Reference Guide
4 SSL-J Helper Functions
RSA BSAFE SSL-J 6.2.6 Security Policy
SSL-J Helper Functions
Module Interfaces
As a multi-chip standalone module, the Cryptographic Module’s physical interfaces
consist of the keyboard, mouse, monitor, serial ports, network adapters, and so on.
However, the underlying logical interface to the Cryptographic Module is the API
documented in the Welcome to the Crypto-J Toolkit section of the RSA BSAFE
SSL-J Developers Guide. The Cryptographic Module provides Control Input through
the API calls. Data Input and Output are provided in the variables passed with API
calls, and Status Output is provided in the returns and error codes that are documented
for each call.
Roles, Authentication and Services
The Cryptographic Module meets all FIPS140-2 Level 1 and Level 2 requirements for
Roles, Authentication and Services, implementing both a Crypto Officer (CO) role
and a Crypto User role. For FIPS 140-2 operation, the Cryptographic Module requires
user authentication for these roles. Only one role may be active at a time, and the
Cryptographic Module does not allow concurrent operators.
The APIs for controlling the Cryptographic Module are in the
CryptoJ class,
com.rsa.jsafe.crypto.CryptoJ.
The SSLJ and JSSE APIs have library instance context classes and contains classes for
controlling the FIPS 140-2 mode and role which can be applied to these library
instance context classes. The following table lists these classes:
Crypto-Officer Role
An operator can assume the CO role by invoking the
com.rsa.jsafe.crypto.CryptoJ.setRole() method with the argument
CRYPTO_OFFICER_ROLE.
An operator in the CO role can start the power-up self-tests on demand by calling the
following method:
com.rsa.jsafe.crypto.CryptoJ.runSelfTests();
Class Type SSLJ JSSE
Library Instance
Context Class
com.rsa.ssl.SSLParams com.rsa.jsse.JsseProvider
FIPS 140 mode
class
com.rsa.ssl.FIPS140Mode com.rsa.jsse.FIPS140Mode
FIPS 140 role class com.rsa.ssl.FIPS140Role com.rsa.jsse.FIPS140Role