3 SafeNet Luna HSM Client Software Installation
Copy the SafeNet Java library and .jar files from their default location under
/usr/safenet/lunaclient/jsp/lib
to the Java
environment directory, for example
/usr/jre/lib/ext
.
The exact directory might differ depending on where you obtained your Java system, the version, and any choices that
you made while installing and configuring it.
For additional Java-related information, see
in the
SDK Reference Guide
.
JSP Static Registration
You would choose static registration of providers if you want all applications to default to the SafeNet provider.
Once your client has externally logged in using
salogin
or your own HSM-aware utility, any application would be able to
use SafeNet product without being designed to log in to the HSM Partition.
Edit the
java.security
file located in the
\jre\lib\security
directory of your Java SDK/JRE installation to read as
follows:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=com.safenetinc.luna.provider.LunaProvider
security.provider.4=com.sun.rsajca.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
You can set our provider in first position for efficiency if SafeNet Luna HSM operations are your primary mode.
However, if your application needs to perform operations not supported by the LunaProvider (secure random generation
or random publickey verification, for example) then it would receive error messages from the HSM and would need to
handle those gracefully before resorting to providers further down the list. We have found that having our provider in
third position works well for most applications.
The modifications in the
java.security
file are global, and they might result in the breaking of another application that
uses the default KeyPairGenerator without logging into the SafeNet Luna Network HSM first. This consideration might
argue for using dynamic registration, instead.
JSP Dynamic Registration
For your situation, you may prefer to employ dynamic registration of Providers, in order to avoid possible negative
impacts on other applications running on the same machine. As well, the use of dynamic registration allows you to keep
installation as straightforward as possible for your customers.
Scripted or Unattended Installation
If you prefer to run the installation from a script, rather than interactively, run the command with the options
-p
<list of
SafeNet products> and
-c
<list of SafeNet components>. To see the syntax, run the command with
help
like this:
[myhost]$ sudo sh install.sh help
[sudo] password for fred
At least one product should be specified.
usage:
install.sh
- Luna Client install through menu
install.sh help - Display scriptable install options
install.sh all
- Complete Luna Client install
SafeNet Luna Network HSM Installation Guide
Release 7.0 007-013576-002 Rev. A June 2017 Copyright 2001-2017 Gemalto All rights reserved.
37
