How to Install safenet Software HSM ?

HowtTos / November 30, 2019 / By:

Contents

  1. Step 1: Get the file that you need.
  2. Step 2: Install  Software
  3. Step 3: Copy another cryptoki file.
  4. Step  4:Check hsm state with command.

You can follow this instruction to install software  HSM to your local machine. You should decide which version you 'll use for your product. Then you can follow this document step by step.

Step 1: Get the file that you need.

If you want to test your code on Hardware  HSM  you must install "PCI_HSM_ACCESS_PROVIDER" and  "RUNTIME".

But for this case, we 'll install only software HSM. So you should just install the "PTKC_SDK" package.

Step 2: Install  Software

For windows server, it's simple to install with the "PTKjpsdk.msi"  file.  After installation finished it'll ask which mode you want to install. At this step choose Software HSM then click the "next"  button.

Linux, it's a bit complicated. First, you need to install  "Kernel-header, GCC and kernel-devel package". Then  You need to install the "PTKjpsdk-5.X.X" rpm file with  "rpm -ivh  PTKjpsdk-5.X.X.rpm" command.

Then you need to check the binary path. There will a  file named setvars.sh . Please add this script to your profile with the source option.

For example, this is my setvars  file. Please change "PTKBIN,CPROVDIR,PTKLIB" library file. This path information can be changed with the version of the RPM file.

Step 3: Copy another cryptoki file.

If you have another server that your keys imported, you can copy cryptoki folder for the newly installed server then your keys will be ok. All keys will be copied new installed server.

For windows server, cryptoki file is located under the "C:\\" directory.

#!/bin/sh
# **************************************************************************
# setvars - Setup PTK Environment
# **************************************************************************
#
# NOTE: Do not run this script directly. Source it or call it from your
# startup script ( ~/.shrc, ~/.bashrc, etc)
#
# To globally enable this script, copy or link it to
# /etc/profile.d/ptkrt.sh or your shell's equivalent
#
# **************************************************************************

if [ "a$(basename -- "$0")" = "asetvars.sh" ]; then
echo "The PTK setvars script should not be executed directly."
echo "Source it or call it from a startup script."
fi

export CPROVDIR=/opt/PTK
export PTKBIN=$CPROVDIR/bin:/opt/ETcprt/bin:/opt/ETpcihsm/bin
export PTKLIB=$CPROVDIR/lib:/opt/ETcprt/lib:/opt/ETpcihsm/lib
export PTKMAN=$CPROVDIR/man

if [ -x /bin/grep ];
then
GREPCOMMAND="/bin/grep"
else
GREPCOMMAND="grep"
fi

if ! echo $PATH | $GREPCOMMAND -q $PTKBIN; then
export PATH=$PTKBIN:$PATH
fi

if ! echo $LD_LIBRARY_PATH | $GREPCOMMAND -q $PTKLIB; then
export LD_LIBRARY_PATH=$PTKLIB:$LD_LIBRARY_PATH
fi

if ! echo $MANPATH | $GREPCOMMAND -q $PTKMAN; then
export MANPATH=$PTKMAN:$MANPATH
fi

Step 4: Linux server Profile  example

# cat .profile
bash
# cat .bashrc
# User specific aliases and functions
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
source /appdata/setvars.sh
[appuser@aras01 ~]$

Step  4:Check hsm state with command.

#hsmstate
#ctconf -v
#ctconf  -t

 

Tagged In:

I'm a IT Infrastructure and Operations Architect with extensive experience and administration skills and works for Turk Telekom. I provide hardware and software support for the IT Infrastructure and Operations tasks.

205 Total Posts
Follow Me