6. Select the Native shared library

.so files to use and copy them to the specified

directories:

Note: In the following instructions, replace platform with either x86 or

armeabi-v7a as applicable.

– To work with SSL-J configured as non-FIPS 140-2 compliant, copy

libncm.so to the platform-specific folder for the shared native library files

in the Android project,

android-project , at /jniLibs/platfo rm or

/libs/platform .

Table 9 Platform-specific Crypto-C ME Native Shared Library subdirectories

Platform

Subdirectory

Short Platform Name.

Google Android 32-bit

android_x86

Google Android ARM

android_armv7

Page is loading ...

Dell BSAFE SSL-J User guide

Dell BSAFE SSL-J User guide

Dell BSAFE SSL-J User guide

Related papers

Other documents