RSA BSAFE® Cert-J 6.2.
Copyright and Trademark Copyright © 2018 Dell Inc. or its subsidiaries. All rights reserved. Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” DELL INC.
Installation Guide 11.07.18 RSA BSAFE Cert-J 6.2.4 Installation Guide This document provides instructions for installing RSA BSAFE Cert-J 6.2.4 (Cert-J) on all released platforms. Instructions are provided for binary installations, including installation on Google® Android™, and source installations of Cert-J, including installation on Google Android.
RSA BSAFE Cert-J 6.2.4 Installation Guide About the Cert-J Toolkit Cert-J is a certificate-handling software development kit for creating Java™ applications that integrate into a public key infrastructure using the proprietary Cert-J API. The Cert-J distribution media contains the following: • • 2 Binary toolkit – Toolkit Java archive (jar) files – CodeBase shared libraries – OpenLDAP library – RSA BSAFE Crypto-C Micro Edition 4.1 (Crypto-C ME) shared libraries – Sample source code.
RSA BSAFE Cert-J 6.2.4 Installation Guide – – – Related product documentation which includes: • RSA BSAFE Crypto-C Micro Edition Security Policy documents, Level 1 and Level 2, in PDF, which describe how the Crypto-C ME Cryptographic Module meets the Level 1 security requirements of FIPS 140-2, the Level 2 security requirements of FIPS 140-2 for Roles, Authentication and Services, Level 3 security requirements for Design Assurance, and how to securely operate it.
RSA BSAFE Cert-J 6.2.4 Installation Guide Binary Installation This section describes how to install the Cert-J binary toolkit on your development environment. Note: For instructions to install the Cert-J binary toolkit on an Android development environment, go to Binary Installation for Android. Before you begin: • Ensure that the system you are installing onto has 300 MB of free disk space. • Install JDK 7.0 or above, and set the JAVA_HOME environment variable appropriately.
RSA BSAFE Cert-J 6.2.4 Installation Guide Install the JCE Jurisdiction Policy Files The JCE requires that Unlimited Strength Jurisdiction Policy Files are downloaded and installed in order to use some algorithms and key strengths using the JCE API. The following algorithms require these policy files: • AES with key sizes greater than 128 bits • RC2 with key sizes greater than 128 bits • RC4 with key sizes greater than 128 bits • RC5 with key sizes greater than 128 bits • RSA Encryption.
RSA BSAFE Cert-J 6.2.4 Installation Guide Install Cert-J The following describes the binary distribution directory structure of the unpacked Cert-J distribution package. Directory Content / Cert-J_6.2.4_InstallGuide.pdf Cert-J_6.2.4_ReleaseNotes.pdf license_bsafe.pdf readme.
RSA BSAFE Cert-J 6.2.4 Installation Guide Table 2 Configuration and Required Jar Files (continued) Configuration Native CertJ Jar Files to Add to the Class Path • /certj/lib/certj.jar /certj/prebuilt/cryptoj/cryptoj.jar OR1 • /certj/lib/certj.jar /certj/prebuilt/cryptoj/cryptojcommon.jar /certj/prebuilt/cryptoj/cryptojce.jar /certj/prebuilt/cryptoj/jcm.jar FIPS CertJ • /certj/lib/certj.jar /certj/prebuilt/cryptoj/cryptojcommon.
RSA BSAFE Cert-J 6.2.4 Installation Guide Table 4 Platform-specific Crypto-C ME Native Shared Library subdirectories Platform Subdirectory1 HP HP-UX 11.31 Itanium2 32-bit hpux1131ia32i2 HP HP-UX 11.
RSA BSAFE Cert-J 6.2.4 Installation Guide 5. If you are using the Native configuration for native database access, copy the CodeBase platform-specific native library to the system directory, or put it in the library path. The subdirectories in /certj/prebuilt/codebase that contain the relevant platform-specific shared libraries are detailed in the following table. Table 5 Platform-specific Native Shared Library subdirectories for CodeBase Platform Subdirectory HP HP-UX 11.
RSA BSAFE Cert-J 6.2.4 Installation Guide b. Edit the /jre/lib/security/java.security file to add the JsafeJCE Provider: security.provider.n=com.rsa.jsafe.provider.JsafeJCE To set the JsafeJCE Provider as the default provider, set n to 1. Change the n values for any other providers listed in java.security so that each provider has a unique number. For example: security.provider.1=com.rsa.jsafe.provider.JsafeJCE security.provider.2=sun.security.provider.
RSA BSAFE Cert-J 6.2.4 Installation Guide 8. Cert-J uses CTRDRBG128 as the default random algorithm where no other random algorithm is specified. Use the security property com.rsa.crypto.default.random to change this as required. The following are valid values for this security property: • • • • CTRDRBG CTRDRBG128 CTRDRBG192 CTRDRBG256 • • • • HASHDRBG HASHDRBG128 HASHDRBG192 HASHDRBG256 • • • • HMACDRBG HMACDRBG128 HMACDRBG192 HMACDRBG256 The installation of Cert-J is complete.
RSA BSAFE Cert-J 6.2.4 Installation Guide Binary Installation for Android This section describes how to install the Cert-J binary toolkit on your Android development environment. Before you begin: • Ensure that the system you are installing onto has 900 MB of free disk space. • Install JDK 7.0 or above, and set the JAVA_HOME environment variable appropriately. The RSA BSAFE Cert-J Release Notes lists the supported platforms. • • Install Android SDK r24 or newer, or Android Studio 1.3.
RSA BSAFE Cert-J 6.2.4 Installation Guide Install Cert-J The following describes the binary distribution directory structure of the unpacked Cert-J distribution package. Directory Content / Cert-J_6.2.4_InstallGuide.pdf Cert-J_6.2.4_ReleaseNotes.pdf license_bsafe.pdf readme.
RSA BSAFE Cert-J 6.2.4 Installation Guide Table 8 Configuration and Required Jar Files (continued) Configuration Jar Files to Add to the Class Path Native CertJ • /certj/lib/certj.jar /certj/prebuilt/cryptoj/cryptoj.jar OR1 • /certj/lib/certj.jar /certj/prebuilt/cryptoj/cryptojcommon.jar /certj/prebuilt/cryptoj/cryptojce.jar /certj/prebuilt/cryptoj/jcm.jar FIPS CertJ • /certj/lib/certj.jar /certj/prebuilt/cryptoj/cryptojcommon.
RSA BSAFE Cert-J 6.2.4 Installation Guide 4. If you do not wish to use a Native FIPS or Native non-FIPS configuration of Cert-J, go to Step 6. To use a Native FIPS or Native non-FIPS configuration of Cert-J, the Crypto-C ME platform-specific shared libraries must be added to the Java library path. The following table details the subdirectories in /certj/prebuilt/cryptocme that contain the platform-specific shared libraries.
RSA BSAFE Cert-J 6.2.4 Installation Guide b. Create the provider programmatically using the following Java code: // Create a Provider object Provider jsafeProvider = new com.rsa.jsafe.provider.JsafeJCE(); // Add the Crypto-J JsafeJCE Provider to the current // list of providers available on the system. Security.insertProviderAt (jsafeProvider, 1); Note: Unlike standard java, Android doesn't support static registration of JCE providers, therefore the provider must be loaded dynamically. 7.
RSA BSAFE Cert-J 6.2.4 Installation Guide Note: Services created by JCE providers do not follow the non-Android priority order. In a non-Android system, a SecureRandom created with no defined algorithm would normally use the algorithm with the highest priority set in the security properties. On Android, a different algorithm could be used each time.
RSA BSAFE Cert-J 6.2.4 Installation Guide Build an Application to Run the Cert-J Samples An Android samples application to run the Cert-J samples can be built from the command line and Android Studio. Instructions are provided to: • Build the Android Application from the Command Line • Install the Android Samples Application from Android Studio. Gradle scripts to build the application are included in this release at /certj/android/BsafeAndroidSamples.
RSA BSAFE Cert-J 6.2.4 Installation Guide The Android samples application is installed and run on the attached device. A list of all the samples is displayed on the device. To run the samples: 1. On the attached device, select and run individual samples from the list displayed. Note: The samples may take several minutes to complete when run on an emulator or older hardware. Install the Android Samples Application from Android Studio Before you Begin: • Attach the relevant Android device.
RSA BSAFE Cert-J 6.2.4 Installation Guide Source Installation This section describes how to decrypt, install and build the Cert-J toolkit on your development environment. Note: For instructions to install the Cert-J toolkit on an Android development environment, go to Source Installation for Android. Before you begin: • Ensure that the system you are installing onto has 500 MB of free disk space. • Install JDK 7.0 or above, and set the JAVA_HOME environment variable appropriately.
RSA BSAFE Cert-J 6.2.4 Installation Guide Install the JCE Jurisdiction Policy File Ensure you have the correct JCE Jurisdiction Policy files installed. Jurisdiction Policy files must be downloaded and installed. The Unlimited Strength Policy files are required to perform a confidence build of the source release.The JDK version installed determines the Jurisdiction Policy File to download. For Oracle JDK 9, follow the instructions in the README.
RSA BSAFE Cert-J 6.2.4 Installation Guide Install the Toolkit Files The following describes the source distribution directory structure of the unpacked Cert-J distribution package. Directory / Cert-J_6.2.4_InstallGuide.pdf Cert-J_6.2.4_ReleaseNotes.pdf license_bsafe.pdf readme.
RSA BSAFE Cert-J 6.2.4 Installation Guide Install Third-party Software Tools To successfully build and test the source release, a number of third-party tools are required. The following table lists the required tools and provides the download location from which each can be retrieved. To install each software tool: 1. Download the required file from the download location. 2. If the file is a zip file, extract the required jar files from the zip file. 3.
RSA BSAFE Cert-J 6.2.4 Installation Guide 4. An error-free execution of the build scripts indicates the successful compilation of these files. The jar files are located in the /certj-src/gen/dist directory.
RSA BSAFE Cert-J 6.2.4 Installation Guide Source Installation for Android This section describes how to decrypt, install and build the Cert-J toolkit on your development environment. Before you begin: • Ensure that the system you are installing onto has 500 MB of free disk space. • Install JDK 7.0 and set the JAVA_HOME environment variable appropriately. The RSA BSAFE Cert-J Release Notes list the supported platforms. • Install Android SDK r24 or newer, or Android Studio 1.3.
RSA BSAFE Cert-J 6.2.4 Installation Guide Install the Toolkit Files The following table describes the source distribution directory structure of the unpacked Cert-J distribution package: Directory / Cert-J_6.2.4_InstallGuide.pdf Cert-J_6.2.4_ReleaseNotes.pdf license_bsafe.pdf readme.
RSA BSAFE Cert-J 6.2.4 Installation Guide Install Third-party Software Tools To successfully build and test the source release, a number of third-party tools are required. The following table lists the required tools and provides the download location from which each can be retrieved. To install each software tool: 1. Download the required file from the download location. 2. If the file is a zip file, extract the required jar files from the zip file. 3.
RSA BSAFE Cert-J 6.2.4 Installation Guide Create the Toolkit Jar Files for Android To create the Toolkit Jar files: 1. In a command prompt, navigate to the /certj-src/ directory. 2. Compile all of the toolkit classes using the following command: ant build An error-free execution of the build scripts indicates successful compilation of the jar files. The jar files are located in /certj-src/gen/dist.
RSA BSAFE Cert-J 6.2.4 Installation Guide 3. Install and run the test application on all attached devices: For systems running a Windows operating system: ./gradlew.bat testAll For systems running a Unix operating system: ./gradlew testAll 4. View /certj-src/android/BsafeAndroid/build/reports to verify the results of each test.
RSA BSAFE Cert-J 6.2.4 Installation Guide To collect the test results in an HTML report: 1. In the development environment, run the following Gradle task: pullvariantTestReport where variant is one of: – certj – certjFips – certjNative – certjNativeFips 2. View /certj-src/android/BsafeAndroid/build/reports to locate the reports for each test.
