Reference Guide
Cert-J Helper Functions 5
RSA BSAFE Cert-J 6.2.4 Security Policy
After the initial load of the Cryptographic Module, an on-demand call to the self-tests
results only in the performance of the known answer tests and pair-wise consistency
checks.
To view the services available to the Crypto Officer role, see the
RSA BSAFE Crypto-J
JSAFE and JCE Software Module Security Policy
documents.
Crypto User Role
The default operator role is the Crypto User role. An operator can explicitly assume
the User role by invoking the
com.rsa.jsafe.crypto.CryptoJ.setRole()
method with the argument
com.rsa.jsafe.crypto.CryptoJ.USER_ROLE.
The following services from the Crypto-J JsafeJCE API are available to the Crypto
User role:
com.rsa.jsafe.crypto.CryptoJ.setRole
com.rsa.jsafe.crypto.CryptoJ.getRole
com.rsa.jsafe.crypto.CryptoJ.setMode*
com.rsa.jsafe.crypto.CryptoJ.getMode
com.rsa.jsafe.crypto.CryptoJ.getState
com.rsa.jsafe.crypto.CryptoJ.selfTestPassed.
* The setMode method should only be used to switch to a non-FIPS 140-2 mode.
For more information on each function, please refer to the RSA BSAFE Cert-J
Developers Guide.
FIPS 140-2 Security Level 2 Operation
Cert-J meets all FIPS 140-2 Security Level 2 validation requirements through
Crypto-J. Role Based Authentication is used for the Crypto Officer and Crypto User
roles.
For FIPS140-2 Security Level 2 operations, a PIN, and optionally a reference to the
Cryptographic Module configuration file, must be provided to the CertJ API through
the following constructors of the
com.rsa.certj.CertJ class:
com.rsa.certj.CertJ(FIPS140Mode, FIPS140Role, byte[])
com.rsa.certj.CertJ(FIPS140Mode,
FIPS140Role, byte[], File)
com.rsa.certj.CertJ(Provider[],
FIPS140Mode, FIPS140Role,
byte[])
com.rsa.certj.CertJ(Provider[],
FIPS140Mode, FIPS140Role,
byte[],
File)
PINs and the Cryptographic Module configuration file must be initialized through
methods of the
com.rsa.jsafe.CryptoJ class.
See the
RSA BSAFE Crypto-J JSAFE and JCE Software Module Security Policy Level 2
for further details.