Install Guide

10 Binary Installation

RSA BSAFE Cert-J 6.2.4 Installation Guide

b. Edit the <jdk_install_dir>/jre/lib/security/java.security file

to add the JsafeJCE Provider:

security.provider.n=com.rsa.jsafe.provider.JsafeJCE

To set the JsafeJCE Provider as the default provider, set n to 1.

Change the n values for any other providers listed in

java.security so

that each provider has a unique number. For example:

security.provider.1=com.rsa.jsafe.provider.JsafeJCE

security.provider.2=sun.security.provider.Sun

To dynamically register the JsafeJCE provider:

a. Add the relevant jar files to the class path.

b. Create the provider programmatically using the following Java code:

// Create a Provider object

Provider jsafeProvider = new com.rsa.jsafe.provider.JsafeJCE();

// Add the Crypto-J JsafeJCE Provider to the current

// list of providers available on the system.

Security.insertProviderAt (jsafeProvider, 1);

7. The Cert-J FIPS 140-2 toolkit may be configured to perform specific operations at

start-up (load). Configure these operations in the

<jdk_install_dir>/jre/lib/security/java.security file.

The following table lists the property that must be set for FIPS 140-2 compliant

operation.

For FIPS 140-2 Level 2 Roles, Authentication and Services compliance, the

security properties listed in the following table must be added.

Table 6 FIPS 140-2 Property Setting

Property Name Value

com.rsa.cryptoj.fips140initialmode

FIPS140_MODE

The fips140initialmode value can be any of FIPS140_MODE, FIPS140_SSL_MODE or

NON_FIPS140_MODE

Table 7 FIPS 140-2 Level 2 Property Settings

Property Name Value

com.rsa.cryptoj.fips140auth LEVEL2

com.rsa.cryptoj.configfile

This security property is optional. There are APIs to dynamically specify this property.

path and filename

The path and filename can be an absolute path or a path relative to the user.dir Java system property.