Dell BSAFE SSL-J User guide

  • Hello! I am an AI chatbot trained to assist you with the Dell BSAFE SSL-J User guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
RSA BSAFE
®
SSL-J 6.2.6
Installation Guide
December 2019
Part Number
12.11.19
Copyright and Trademark
Notice and Trademarks
Copyright © 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, RSA, the RSA logo, and BSAFE are registered
trademarks of Dell Inc. or its subsidiaries in the United States and/or other countries. All other products and services
mentioned are trademarks of their respective companies. For the most up-to-date listing of Dell trademarks, go to
www.dell.com/learn/us/en/19/shared-content/dell-trademark-list.
License agreement
This software and the associated documentation are proprietary and confidential to Dell Inc., are furnished under license, and
may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice
above. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any
other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by Dell Inc.
Third-party licenses
This product may include software developed by parties other than Dell Inc. The text of the license agreements applicable to
third-party software in this product may be viewed in SSL-J_6.2.6_Third-partyLicenses.pdf.
Note on encryption technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Disclaimer
Dell Inc. believes the information in this publication is accurate as of its publication date. The information is subject to
change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS”. DELL INC OR ITS
SUBSIDIARIES MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE
INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Distribution
Limit distribution of this document to trusted personnel.
December 2019 Copyright © 2019 Dell Inc. or its subsidiaries. All rights reserved. 1
Installation Guide
12.11.19
RSA BSAFE SSL-J 6.2.6 Installation Guide
This document provides installation instructions for RSA BSAFE SSL-J 6.2.6 (SSL-J)
for all released platforms. Instructions are provided for binary installations, including
installation on Google
®
Android™, and source installations of SSL-J, including
installation on Google Android.
Binary installations are suitable where the compiled version of SSL-J matches your
installation platform, and where there is no intention to alter the product. Source
installations are suitable where SSL-J is to be built for a specific platform.
Contents:
About the SSL-J Toolkit ................................................................................... 2
Binary Installation ............................................................................................. 5
Install the JCE Jurisdiction Policy Files ................................................. 6
Install SSL-J ............................................................................................... 7
Build and Run the Samples ................................................................... 13
Binary Installation for Android ...................................................................... 15
Install SSL-J ............................................................................................. 16
Build an Application to Run the SSL-J Samples ................................. 21
Source Installation ......................................................................................... 23
Install the JCE Jurisdiction Policy Files ............................................... 24
Install SSL-J ............................................................................................. 25
Install Third-party Software Tools ......................................................... 26
Create the Toolkit Jar Files .................................................................... 27
Source Installation for Android ..................................................................... 28
Install SSL-J ............................................................................................. 29
Install Third-party Software Tools ......................................................... 30
Create the Toolkit Jar Files .................................................................... 31
Build and Run the System Tests ........................................................... 31
System and Security Properties ................................................................... 33
Uninstallation Instructions ............................................................................. 33
2 About the SSL-J Toolkit
RSA BSAFE SSL-J 6.2.6 Installation Guide
About the SSL-J Toolkit
SSL-J is a Java™ software development toolkit for building Transport Layer Security
(TLS) into enterprise-to-enterprise and commercial Internet applications.
The SSL-J distribution media contains the following:
Binary toolkit
Toolkit Java archive (jar) files
CodeBase shared libraries
OpenLDAP library
RSA BSAFE Crypto-C Micro Edition 4.1 (Crypto-C ME) shared libraries
Sample source code.
Source toolkit
Java source code and build and test systems
Crypto-C ME shared libraries
Sample source code.
The RSA BSAFE Crypto-J 6.2.5 (Crypto-J) binary toolkit, which includes the
FIPS validated Crypto-J 6.2.5 module. Crypto-J provides Java implementations of
all the required cryptographic and certificate management operations using the
JsafeJCE API.
The RSA BSAFE Cert-J 6.2.4 (Cert-J) binary toolkit. Cert-J provides Java
implementations of all the required certificate management operations using the
proprietary CertJ API.
Product documentation consisting of:
This document, the RSA BSAFE SSL-J Installation Guide, in Portable
Document Format (PDF), with instructions on how to install and build SSL-J.
RSA BSAFE SSL-J Release Notes, in PDF, with the latest information about
SSL-J.
RSA BSAFE SSL-J Security Best Practices Guide, in PDF, that provides
security best practice recommendations and an overview of security
configuration settings available in SSL-J to help secure operations across a
range of scenarios.
RSA BSAFE SSL-J Security Policy, in PDF, that describes how SSL-J uses the
RSA BSAFE Crypto-J JSAFE and JCE Software Module (Crypto-J JSAFE
and JCE Software Module), and how to operate the SSL-J toolkit in a manner
consistent with the requirements of the cryptographic module.
RSA BSAFE SSL-J Third-party Licenses, in PDF, that list the licenses details
for the third-party software products used with SSL-J.
RSA BSAFE SSL-J Troubleshooting Guide, in PDF, that provides information
and instructions for troubleshooting common issues with SSL-J.
About the SSL-J Toolkit 3
RSA BSAFE SSL-J 6.2.6 Installation Guide
RSA BSAFE SSL-J Developers Guide, in HTML format, with information on
how to build SSL security into applications.
The following Javadocs, in HTML format, provide Java API reference
information:
RSA BSAFE SSLJJavadoc
RSA BSAFE JSSE Javadoc
Related product documentation, consisting of:
RSA BSAFE Cert-J 6.2.4 Release Notes, in PDF, with the latest information
on Cert-J.
RSA BSAFE Cert-J 6.2.4 Security Policy, in PDF, that describes how Cert-J
uses the Crypto-J JSAFE and JCE Software Module, and how to operate
Cert-J in a manner consistent with the requirements of the cryptographic
module.
RSA BSAFE Crypto-C Micro Edition 4.1 Security Policy documents, Level 1
and Level 2, in PDF, which describe how the Crypto-C ME Cryptographic
Module meets Level 1 security requirements of FIPS 140-2, the Level 2
security requirements of FIPS 140-2 for Roles, Authentication and Services,
Level 3 security requirements for Design Assurance, and how to securely
operate it.
RSA BSAFE Crypto-J 6.2.5 Release Notes, in PDF, with the latest
information on Crypto-J.
RSA BSAFE Crypto-J 6.2.5 FIPS Compliance Guide, in PDF, which
describes how Crypto-J uses the Crypto-J JSAFE and JCE Software Module,
and how to operate Crypto-J in a manner consistent with the requirements of
the cryptographic module.
RSA BSAFE Crypto-J JSAFE and JCE Software Module 6.2.5 Security Policy
documents, Level 1 and Level 2, in PDF, which describe how the Crypto-J
JSAFE and JCE Software Module meets the Level 1 security requirements of
FIPS 140-2, the Level 2 security requirements of FIPS 140-2 for Roles,
Authentication and Services, the Level 3 security requirements for Design
Assurance, and how to securely operate it.
The following Javadocs, in HTML format, provide Java API reference
information:
RSA BSAFE CertJ Javadoc
RSA BSAFE JsafeJCE Javadoc
RSA BSAFE Jsafe Javadoc
RSA BSAFE Tools Javadoc.
4 About the SSL-J Toolkit
RSA BSAFE SSL-J 6.2.6 Installation Guide
Toolkit Configurations
There are eight toolkit configurations included in the SSL-J toolkit:
Table 1 Toolkit Configurations
Configuration API
Cryptographic
Implementation
Uses FIPS
Module
1
1
Uses either the FIPS 140 validated Crypto-J JSAFE and JCE Software Module or the Crypto-C ME cryptographic
module.
Pure JSSE JSSE Pure Java No
Native JSSE JSSE
Pure Java and Native
2
2
If there is no Native implementation for a particular algorithm, the toolkit automatically uses the Pure Java algorithm
implementation.
No
Native FIPS JSSE JSSE
Pure Java and Native
2
Yes
FIPS JSSE JSSE Pure Java Yes
Pure SSLJ SSLJ Pure Java No
Native SSLJ SSLJ
Pure Java and Native
2
No
Native FIPS SSLJ SSLJ
Pure Java and Native
2
Yes
FIPS SSLJ SSLJ Pure Java Yes
Binary Installation 5
RSA BSAFE SSL-J 6.2.6 Installation Guide
Binary Installation
This section describes how to install the SSL-J binary toolkit on your development
environment.
Note: For instructions to install the SSL-J binary toolkit on an Android
development environment, go to Binary Installation for Android.
Before you begin:
Ensure the system you are installing onto has 500 MB of free disk space.
Read these installation instructions.
Install JDK 7.0 or above, and set the
JAVA_HOME environment variable
appropriately. The RSA BSAFE SSL-J Release Notes lists the supported platforms.
Ensure the correct Java Cryptography Extension (JCE) Jurisdiction Policy Files is
installed. For instructions, see Install the JCE Jurisdiction Policy Files.
Install one or more of the following, as required:
Apache Ant™ 1.7.x or 1.8.x. Ant 1.8.x is required for Android development.
JetBrains IntelliJ
®
9.0 IDE
Eclipse 3.3 IDE or newer.
Steps to install SSL-J:
The following steps summarize the complete installation process which is detailed
below:
1. Install the JCE Jurisdiction Policy Files if necessary.
2. Install SSL-J.
3. Build and Run the Samples.
6 Binary Installation
RSA BSAFE SSL-J 6.2.6 Installation Guide
Install the JCE Jurisdiction Policy Files
The JCE requires that Unlimited Strength Jurisdiction Policy Files are downloaded
and installed in order to use some algorithms and key strengths using the JCE API.
The following algorithms require these policy files:
AES, RC2, RC4, RC5 with key sizes greater than 128 bits
RSA Encryption.
These algorithms are used by:
Some PKCS #12 KeyStore files
The
_AES_256_, TLS_RSA_ , SSL_R SA_ TLS cipher suites.
For the latest jurisdiction policy file guidelines, see the
install_jre/lib/security/java.security file.
The latest JDK updates use the unlimited policy files by default. To check that the
installed JDK does this, look for the
install_jre/lib/security/policy
directory. If this directory is not present, complete the following instructions to
manually download and install the unlimited policy files.
The JDK version installed determines the jurisdiction policy file to download.
For Oracle
®
JDK 9, follow the instructions in the README.txt located in the
install_jdk9/conf/security/policy directory of the JDK download.
For all other JDK versions, obtain the applicable jurisdiction policy file from the
following download locations:
JCE Unlimited Strength Jurisdiction Policy Files 7 for:
Oracle JDK 7.0
HP JDK 7.0.
JCE Unlimited Strength Jurisdiction Policy Files 8 for:
Oracle JDK 8.0
HP JDK 8.0.
IBM Unrestricted JCE Policy Files for IBM
®
JDK 7.x and 8.0.
To install the Unlimited Jurisdiction Policy Files:
1. Extract the local_policy.jar and US_export_policy.jar files from the
downloaded zip file.
2. Copy
local_policy.jar and US_export_policy.jar to the
install_jre/lib/security directory, overwriting the existing policy files.
Binary Installation 7
RSA BSAFE SSL-J 6.2.6 Installation Guide
Install SSL-J
The following describes the SSL-J binary distribution directory structure.
To install SSL-J:
1. Copy the SSL-J binary distribution directory structure into a suitable location on
the target system.
2. There is a single SSL-J toolkit which contains both the SSL-J API and the JSSE
API. The toolkit operates differently, depending on the toolkit variants of Crypto-J
available, resulting in different configurations.
Directory Content
root/
license_bsafe.pdf
Product specific license text
readme.txt
SSL-J_6.2.6_InstallGuide.pdf
RSA BSAFE SSL-J Installation Guide
SSL-J_6.2.6_ReleaseNotes.pdf
RSA BSAFE SSL-J Release Notes Guide
SSL-J_6.2.6_TroubleshootingGuide.pdf
RSA BSAFE SSL-J Troubleshooting Guide
sslj/
android/
Files for use on the Android platform
BsafeAndroidSamples/
Android source sample code
doc/
SSL-J documentation and sub-directories
certj/
Cert-J documentation and sub-directories
cryptoj/
Crypto-J documentation files
DevGuide/
RSA BSAFE SSL-J Developers Guide
javadoc/
sslj/
RSA BSAFE SSLJ JavaDoc
jsse/
RSA BSAFE JSSE JavaDoc
lib/
SSL-J toolkit jar files
prebuilt/
certj/
Cert-J toolkit jar file
codebase/
CodeBase jar file and native libraries
cryptocme/
Crypto-C ME native libraries
cryptoj/
Crypto-J toolkit jar files
openldap/
Open LDAP jar file
sample/
Sample source code
8 Binary Installation
RSA BSAFE SSL-J 6.2.6 Installation Guide
The following table lists these configurations and the corresponding SSL-J, Cert-J
and Crypto-J jar files to be added to the class path.
Table 2 Configuration and Required jar Files
Configuration Jar Files to Add to the Class Path
Pure JSSE
root/sslj/lib/sslj-6.2.6.jar
root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar
1
1
The following jars are an alternative to cryptoj-6.2.5.jar. The resulting configuration will yield faster
start-up times:
root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar
root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar
root/sslj/prebuilt/cryptoj/jcm-6.2.5.jar
Native JSSE
2
2
Enables the selection of Java or Native implementations of cryptographic algorithms. Uses the
Crypto-C ME toolkit as the Native implementation, and CodeBase for native database access.
root/sslj/lib/sslj-6.2.6.jar
root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar
1
Native FIPS
JSSE
2
root/sslj/lib/sslj-6.2.6.jar
root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar
root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar
root/sslj/prebuilt/cryptoj/jcmFIPS-6.2.5.jar
FIPS JSSE root/sslj/lib/sslj-6.2.6.jar
root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar
root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar
root/sslj/prebuilt/cryptoj/jcmFIPS-6.2.5.jar
Pure SSLJ
root/sslj/lib/sslj-6.2.6.jar
root/sslj/prebuilt/certj/certj-6.2.4.jar
root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar
1
Native SSLJ
2
root/sslj/lib/sslj-6.2.6.jar
root/sslj/prebuilt/certj/certj-6.2.4.jar
root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar
1
Native FIPS
SSLJ
2
root/sslj/lib/sslj-6.2.6.jar
root/sslj/prebuilt/certj/certj-6.2.4.jar
root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar
root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar
root/sslj/prebuilt/cryptoj/jcmFIPS-6.2.5.jar
FIPS SSLJ
root/sslj/lib/sslj-6.2.6.jar
root/sslj/prebuilt/certj/certj-6.2.4.jar
root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar
root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar
root/sslj/prebuilt/cryptoj/jcmFIPS-6.2.5.jar
Binary Installation 9
RSA BSAFE SSL-J 6.2.6 Installation Guide
3. Depending on other features you intend to use, the addition of further jar files to
your class path may be required. The following table lists these features and the
corresponding jar files to be added to the class path.
4. If you do not wish to use a Native FIPS or Native non-FIPS configuration of
SSL-J, go to Step 6.
To use the Native FIPS or Native non-FIPS configuration of SSL-J, the
Crypto-C ME shared libraries must be added to the Java library path.
The subdirectories in
root/sslj/prebuilt/cryptocme that contain the
platform-specific shared libraries are detailed in the following table.
Table 3 Features and Required jar Files
Feature Jar Files to Add to the Class Path
LDAP
root/sslj/prebuilt/openldap/openldap.jar
CodeBase Native Database
root/sslj/prebuilt/codebase/codebase.jar
Table 4 Platform-specific Native Shared Libraries for Crypto-C ME
Platform-specific Native Shared Libraries
Subdirectory
1
Apple
®
Mac OS
®
X 10.6 x86 32-bit
macosx_x86
Apple Mac OS X 10.6 x86_64 64-bit
macosx_x64
FreeBSD
®
8.3 64-bit
freebsd_x64_gcc
HP HP-UX 11.31 Itanium2 32-bit
hpux1131ia32i2
HP HP-UX 11.31 Itanium2 64-bit
hpux1131ia64i2
IBM AIX 6.1 32-bit
IBM AIX 7.1 32-bit
aix6
IBM AIX 6.1 64-bit
IBM AIX 7.1 64-bit
aix6_64
Micro Focus
®
SUSE
®
Linux Enterprise Server 32-bit
linux_x86_lsb30
Micro Focus SUSE Linux Enterprise Server 64-bit
linux_x64_lsb30
Microsoft Windows
®
32-bit
win32vc8
Microsoft Windows 64-bit
win64x64
Oracle Solaris™ 10 x86 32-bit
solx86
Oracle Solaris 10 x86_64 64-bit
solx64
Oracle Solaris 10 Sparc v8+ 32-bit
solspv8p
10 Binary Installation
RSA BSAFE SSL-J 6.2.6 Installation Guide
For example, for systems running a Windows operating system:
copy root\sslj\prebuilt\cryptocme\win32vc8\*.*
c:\Windows\System32
For systems running a Unix-like operating system, add the Native library to the
library path. For example, for Solaris, add the Crypto-C ME library to the
LD_LIBRARY_PATH environment variable.
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:
root/sslj/prebuilt/cryptocme/solspv8p
export LD_LIBRARY_PATH
Note: On some operating systems, it may be necessary to set the execute
permissions for the shared libraries. For example:
chmod 755 root/sslj/prebuilt/cryptocme/solspv8p/*.so
For details about how to use Native configurations of SSL-J, see the API-specific
section “Using Native Implementations” in the RSA BSAFE SSL-J Developers
Guide.
5. If you intend to use the Native configuration for native database access, copy the
CodeBase platform-specific Native library to the system directory, or put them in
the library path.
The subdirectories in
root/sslj/prebuilt/codebase that contain the relevant
platform-specific shared libraries are detailed in the following table.
Oracle Solaris 10 Sparc v9 64-bit
solspv9
Red Hat
®
Enterprise Server 32-bit
linux_x86_lsb30
Red Hat Enterprise Server 64-bit
linux_x64_lsb30
1
Short Platform Name.
Table 4 Platform-specific Native Shared Libraries for Crypto-C ME (continued)
Platform-specific Native Shared Libraries
Subdirectory
1
Table 5 Platform-specific CodeBase Native Shared Library directories
Platform Subdirectory
HP HP-UX 11.31 Itanium 2 32-bit
hpuxia32i2
IBM AIX 6.1 PowerPC 32-bit
IBM AIX 7.1 PowerPC 32-bit
aix5
Microsoft Windows 32-bit, multithreaded, dynamically
linked with C runtime library
win32
Red Hat Enterprise Server 32-bit
rhas30
Red Hat Enterprise Server 64-bit
rhas40_x86-64
Solaris 10 SPARC v8+ 32-bit
solspv8p
Binary Installation 11
RSA BSAFE SSL-J 6.2.6 Installation Guide
For example, for systems running a Windows operating system:
copy root\sslj\prebuilt\codebase\win32\*.dll c:\Windows\System32
For systems running a Unix-like operating system, add the Native library to the
library path. For example, for Solaris, add the library to
LD_LIBRARY_PATH
environment variable:
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:
root/sslj/prebuilt/codebase/solspv8p
export LD_LIBRARY_PATH
Note: On some operating systems, it may be necessary to set the execute
permissions for the shared libraries. For example:
chmod 755 root/sslj/prebuilt/cryptocme/solspv8p/*.so
6. To use the Crypto-J JsafeJCE API, register the Crypto-J JCE provider, JsafeJCE,
either statically or dynamically.
To statically register the JsafeJCE provider:
a. Copy the relevant jar files to the install_jre/lib/ext directory.
b. Edit the
install_jre/lib/security/java.security file to add the
JsafeJCE Provider:
security.provider.n=com.rsa.jsafe.provider.JsafeJCE
To set the JsafeJCE Provider as the default provider, set n to 1.
Change the n values for any other providers listed in
java.security so
that each provider has a unique number. For example:
security.provider.1=com.rsa.jsafe.provider.JsafeJCE
security.provider.2=sun.security.provider.Sun
To dynamically register the JsafeJCE provider:
a. Add the relevant jar files to the class path.
b. Create the provider programmatically using the following Java code:
// Create a Provider object
Provider jsafeProvider = new com.rsa.jsafe.provider.JsafeJCE();
// Add the Crypto-J JsafeJCE Provider to the current
// list of providers available on the system.
Security.insertProviderAt (jsafeProvider, 1);
7. The SSL-J FIPS 140-2 toolkit may be configured to perform specific operations at
start-up (load). Edit the following file to configure these operations:
install_jre/lib/security/java.security.
The following table lists the property that must be set for FIPS 140-2 compliant
operation:
Table 6 FIPS 140-2 Property Setting
Property Name Value
com.rsa.sslj.fips140initialmode
FIPS140_MODE
1
12 Binary Installation
RSA BSAFE SSL-J 6.2.6 Installation Guide
For FIPS 140-2 Level 2 Roles, Authentication and Services compliance, add the
security properties listed in the following table:
8. SSL-J uses
CTRDRBG128 as the default random algorithm where no other random
algorithm is specified.
Use the security property
com.rsa.crypto.default.random to change this
as required. The following are valid values for this security property:
The installation of
SSL-J is complete. For information on how to run the sample
code, see Build and Run the Samples.
1
The fips140initialmode value can be any of FIPS140_MODE, FIPS140_SSL_MODE, FIPS140_ECC_MODE,
FIPS140_SSL_ECC_MODE or NON_FIPS140_MODE
.
Table 7 FIPS 140-2 Level 2 Property Settings
Property Name Value
com.rsa.sslj.fips140auth LEVEL2
com.rsa.sslj.configfile
1
1
This security property is optional. There are APIs to dynamically specify this property.
path and filename
2
2
The path and filename can be an absolute path or a path relative to the user.dir Java system property.
CTRDRBG
CTRDRBG128
CTRDRBG192
CTRDRBG256
HASHDRBG
HASHDRBG128
HASHDRBG192
HASHDRBG256
HMACDRBG
HMACDRBG128
HMACDRBG192
HMACDRBG256
Binary Installation 13
RSA BSAFE SSL-J 6.2.6 Installation Guide
Build and Run the Samples
This release of SSL-J has standalone and client-server samples. The standalone
samples demonstrate utility functionality such as obtaining the version number of the
toolkit and checking that the JRE configuration is correct for using SSL-J.
Sample source code is available for each API:
The SSL-J samples are in
root/sslj/sample/src/sslj
The JSSE samples are in root/sslj/sample/src/jsse.
There are two ways to build and run the samples for SSL-J; use the Integrated
Development Environment (IDE) project files, or use the build scripts:
Use IDE project files
The project files to build and run the samples have been included in this release of
SSL-J for the following development environments:
JetBrains IntelliJ 9.0 IDE
Eclipse 3.3 IDE.
These project files are located at
root/sslj.
Use Apache Ant build scripts
Build scripts to build and run the samples are included in this release of SSL-J at
root/sslj. Ensure that your execution path will allow the ant command to be
executed.
In the following instructions, replace api_name
with either sslj or jsse as
required.
To build the sample code:
1. Navigate to the sslj directory:
cd root/sslj
2. Build the samples. Compile all the samples for the relevant API:
ant -f build-api_name.xml
To run the sample code:
1. Run the samples from the sslj directory:
a. To execute the standalone API samples, run:
ant -f build-api_name.xml run.all
b. To execute client-server samples, choose a server and corresponding client
and then execute the server and client separately. This example shows how to
run the Simple client-server sample:
i. To find the list of client-server samples:
ant -f build-api_name.xml -projecthelp
14 Binary Installation
RSA BSAFE SSL-J 6.2.6 Installation Guide
ii. Execute the server in a command shell. For example, to run the Simple
server:
ant -f build-api_name.xml run.server.Simple
iii. Execute the client in another command shell. For example, to run the
Simple client:
ant -f build-api_name.xml run.client.Simple
Alternately, the complete set of client-server samples can be executed in a
single command shell. Use the following command:
ant -f build-api_name.xml run.client-server.all
Binary Installation for Android 15
RSA BSAFE SSL-J 6.2.6 Installation Guide
Binary Installation for Android
This section describes how to install the SSL-J binary toolkit on your Android
development environment.
Before you begin:
Ensure that the system you are installing onto has 900 MB of free disk space.
Obtain a decryption key from RSA.
Download the SSL-J encrypted package file and the decryption utility from the
download server to a convenient directory.
Install JDK 7.0 or above, and set the
JAVA_HOME environment variable
appropriately. The RSA BSAFE SSL-J Release Notes lists the supported platforms.
Install Android SDK r24 or newer, or Android Studio 1.3.2 or newer, and set the
ANDROID_HOME environment variable appropriately.
Ensure an Android device running a supported version of Android is available to
run SSL-J. A hardware device or an emulator can be used for this.
Install a supported Android platform. This can be done using the Android
SDK Manager included with the SDK or Android Studio.
Install Gradle 2.4 or newer.
Add
android-sdk/platform-tools, andro id-sdk/tools and
gradle-home/bin to the path environment variable to allow the Android
commands to be called from the SSL-J build scripts.
Install Apache™ Ant™ 1.8.x.
Read these installation instructions.
To install SSL-J:
The following steps summarize the complete installation process which is detailed
below:
1. Install SSL-J.
2. Build an Application to Run the SSL-J Samples.
16 Binary Installation for Android
RSA BSAFE SSL-J 6.2.6 Installation Guide
Install SSL-J
The following describes the binary distribution directory structure.
To install SSL-J
1. Copy the SSL-J binary distribution directory structure into a suitable location on
the target system.
2. There is a single SSL-J toolkit which contains both the SSLJ API and the JSSE
API. The toolkit operates differently, depending on the toolkit variants of Crypto-J
available, resulting in different configurations.
Directory Content
root/
license_bsafe.pdf
Product specific license text
readme.txt
SSL-J_6.2.6_InstallGuide.pdf
RSA BSAFE SSL-J Installation Guide
SSL-J_6.2.6_ReleaseNotes.pdf
RSA BSAFE SSL-J Release Notes Guide
SSL-J_6.2.6_TroubleshootingGuide.pdf
RSA BSAFE SSL-J Troubleshooting Guide
sslj/
android/
Files for use on the Android platform
BsafeAndroidSamples/
Android source sample code
doc/
SSL-J documentation and sub-directories
certj/
Cert-J documentation files
cryptoj/
Crypto-J documentation files
DevGuide/
RSA BSAFE SSL-J Developers Guide
javadoc/
sslj/
RSA BSAFE SSLJ JavaDoc
jsse/
RSA BSAFE JSSE JavaDoc
lib/
SSL-J toolkit jar files
prebuilt/
certj/
Cert-J toolkit jar file
codebase/
CodeBase jar file and native libraries
cryptocme/
Crypto-C ME native libraries
cryptoj/
Crypto-J toolkit jar files
openldap/
Open LDAP jar file
sample/
Sample source code
Binary Installation for Android 17
RSA BSAFE SSL-J 6.2.6 Installation Guide
The following table lists these toolkit configurations and the corresponding SSL-J,
Cert-J and Crypto-J jar files to be added to the class path.
3. Copy the jar files to the specified directories:
To work with non-FIPS 140-2 compliant SSL-J:
Copy all jar files for the selected configuration from Configuration and
Required jar Files to the external library file folder in the Android project,
for example, android-project
/libs.
Table 8 Configuration and Required jar Files
Configuration Jar Files to Add to the Class Path
Pure JSSE root/sslj/lib/sslj-6.2.6.jar
root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar
1
1
The following jars are an alternative to cryptoj-6.2.5.jar. The resulting configuration yields faster start-up times:
root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar
root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar
root/sslj/prebuilt/cryptoj/jcm-6.2.5.jar
Native JSSE
2
2
Enables the selection of Java or Native implementations of cryptographic algorithms. Uses the Crypto-C ME
toolkit as the Native implementation, and CodeBase for native database access.
root/sslj/lib/sslj-6.2.6.jar
root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar
1
Native FIPS
JSSE
2
root/sslj/lib/sslj-6.2.6.jar
root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar
root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar
root/sslj/prebuilt/cryptoj/jcmandroidfips-6.2.5.jar
FIPS JSSE root/sslj/lib/sslj-6.2.6.jar
root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar
root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar
root/sslj/prebuilt/cryptoj/jcmandroidfips-6.2.5.jar
Pure SSLJ root/sslj/lib/sslj-6.2.6.jar
root/sslj/prebuilt/certj/certj-6.2.4.jar
root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar
1
Native SSLJ
2
root/sslj/lib/sslj-6.2.6.jar
root/sslj/prebuilt/certj/certj-6.2.4.jar
root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar
1
Native FIPS
SSLJ
2
root/sslj/lib/sslj-6.2.6.jar
root/sslj/prebuilt/certj/certj-6.2.4.jar
root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar
root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar
root/sslj/prebuilt/cryptoj/jcmandroidfips-6.2.5.jar
FIPS SSLJ root/sslj/lib/sslj-6.2.6.jar
root/sslj/prebuilt/certj/certj-6.2.4.jar
root/sslj/prebuilt/cryptoj/cryptojcommon-6.2.5.jar
root/sslj/prebuilt/cryptoj/cryptojce-6.2.5.jar
root/sslj/prebuilt/cryptoj/jcmandroidfips-6.2.5.jar
18 Binary Installation for Android
RSA BSAFE SSL-J 6.2.6 Installation Guide
To work with FIPS 140-2 compliant SSL-J:
With the exception of
jcmandroidfips-6.2.5.jar,copy all jar files
for the selected configuration to the external library file folder in the
Android project, for example, android-project
/libs.
Copy the FIPS140 jar,
jcmandroidfips-6.2.5.jar, to the relevant
folder for loading.
To load the FIPS140 jar from the raw resources folder in the Android
project, copy
jcmandroidfips-6.2.5.jar to the raw resources
folder, android-project
/res/raw as jcmandroidfips.raw.
To load the FIPS140 jar from a file, the jar must be available on the
Android device that is running the application as a file, in a location
such as
/sdcard.
For details about how to load the jar file, see the section Introduction to
SSL-J > Android in the RSA BSAFE SSL-J Developers Guide.
4. Depending on other features to be used, additional jar
files may be required to be
added to the class path. If required, add the LDAP jar file to the class path:
root/sslj/prebuilt/openldap/openldap.jar
5. If you do not wish to use a Native FIPS or Native non-FIPS configuration of
SSL-J, go to Step 7.
To use a Native FIPS or Native non-FIPS configuration of SSL-J, the
Crypto-C ME platform-specific shared libraries must be added to the Java library
path. The following table details the subdirectories in
root/sslj/prebuilt/cryptocme
that contain the platform-specific shared
libraries.
6. Select the Native shared library
.so files to use and copy them to the specified
directories:
Note: In the following instructions, replace platform with either x86 or
armeabi-v7a as applicable.
To work with SSL-J configured as non-FIPS 140-2 compliant, copy
libncm.so to the platform-specific folder for the shared native library files
in the Android project,
android-project , at /jniLibs/platfo rm or
/libs/platform .
Table 9 Platform-specific Crypto-C ME Native Shared Library subdirectories
Platform
Subdirectory
1
1
Short Platform Name.
Google Android 32-bit
android_x86
Google Android ARM
®
v7
android_armv7
/