Crypto J Installation Guide

RSA BSAFE® Crypto-J 6.2.0.
Installation Guide
28 May 2015
Copyright and Trademark
Notice and Trademarks

Copyright © 2015 EMC Corporation. All rights reserved. EMC, RSA, the RSA logo, and BSAFE are registered trademarks
of EMC Corporation in the United States and/or other countries. All other products and services mentioned are trademarks of
their respective companies. For the most up-to-date listing of EMC trademarks, go to www.emc.com/legal/
emc-corporation-trademarks.htm.
License agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and
may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice
above. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any
other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Third-party licenses
This product may include software developed by parties other than EMC. The text of the license agreements applicable to
third-party software in this product may be viewed in the file Crypto-J_6.2.0.1_Third-partyLicenses.pdf.
Note on encryption technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Disclaimer
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” EMC CORPORATION MAKES
NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE.
Distribution
Limit distribution of this document to trusted personnel.
Part Number
21.05.15
Installation Guide
21.05.15
RSA BSAFE Crypto-J 6.2.0.1 Installation Guide
This document provides instructions for installing RSA BSAFE Crypto-J 6.2.0.1
(Crypto-J) on all released platforms. Instructions are provided for binary installations
and source installations of Crypto-J. Instructions are also provided for binary
installations on Google® Android™ and the Java™ Web Start application.
Binary installations are suitable where the compiled version of Crypto-J matches your
installation platform, and where there is no intention to alter the product. Source
installations are suitable where there is a requirement to build Crypto-J for a specific
platform.
Contents:
About the Crypto-J Toolkit ............................................................................... 2
Binary Installation ............................................................................................. 4
Install JCE Jurisdiction Policy Files ........................................................ 5
Decrypt the Toolkit Files ........................................................................... 6
Install Crypto-J .......................................................................................... 8
Build and Run the Samples ................................................................... 13
Binary Installation for Android ...................................................................... 15
Decrypt the Toolkit Files ......................................................................... 16
Install Crypto-J ........................................................................................ 18
Build and Run the Android Samples .................................................... 23
Binary Installation for Java Web Start ......................................................... 25
Install JCE Jurisdiction Policy Files ...................................................... 26
Install Crypto-J ........................................................................................ 29
Build and Run the Java Web Start Sample ......................................... 32
Source Installation ......................................................................................... 33
Install the JCE Jurisdiction Policy File ................................................. 34
Install the JCE Code Signing Certificate .............................................. 35
Install the Toolkit Files ............................................................................ 40
Build and Test the Source Code ........................................................... 40
System and Security Properties ................................................................... 46
Uninstallation Instructions ............................................................................. 46
28 May 2015 Copyright © 2015 EMC Corporation. All rights reserved. Published in the USA. 1
About the Crypto-J Toolkit

Crypto-J provides Java™ developers with a state-of-the-art implementation of the
most important privacy, authentication, and data integrity algorithms. The Crypto-J
toolkit contains both the Java Cryptography Extension (JCE) API and Jsafe API.
The Crypto-J distribution media contains the following:

• Binary toolkit:
– Toolkit Java archive (jar) files.
• Source toolkit:
– Java source code and build and test systems.
• RSA BSAFE Crypto-C Micro Edition 4.1 (Crypto-C ME) shared libraries
• Sample source code
• Product documentation consisting of:
– This document, the RSA BSAFE Crypto-J Installation Guide, in Portable
Document Format (PDF), with instructions on how to install and build
Crypto-J.
– The RSA BSAFE Crypto-J Release Notes, in PDF, with the latest information
about Crypto-J.
– The RSA BSAFE Crypto-J Developers Guide, in HTML format, with
information and instructions on how to develop applications that integrate
Crypto-J.
– The following Javadocs in HTML format, with Java API reference
information:
• RSA BSAFE JsafeJCE Javadoc
• RSA BSAFE Jsafe Javadoc
• RSA BSAFE Tools Javadoc.
– The RSA Security Concepts, in PDF, provides an overview of the
fundamentals of cryptography and security related issues.
– The RSA FIPS 140 White Paper, in PDF, which provides information on
developing FIPS 140-validated solutions using RSA BSAFE software.
2 About the Crypto-J Toolkit

Toolkit Configuration
The following table lists the eight toolkit configurations included in the Crypto-J
toolkit.
Table 1 Toolkit Configuration
Cryptographic PKCS #11 FIPS

Configuration
Implementation Accessible Validated
Pure JSAFE Pure Java No No
Native JSAFE Pure Java and Native Yes1 No
Pure JCE and JSAFE Pure Java No No
Native JCE and JSAFE Pure Java and Native Yes1 No
FIPS JSAFE Pure Java No Yes
FIPS Native JSAFE Pure Java and Native Yes1 Yes
FIPS JCE and JSAFE Pure Java No Yes
FIPS Native JCE and JSAFE Pure Java and Native Yes1 Yes
1
Not applicable to Crypto-J on Android.
About the Crypto-J Toolkit 3

Binary Installation
This section describes how to install the Crypto-J binary toolkit on your development
environment.
Note: For instructions to install the Crypto-J binary toolkit on an Android

development environment, go to “Binary Installation for Android” on
page 15.
For instructions to install the Crypto-J binary toolkit on a Java Web Start
development environment, go to “Binary Installation for Java Web Start” on
page 25.
Decryption utilities are available for the Windows®, UNIX®, Linux ®and Solaris®
operating systems. Go to Information > Utilities on the RSA download server to
access the decryption utility for your system.
Before you begin:

• Ensure that the system you are installing onto has 900 MB of free disk space.
• Obtain a decryption key from RSA.
• Download the Crypto-J encrypted package file and the decryption utility from the
download server to a convenient directory.
• Install JDK 6.0 or above, and set the JAVA_HOME environment variable
appropriately. The RSA BSAFE Crypto-J Release Notes lists the supported
platforms.
• Install one or more of the following:
– Apache™ Ant™ 1.8.x or newer.
– JetBrains IntelliJ® 9.0 IDE
– Eclipse 3.3 IDE or newer.
• Read these installation instructions.
To install Crypto-J:
The following steps summarize the complete installation process which is detailed
below:
1. Install JCE Jurisdiction Policy Files
2. Decrypt the Toolkit Files
3. Distribution Directory Structure
4. Build and Run the Samples.
4 Binary Installation
Install JCE Jurisdiction Policy Files

The JCE requires the presence of Unlimited Strength Jurisdiction Policy Files in order
to use some algorithms and key strengths.
The following algorithms require these policy files:

• AES with key sizes greater than 128 bits
• RC2 with key sizes greater than 128 bits
• RSA Encryption.
These algorithms are used by some PKCS #12 KeyStore files.
Some of the samples use the restricted algorithms that require the policy files.
To successfully use the relevant algorithms and run all of the samples, the Unlimited
Jurisdiction Policy Files must be downloaded and installed.
The JDK vendor and version determines the Jurisdiction Policy File to download.
Obtain the applicable JDK versions from the following download locations:
• JCE Unlimited Strength Jurisdiction Policy Files 6 for:
– Oracle® JDK 6.0
– Oracle JRockit® JDK 6.0
– HP JDK 6.0.
– Oracle JDK 7.0
– HP JDK 7.0.
• JCE Unlimited Strength Jurisdiction Policy Files 8 for Oracle JDK 8.0.
• IBM Unrestricted JCE Policy Files for IBM® JDK 6.0 and 7.0.
To install the unlimited Jurisdiction Policy Files:

1. Extract the local_policy.jar and US_export_policy.jar files from the
downloaded zip file.
2. Copy local_policy.jar and US_export_policy.jar to the
<jdk install dir>/jre/lib/security directory, overwriting the
existing policy files.
Binary Installation 5
Decrypt the Toolkit Files

The following directory structure shows the software and documentation file locations
of the binary distribution.
Directory Contents
<root>/
Crypto-J_6.2.0.1_InstallGuide.pdf RSA BSAFE Crypto-J Installation Guide
Crypto-J_6.2.0.1_ReleaseNotes.pdf RSA BSAFE Crypto-J Release Notes
license_bsafe.pdf Product-specific license text
readme.txt
install/ Root and intermediate CA certificates
aix/r_unpack AIX® unpack utility
hpux11pa20/r_unpack HP unpack utility
hpux11pa20w/r_unpack HP unpack utility
hpia64i2/r_unpack HP Itanium2 unpack utility
linux_x86_lsb30/r_unpack Linux unpack utility
solspv9/r_unpack Solaris SPARC v9 unpack utility
solx86/r_unpack Solaris v86 unpack utility
win32/r_unpack.exe Windows unpack utility
cryptoj-6_2_0_1-java.pkg Encrypted binary package.
The following procedure describes the steps to copy and decrypt the toolkit files on
platforms that support the source distribution of Crypto-J. For this release these are the
AIX, HP-UX, Linux, Solaris, and Windows operating systems.
To decrypt Crypto-J on systems running a Windows operating system:

1. Start a command prompt.
2. Create and change to the directory where you want to install your toolkit files.
3. Copy cryptoj-6_2_0_1-java.pkg to your install directory.
4. Copy the r_unpack utility to your install directory:
install\win32\r_unpack.exe.
5. Unpack the encrypted package file:
.\r_unpack.exe cryptoj-6_2_0_1-java.pkg <decryption key>
To decrypt Crypto-J on systems running an AIX, HP-UX, Linux or Solaris

operating system:
1. Start a shell.
install/linux_x86_lsb30/r_unpack.
5. Unpack the encrypted binary package.
./r_unpack cryptoj-6_2_0_1-java.pkg <decryption key>
Distribution Directory Structure

The following describes the binary distribution directory structure.
Directory Content
<root>/
Crypto-J_6.2.0.1_InstallGuide.pd RSA BSAFE Crypto-J Installation Guide
f
Crypto-J_6.2.0.1_ReleaseNotes.pd RSA BSAFE Crypto-J Release Notes
f
license_bsafe.pdf Product specific license text
readme.txt
cryptoj/ Build scripts and project files.
doc/ Documentation
DevGuide/ RSA BSAFE Crypto-J Developers Guide
javadoc/ Javadocs
JsafeJCE/ RSA BSAFE JsafeJCE Javadoc
Jsafe/ RSA BSAFE Jsafe Javadoc
Tools/ RSA BSAFE Tools Javadoc
lib/ Jar file repository
prebuilt/
cryptocme/ Crypto-C ME shared libraries
openldap/ OpenLDAP jar file
sample/ Source sample code
Install Crypto-J
1. Copy the Crypto-J binary distribution directory structure into a suitable location
on the target system.
2. Select the Crypto-J jar files to use and add them to the class path.The following
table lists the Crypto-J APIs and the corresponding jar files.
Table 2 Available APIs and Required jar Files
Available APIs Jar Files to Add to the Class Path
Non-FIPS JSAFE1, 2 <root>/cryptoj/lib/cryptojcommon.jar

<root>/cryptoj/lib/jcm.jar
FIPS JSAFE <root>/cryptoj/lib/cryptojcommon.jar

<root>/cryptoj/lib/jcmFIPS.jar
Non-FIPS JSAFE and JCE 2 <root>/cryptoj/lib/cryptoj.jar
Non-FIPS JSAFE and JCE1, 2 <root>/cryptoj/lib/cryptojcommon.jar

<root>/cryptoj/lib/cryptojce.jar
FIPS JSAFE and JCE <root>/cryptoj/lib/cryptojcommon.jar

1
This configuration will yield faster start-up times.
2Native
configuration requires access to Crypto-C ME shared libraries. For more details, see step 4 below.
3. Depending on other features to be used, additional jar files might need to be added
to the class path. The following table lists these features and the corresponding jar
files to be added to the class path.
Table 3 Features and Required jar Files
Feature Jar Files to Add to the class path
LDAP <root>/cryptoj/prebuilt/openldap/openldap.jar
Evaluation License <root>/cryptoj/lib/rsamisc.jar
Tools API <root>/cryptoj/lib/util.jar
4. If you do not wish to use a Native FIPS or Native non-FIPS configuration of

Crypto-J, go to Step 5.
To use a Native FIPS or Native non-FIPS configuration of Crypto-J, the
Crypto-C ME platform-specific shared libraries must be added to the Java library
path. The following table details the subdirectories in
<root>/cryptoj/prebuilt/cryptocme that contain the platform-specific
shared libraries.
Table 4 Platform-specific Native Shared Libraries for Crypto-C ME
Subdirectory1 Platform-specific Native Shared Libraries
aix6 IBM AIX 6.1 32-bit

IBM AIX 7.1 32-bit
aix6_64 IBM AIX 6.1 64-bit

IBM AIX 7.1 64-bit
freebsd_x64_gcc FreeBSD® 8.3 64-bit
hpux1131ia32i2 HP HP-UX 11.31 Itanium2 32-bit
hpux1131ia64i2 HP HP-UX 11.31 Itanium2 64-bit
linux_x86_lsb30 Red Hat® Enterprise Server 5.5 32-bit

Red Hat Enterprise Server 6.1 32-bit
Novell® SUSE® Linux 10.0 32-bit
Novell SUSE Linux Enterprise 11.0 32-bit
linux_x64_lsb30 Red Hat Enterprise Server 5.5 64-bit

Red Hat Enterprise Server 6.1 64-bit
Novell SUSE Linux 10.0 64-bit
Novell SUSE Linux Enterprise 11.0 64-bit
linux_ia64_lsb30 Red Hat Enterprise Server 6.1 Itanium2 64-bit

Novell SUSE Linux 11.0 Itanium2 64-bit
Table 4 Platform-specific Native Shared Libraries for Crypto-C ME (continued)
linux_ppc_gcc Red Hat Enterprise Server 5.0 PowerPC 32-bit

Novell SUSE Linux 10.0 PowerPC 32-bit
linux_ppc64_gcc Red Hat Enterprise Server 5.0 PowerPC 64-bit

macosx_x86 Apple® Mac OS® X 10.6 x86 32-bit
macosx_x64 Apple Mac OS X 10.6 x86_64 64-bit
solspv8p Oracle Solaris™ 10 UltraSparc v8+ 32-bit
solspv9 Oracle Solaris 10 UltraSparc v9 64-bit
solx86 Oracle Solaris 10 x86 32-bit
solx64 Oracle Solaris 10 x86_64 64-bit
win32vc8 Microsoft Windows® 32-bit
win64x64 Microsoft Windows 64-bit
win64ia64 Microsoft Windows Itanium2 64-bit

1
Short Platform Name.
For example, for a system running a Windows operating system:

copy <root>\cryptoj\prebuilt\cryptocme\win32vc8\*.*
C:\Windows\System32
For systems running a Unix operating system, add the Native library to the library
path. For example, on a Solaris operating system:
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:
<root>/cryptoj/prebuilt/cryptocme/solspv8p
export LD_LIBRARY_PATH
Note: On some operating systems, it may be necessary to set the execute

permissions for the shared libraries. For example:
chmod 755 <root>/cryptoj/prebuilt/cryptocme/solspv8p/*.so
For details about how to use Native configurations of Crypto-J, see the
API-specific section “Using Native Implementations” in the RSA BSAFE
Crypto-J Developers Guide.
5. To use the Crypto-J JsafeJCE API, register the Crypto-J JCE provider, JsafeJCE,
either statically or dynamically.
To statically register the JsafeJCE provider:
a. Copy the relevant jar files to the
<jdk install directory>/jre/lib/ext directory.
b. Edit the <jdk install directory>/jre/lib/security/
java.security file to add the JsafeJCE Provider:
security.provider.<n>=com.rsa.jsafe.provider.JsafeJCE
To set the JsafeJCE Provider as the default provider, set <n> to 1.
Change the <n> values for any other providers listed in java.security so
that each provider has a unique number. For example:
security.provider.1=com.rsa.jsafe.provider.JsafeJCE
security.provider.2=sun.security.provider.Sun
To dynamically register the JsafeJCE provider:
a. Add the relevant jar files to the class path.
b. Create the provider programmatically using the following Java code:
// Create a Provider object
Provider jsafeProvider = new com.rsa.jsafe.provider.JsafeJCE();
// Add the Crypto-J JsafeJCE Provider to the current
// list of providers available on the system.
Security.insertProviderAt (jsafeProvider, 1);
6. The Crypto-J FIPS 140-2 toolkit may be configured to perform specific operations
at start-up (load). Configure these operations by editing
<jdk install directory>/jre/lib/security/java.security.
The following table lists the property that must be set for FIPS 140-2 compliant
operation.
Table 5 FIPS 140-2 Property Setting
Property Name Value
com.rsa.cryptoj.fips140initialmode FIPS140_MODE 1
1The fips140initialmode value can be any of FIPS140_MODE, FIPS140_SSL_MODE, FIPS140_ECC_MODE,
FIPS140_SSL_ECC_MODE or NON_FIPS140_MODE.
For FIPS 140-2 Level 2 Roles, Authentication and Services compliance, the
security properties listed in the following table must be added.
Table 6 FIPS 140-2 Level 2 Property Settings
Property Name Value
com.rsa.cryptoj.fips140auth LEVEL2
com.rsa.cryptoj.configfile1 <path and filename>2

1
This security property is optional. There are APIs to dynamically specify this property.
2
The path and filename can be an absolute path or a path relative to the user.dir Java system property.
7. Crypto-J uses HMACDRBG256 as the default random algorithm where no other

random algorithm is specified.
Use the security property com.rsa.crypto.default.random to change this
as required. The following are valid values for this security property:
– HMACDRBG
– HMACDRBG128
– HMACDRBG192
– HMACDRBG256
– HASHDRBG
– HASHDRBG128
– HASHDRBG192
– HASHDRBG256
– CTRDRBG
– CTRDRBG128
– CTRDRBG192
– CTRDRBG256
– FIPS186Random1
– FIPS186PRNG1
1
The use of this algorithm is deprecated until December 31, 2015, and disallowed after 2015.
Refer to “Random Number Generation” in SP800-131A.
Build and Run the Samples

The following procedure for running the sample code is applicable only for the binary
toolkit.
Sample source code is available for each API:

• The JSAFE and ASN.1 samples are in <root>/cryptoj/sample/src/jsafe
• The JsafeJCE samples are in <root>/cryptoj/sample/src/jce
• The Tools samples are in <root>/cryptoj/sample/src/tools.
There are two ways to build and run the samples for Crypto-J:
• Use IDE project files
The project files to build and run the samples have been included in this release of
Crypto-J for the following development environments:
– JetBrains IntelliJ 9.0 IDE
– Eclipse 3.3 IDE.
These project files are located at <root>/cryptoj.
• Use Apache Ant build scripts
Build scripts to build and run the samples are included in this release of Crypto-J
at <root>/cryptoj. Ensure that your execution path will allow the ant
command to be executed.
Note: The following instructions are based on the use of Apache Ant.
In the following instructions, replace <api_name> with either jsafe, jce or

tools as required. For the ASN.1 samples, use jsafe.
To build and run the sample code when using a Pure Java configuration:
1. Navigate to the cryptoj directory.
cd <root>/cryptoj
2. Build and run the samples:
a. To run all of the samples:
ant -f build-<api_name>.xml run.all
b. To run a specific sample, specify the sample name. For example:
ant -f build-<api_name>.xml run.ECIESwithAES
To build and run the sample code when using a Native configuration:
Note: Step 4 on page 9 has the full list of the platforms and details of how to
configure a Native implementation.

cd <root>/cryptoj
2. Build and run the samples:
a. To run all of the samples:
ant -f build-<api_name>.xml run.all -Djvm.arg=”
-Dcom.rsa.cryptoj.native.fips140.path=
<root>/cryptoj/prebuilt/cryptocme/<platform>
-Djava.library.path=
<root>/cryptoj/prebuilt/cryptocme/<platform>”
b. To run a specific sample:
i. To run a specific non-FIPS sample, specify the sample name.
For example:
ant -f build-<api_name>.xml run.ECIESwithAES
ii. To run a specific FIPS sample, specify the sample name and the platform
specific arguments. For example:
ant -f build-<api_name>.xml run.FIPS140Compliant
-Djvm.arg=”-Dcom.rsa.cryptoj.native.fips140.path=
<root>/cryptoj/prebuilt/cryptocme/<platform>
-Djava.library.path=
<root>/cryptoj/prebuilt/cryptocme/<platform>”
Binary Installation for Android

This section describes how to install the Crypto-J binary toolkit on your Android
development environment.
Before you begin:

platforms.
• Ensure an Android device running a supported version of Android is available to
run Crypto-J. A hardware device or an emulator can be used for this.
• Install a supported Android platform. This can be done using the Android SDK
Manager included with the SDK. Detailed instructions can be found at
http://developer.android.com/sdk/index.html. The RSA BSAFE
Crypto-J Release Notes lists the supported platforms.
• Add <android-sdk>/platform-tools and <android-sdk>/tools to
the path environment variable so the Android commands can be called from the
Crypto-J build scripts.
• Install Apache™ Ant™ 1.8.x or newer.
below:
3. Build and Run the Android Samples.
Binary Installation for Android 15


Directory Contents
<root>/
readme.txt

To decrypt Crypto-J on systems running a AIX, HP-UX, Linux or Solaris

operating system:
1. Start a shell.
4. Copy the r_unpack utility to your install directory. For example:
5. Unpack the encrypted package.
16 Binary Installation for Android


Directory Content
<root>/
f
f
readme.txt
doc/ Documentation
javadoc/ Javadocs
prebuilt/

Install Crypto-J


<root>/cryptoj/lib/jcmandroidfips.jar


<root>/cryptoj/lib/jcmandroidfips.jar
1
2Native
3. Copy the jar files to the specified directories:

– To work with non-FIPS 140-2 compliant Crypto-J, copy cryptoj.jar to
<android-project>/libs.
– To work with FIPS 140-2 compliant Crypto-J, copy cryptojcommon.jar
and cryptojce.jar to <android-project>/libs.
The FIPS140 jar, jcmandroidfips.jar, must be loaded to make the FIPS
140-2 compliant cryptographic implementations available.
• To load the FIPS140 jar from the raw resources, copy
jcmandroidfips.jar to <android-project>/res/raw.
The following is an example of the load method:
AndroidFips140Loader.load(context, R.raw.jcmandroidfips)
• To load the FIPS140 jar from a file, the jar must be available on the
Android device that is running the application as a File.
<android-project>/res/raw.
The following is an example of the load method:
AndroidFips140Loader.load (context, new File
("/sdcard/myLibraries/jcmandroidfips.jar"));

4. Depending on other features to be used, additional jar files may be required to be

added to the class path. The following table lists these features and the
corresponding jar files to be added to the class path.
5. If you do not wish to use a Native FIPS or Native non-FIPS configuration of

Crypto-J, go to Step 7.
To use a Native FIPS or Native non-FIPS configuration of Crypto-J, the
Crypto-C ME platform-specific shared libraries must be added to the Java library
path. The following table details the subdirectories in
<root>/cryptoj/prebuilt/cryptocme that contain the platform-specific
shared libraries.
Table 9 Platform-specific Native Shared Libraries for Crypto-C ME
android_x86 Google Android 32-bit
android_armv7 Google Android ARM® v7

1Short
Platform Name.

6. Select the Native shared library jar files to use and copy them to the specified
directories:
– To work with Crypto-J configured as non-FIPS 140-2 compliant, copy
libncm.so to the <android-project>/libs/<platform> directory.
– To work with Crypto-J configured as FIPS 140-2 compliant:
• Copy the following shared libraries to the
<android-project>/libs/<platform> directory:
libncm_fips140.so
libccme_asym.so
libccme_aux_entropy.so
libccme_base.so
libccme_base_non_fips.so
libccme_ecc.so
libccme_ecc_accel_fips.so
libccme_ecc_accel_non_fips.so
libccme_ecc_non_fips.so
libccme_ecdrbg.so
libccme_error_info.so
libcryptocme.so
• Copy the signature file, libcryptocme.sig, to the
<android-project>/assets directory.
Note: On some operating systems, it may be necessary to set the execute

permissions for the shared libraries. For example:
chmod 755 <root>/cryptoj/prebuilt/cryptocme/solspv8p/*.so
For details about how to use Native configurations of Crypto-J, see the
API-specific section “Using Native Implementations” in the RSA BSAFE
Crypto-J Developers Guide.
7. To use the Crypto-J JsafeJCE API, dynamically register the Crypto-J JCE
provider, JsafeJCE:
Note: Unlike standard java, Android doesn't support static

registration of JCE providers, therefore the provider must be loaded
dynamically.

8. Edit <jdk install directory>/jre/lib/security/java.security to

configure Crypto-J for FIPS 140-2 compliant operation.
The following table lists the properties that must be set for FIPS 140-2 compliant
operation.
Property Name Value
com.rsa.cryptoj.native.fips140.path <path>
1
The fips140initialmode value can be any of FIPS140_MODE, FIPS140_SSL_MODE, FIPS140_ECC_MODE,
Property Name Value

1This
security property is optional. There are APIs to dynamically specify this property.
2The
path and filename can be an absolute path or a path relative to the user.dir Java system property.


– HMACDRBG
– HMACDRBG256
– HMACDRBG192
– HMACDRBG128
– HASHDRBG
– HASHDRBG128
– HASHDRBG192
– HASHDRBG256
– CTRDRBG
– CTRDRBG128
– CTRDRBG192
– CTRDRBG256
– FIPS186Random2
– FIPS186PRNG1
Note: Services created by JCE providers do not follow the non-Android

priority order. In a non-Android system, a SecureRandom created with
no defined algorithm would normally use the algorithm with the highest
priority set in the security properties. On Android, a different algorithm
could be used each time. RSA recommends that on Android an algorithm
is always specified when creating a SecureRandom or when using any
JCE component that has an option to use a default SecureRandom.
2

Build and Run the Android Samples

The Android SDK and an Android device are needed to run the Android samples.
Note: The samples can be run in either FIPS 140-2 Level 1 or Level 2 mode,
per installation. To re-run the samples in the alternate mode, they must first
be un-installed and then re-installed.
Build scripts to build and run the samples are included in this release of Crypto-J at
<root>/cryptoj/sample/android/Samples
<root>/cryptoj/sample/android/FipsSamples
<root>/cryptoj/sample/android/NativeSamples
<root>/cryptoj/sample/android/NativeFipsSamples.
Ensure that your execution path will allow the ant command to be executed.
To build and run the sample code:

cd <root>/cryptoj
2. Select an Android target. Run the following command to list all available targets.
android list targets
3. To run the samples in non-FIPS 140-2 mode with the Pure Java implementation:
ant -f build-android.xml -Dandroid.target=<target>
-Dandroid.project.name=Samples run
Where target is the identifier of one of the available targets.
This will install and run an application on the attached device with a list of all the
samples. The individual samples can be run by selecting them from the displayed
list.
4. To run the samples in FIPS 140-2 mode with the Pure Java implementation:
-Dandroid.project.name=FipsSamples run
Where target is the identifier of one of the available targets.
5. To run the samples in non-FIPS 140-2 mode with the Native implementation:
-Dandroid.project.name=NativeSamples
-Dapp.abi=<platform> run
Where:
• target is the identifier of one of the available targets.
• platform is the target Android device platform identifier.

6. To run the samples in FIPS 140-2 mode with the Native implementation:
-Dandroid.project.name=NativeFipsSamples
-Dapp.abi=<platform> run
Where:
• target is the identifier of one of the available targets.
• platform is the target Android device platform identifier.
Some of these samples will take several minutes to complete while running on an
emulator or older hardware.

Binary Installation for Java Web Start

This section describes how to install the Crypto-J binary toolkit on your on your Java
Web Start development environment.
Before you begin:

platforms.
below:
1. Install JCE Jurisdiction Policy Files
4. Build and Run the Java Web Start Sample.
Binary Installation for Java Web Start 25

Install JCE Jurisdiction Policy Files


• RSA Encryption.
These algorithms are used by some PKCS #12 KeyStore files. Some of the samples
use the restricted algorithms that require the policy files.
To successfully use the relevant algorithms and run all of the samples, the Unlimited
Jurisdiction Policy Files must be downloaded and installed. The JDK vendor and
version determines the Jurisdiction Policy File to download. Obtain the applicable
JDK versions from the following download locations:
– Oracle® JDK 6.0
– Oracle JRockit® JDK 6.0
– HP JDK 6.0.
– Oracle JDK 7.0
– HP JDK 7.0.
• JCE Unlimited Strength Jurisdiction Policy Files 8 for Oracle JDK 8.0.
• IBM Unrestricted JCE Policy Files for IBM® JDK 6.0 and 7.0.
To install the unlimited Jurisdiction Policy Files:

3. Install the unlimited Jurisdiction Policy Files on the Client side.
Depending on the algorithms required by the Java Web Start application, the client
might require the installation of the JCE Jurisdiction Policy Files. Details about
how to install the unlimited Jurisdiction Policy Files on the client side is outside of
the scope of this document. Please follow the instructions provided by the JDK
vendor.
26 Binary Installation for Java Web Start


Directory Contents
<root>/
readme.txt

To decrypt Crypto-J on systems running a AIX, HP-UX, Linux or Solaris

operating system:
1. Start a shell.
5. Unpack the encrypted package.


Directory Content
<root>/
f
f
readme.txt
doc/ Documentation
javadoc/ Javadocs
prebuilt/

Install Crypto-J




1
2Native
3. Depending on other features to be used, additional jar files might need to be added
to the class path. The following table lists these features and the corresponding jar
files to be added to the class path.
4. To use the Crypto-J JsafeJCE API, register the Crypto-J JCE provider, JsafeJCE,
dynamically in the Java Web Start application. To dynamically register the
JsafeJCE provider:

5. Sign all jar files with a trusted certificate. Binary released cryptoj.jar and
cryptojce.jar have already been signed with a SHA-256 digest algorithm and
they can be re-signed using the same SHA-256 digest algorithm.
6. Create a Java Network Launch Protocol (JNLP) file including all jars.
For JNLP File Syntax, please refer to the Oracle tutorial at
http://docs.oracle.com/javase/8/docs/technotes/guides/
javaws/developersguide/syntax.html.
The following is an example of a non-FIPS140 JNLP file:
<?xml version="1.0" encoding="utf-8"?>
<jnlp spec="6.0+" codebase="https://<codebase_utl>" href="<filename>.jnlp">
<information>
<title>Your Java Web Start title</title>
<vendor>Company Name</vendor>
<description>Some descriptions about application</description>
</information>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.7+"/>
<jar href="<path_to_library>/any.jar"/>
...
<jar href="<path_to_library>/cryptojcommon.jar"/>
<jar href="<path_to_library>/cryptojce.jar"/>


<jar href="<path_to_library>/jcm.jar"/>


<jar href="<path_to_library>/jcmFIPS.jar"/>
</resources>
<application-desc main-class="..." />

</jnlp>

7. The Crypto-J FIPS 140-2 toolkit may be configured to perform specific operations
at start-up (load). Configure these operations by editing
<jdk install directory>/jre/lib/security/java.security.
The following table lists the property that must be set for FIPS 140-2 compliant
operation.
Property Name Value
1
The fips140initialmode value can be any of FIPS140_MODE, FIPS140_SSL_MODE, FIPS140_ECC_MODE,
Property Name Value

1
This security property is optional. There are APIs to dynamically specify this property.
2
The path and filename can be an absolute path or a path relative to the user.dir Java system property.

– HMACDRBG
– HMACDRBG128
– HMACDRBG192
– HMACDRBG256
– HASHDRBG
– HASHDRBG128
– HASHDRBG192
– HASHDRBG256
– CTRDRBG
– CTRDRBG128
– CTRDRBG192
– CTRDRBG256
– FIPS186Random3
– FIPS186PRNG1
3

Build and Run the Java Web Start Sample

The following procedure for running the sample code is applicable only for the binary
toolkit.
Sample source code is available for Java Web Start in

<root>/cryptoj/sample/webstart/src
Build scripts to build and run the sample are included in this release of Crypto-J at
<root>/cryptoj. Use Apache Ant to build and run the sample for Crypto-J. Ensure
that your execution path will allow the ant command to be executed.
The sample can be run in FIPS 140-2 mode or non-FIPS 140-2 mode, for either JCE or
Jsafe. In the following instructions, replace <api_name> with either jsafe or jce
as required.
To build and run the sample code:

cd <root>/cryptoj
2. Build and run the sample:
a. To run the sample in FIPS 140-2 mode:
ant -f build-webstart.xml run.<api-name>.fips
b. To run the sample in non-FIPS 140-2 mode:
ant -f build-webstart.xml run.<api-name>.nonfips
3. A CryptojWebStartSample security warning dialogue is displayed.
This warning is caused by the use of self-signed certificates for samples. Ensure a
trusted certificate is used to sign all jar files at Step 5 on page 30.
Check the acceptance selection box, and click Run to start the application.

Source Installation
This section describes how to decrypt, install and build the Crypto-J toolkit on your
development environment.
Before you begin:

• Install Oracle® JDK 6.0 and set the JAVA_HOME environment variable
appropriately. The RSA BSAFE Crypto-J Release Notes list the supported
platforms.
Note: If cryptoj.jar is to be built and used with Oracle WebLogic Server

9.x or 10.x, all Crypto-J classes must be obfuscated. This is because
WebLogic contains a Crypto-J jar from a previous release, and the wrong
version of classes will be used by an application if the Crypto-J jar file is not
obfuscated.
The following steps summarize the installation process which is detailed below:
1. Install the JCE Jurisdiction Policy File
2. Install the JCE Code Signing Certificate
4. Install the Toolkit Files
5. Build and Test the Source Code.
Source Installation 33
Install the JCE Jurisdiction Policy File

Ensure you have the correct JCE Jurisdiction Policy files installed.

• RSA Encryption.
These algorithms are used by some PKCS #12 KeyStore files
To successfully build and test the Crypto-J toolkit jar files, the Unlimited Jurisdiction
Policy Files must be downloaded and installed.
The JDK version installed determines the Jurisdiction Policy File to download. Obtain
the Oracle JDK 6.0 and Oracle JDK 7.0 versions from the Oracle download location:
Oracle Java SE Downloads.
To install the Unlimited Jurisdiction Policy Files:

34 Source Installation
Install the JCE Code Signing Certificate

A JCE Code Signing Certificate is used in the process of signing your jar file. A JCE
Code Signing Certificate must be obtained from Oracle Corporation and installed onto
your platform. (It may take up to five days to receive the certificate.)
Complete installation instructions are on the Oracle web site at

http://download.oracle.com/javase/6/docs/technotes/guides/security/
crypto/HowToImplAProvider.html.
The following is a brief summary of the steps involved. If in any doubt about these
steps, see the Oracle web site.
1. Obtain a JCE Code Signing Certificate from Oracle Corporation.
a. Download the keytool utility required to generate a DSA key pair.
• For a Windows operating system:
http://download.oracle.com/javase/6/docs/technotes/tools/
windows/keytool.html.
• For a Solaris operating system:

http://download.oracle.com/javase/6/docs/technotes/tools/
solaris/keytool.html.
b. Generate a DSA key pair for JCE Code Signing using the keytool utility.
keytool -genkeypair
-alias <keypairname> \
-keyalg DSA \
-keysize 1024 \
-dname “cn=<Company Name>, \
ou=Java Software Code Signing, \
o=Sun Microsystems Inc” \
-keystore <keystore file name> \
-storepass <keystore password>
Where:
• ‘\’ is a line extension character if the command line prompt buffer is not
big enough for the whole command line.
• <keypairname> is the newly generated keystore entry for future use.
• <Company Name> is your company name.
• <keystore file name> is the name of the key store to be used. If this
does not exist it will be created.
• <keystore password> is the password to enable access to the keys
once created.
c. Create a Certificate Signing Request (CSR) using the keytool utility.

keytool -certreq
-file <csr file name> \
Where:
• ‘\’ is a line extension character if the command line prompt buffer is not
big enough for the whole command line.
• <keypairname> is the name used in step b above.
• <csr file name> is the file name which stores the CSR.
• <keystore file name> is the name used in step b above.
• <keystore password> is the value used in step b above.
d. Send an email to jce-cert-request_ww@oracle.com with the
following information:
• ‘Request a Certificate for Signing a JCA Provider’ in the subject line.
• The CSR in <csr file name>, generated in step c above, as a plain
text attachment.
• Additional information, including:
- Company Name
- Street Address (not a post office box)
- City
- State/Province
- Country
- Company Telephone Number
- Company Fax Number
- Requester Name
- Requester Telephone Number
- Requester Email Address
- Brief description of your company (size, line of business, and so on).
e. After the request is received you will receive a Request Number via email.
This step can take up to five business days. After this Request Number is
received print out the Certification Form for CSPs available at
http://www.oracle.com/ocom/groups/public/@otn/documents/
digitalasset/402171.txt, complete, sign and send the form, as
described in the form itself.
After the form and CSR is received, a JCE Code Signing Certificate is created
based on the information provided. This will be emailed to you along with a
Certification Authority (CA) certificate.
2. Install the JCE Code Signing Certificate.

a. Use the keytool utility to import the CA Certificate.
keytool -import
-alias <alias for the CA cert> \
-file <CA cert file name> \
Where:
• <alias for the CA cert> is the name you have chosen for the CA
• <CA cert file name> is the name of the attachment containing the
CA certificate sent with the email
• <keystore file name> is the name used in Step b on page 35
• <keystore password> is the value used in Step b on page 35.
b. Use the keytool utility to import the code-signing certificate.
keytool -import
-file <code-signing cert file name> \
Where:
• <keypairname> is the name of the keystore entry as used in Step b on
page 35.
• <code-signing cert file name> is the name of attachment
containing the code-signing certificate sent with the email
• <keystore file name> is the name used in Step b on page 35
• <keystore password> is the value used in Step b on page 35.
The certificates required for JCE Code Signing of the jar files have now been
installed and are ready for use.

of the source distribution.
Directory Contents
<root>/
readme.txt
cryptoj-6_2_0_1-javasource.pkg Encrypted source package.

2. Create and change to the directory where you want to install your source files.
3. Copy cryptoj-6_2_0_1-javasource.pkg to your install directory.
.\r_unpack.exe cryptoj-6_2_0_1-javasource.pkg <decryption
key>
To decrypt Crypto-J on systems running a AIX or HP-UX, Linux, or Solaris

operating system:
1. Start a shell.
2. Create and change to the directory where you want to install your source files.
3. Copy cryptoj-6_2_0_1-javasource.pkg to your install directory.
4. Copy the r_unpack utility to your install directory. For example:

./r_unpack cryptoj-6_2_0_1-javasource.pkg <decryption key>

The following describes the source distribution directory structure.
Directory Contents
<root>/
Crypto-J_6.2.0.1_InstallGuide.p This Installation Guide
df
Crypto-J_6.2.0.1_ReleaseNotes.p RSA BSAFE Crypto-J Release Notes
df
readme.txt
cryptoj/ Build files
build/ Build libraries.
doc/ Documentation files
javadoc/ Crypto-J Javadocs
cryptoj-src/ The Crypto-J component of the release
android/ Build configuration and test files for use
on the Android platform
build/ Build configuration files
prebuilt/
cryptocme/ Platform-specific Crypto-C ME shared
libraries
sample/ Samples
src/ Source code
jcm-src/ The JCM component of the release
android/ Build configuration and test files for use
on the Android platform
build/ Build configuration files
src/ Source code
testnist/ NIST tests
Install the Toolkit Files

For JCE configurations, ensure the use of the correct keystore:
1. Edit the file <root>/cryptoj/cryptoj-src/build/config/keystore/
jce.code.signing.properties to update the jce.keystore.location
property with the key store location containing the Code Signing Certificate.
For complete details, see “Install the JCE Code Signing Certificate” on page 35.
# JCE code signing configuration file.
#
# Location of a Java keystore.
jce.keystore.location:
build/config/keystore/<insert_keystore_here>
2. Edit the file <root>/cryptoj/cryptoj-src/build/config/keystore/
password.properties to update the keystorepass and the keypass
properties with your passwords. The section of the password.properties file
to be updated is shown below.
# JCE code signing passwords
keystorepass=<insert_password_here>
keypass=<insert_password_here>
Installation is now complete.
Build and Test the Source Code

This section describes the steps to:
• Install Third-party Software Tools
• Run a Confidence Build
• Create the Toolkit Jar Files
• Run the System Tests
• Run the Performance Tests
• Create the Toolkit Jar Files for Android
• Run the Android Tests.
Install Third-party Software Tools

To successfully build and test the source release, a number of third-party tools are
required. The following table lists the required tools and provides the download
location from which each can be retrieved.
To install each software tool:
• Download the required file from the download location.

• If the file is a zip file, extract the required jar files from the zip file.
• In this table, <tools> is the directory <root>/cryptoj/build/lib/tools.
Table 16 Third-party Software Download Details
Download Location
Software Tool
Download File Required jars
Android http://developer.android.com/sdk
framework1
Android SDK <android-sdk>/platforms/
android-<n>/android.jar
Copy to <tools>/android/
Ant 1.8 <ant-home>/lib
ant-junit.jar ant-junit.jar
Copy to <tools>/ant/
AspectJ 1.5.3 http://www.eclipse.org/aspectj/downloads.php
aspectj-1.5.3.jar aspectjlib.jar
aspectjrt.jar
aspectjtools.jar
aspectjweaver.jar
Copy to <tools>/aspectj/
BCEL 5.2 http://jakarta.apache.org/site/downloads/downloads.bcel.cgi
bcel-5.2.zip bcel-5.2.jar
Copy to <tools>/bcel/
Checkstyle 4.4 http://sourceforge.net/projects/checkstyle/files/checkstyle/4.4
checkstyle-4.4.zip antlr.jar
checkstyle-all-4.4.jar
commons-beanutils.jar
commons-logging.jar
Copy to <tools>/checkstyle/
Cobertura 1.9.4.1 http://sourceforge.net/projects/cobertura/files/cobertura/1.9.4.1
cobertura-1.9.4.1-bin.zip asm-30.jar
asm-tree-3.0.jar
cobertura.jar
log4j-1.2.9.jar
Copy to <tools>/cobertura/
Table 16 Third-party Software Download Details (continued)
Download Location
Software Tool
Download File Required jars
google-gson 1.7.1 http://google-gson.googlecode.com/files/
google-gson-1.7.1-release.zip gson-1.7.1.jar
Copy to <tools>/google-gson/
JUnit 4.8.2 http://search.maven.org/remotecontent?filepath=junit/junit/4.8.2/
junit4.8.2.jar junit.jar
Copy to <tools>/junit/
Mockito 1.9.5 https://code.google.com/p/mockito/downloads/list
mockito-1.9.5.jar mockito-1.9.5.jar
Copy to <tools>/mockito/
Proguard 4.8 http://sourceforge.net/projects/proguard/files/proguard/4.8
proguard4.8.zip proguard.jar
Copy to <tools>/proguard/
Qdox 1.6.1 http://dist.codehaus.org/qdox/jars
qdox-1.6.1.jar qdox-1.6.1.jar
Copy to <tools>/qdox/
Velocity 1.5 http://archive.apache.org/dist/velocity/engine/1.5
velocity-1.5.zip commons-collections-3.1.jar
commons-lang-2.1.jar
jdom-1.0.jar
oro-2.0.8.jar
velocity-1.5.jar
werken-xpath-0.9.4.jar
Copy to <tools>/velocity/
1
Android framework is optional. It is only required if Android needs to be supported.
Run a Confidence Build

The confidence build script builds and tests the Crypto-J toolkit.
To run a Confidence Build:

1. Navigate to the cryptoj directory:
cd <root>/cryptoj
2. Build the toolkit:
ant confidence
3. View gen/reports/index.html to verify the success of the build process.
Create the Toolkit Jar Files

To create the toolkit jar files:
1. Compile all of the toolkit classes using the following commands:
ant build
An error-free execution of the build scripts indicates successful compilation of these

files. The jar files are located in <root>/cryptoj/cryptoj-src/gen/jar.
Create the Native Cryptographic Module

To create the Native Cryptographic Module:
1. Compile the Native libraries using the following commands:
ant build.ncm -Dncm.platform=<platform>
Where <platform> is the short platform name of the Native libraries. For a list
of the short platform names, see “Platform-specific Native Shared Libraries for
Crypto-C ME” on page 9.
2. Run all the Native Cryptographic Module tests:
ant test.ncm
3. View <root>/cryptoj/cryptoj-src/gen/reports/index.html to
verify the results of each test.
Run the System Tests

To run the system tests on the jar files:
1. Run the ant test script:
ant test.all
Run the Performance Tests

In some environments the system performance is a high priority. To assist in the task
of measuring system performance, Crypto-J provides a test script.
The individual tests run against each toolkit configuration can be modified by editing
the appropriate properties file located in <root>/cryptoj/cryptoj-src/
src/test/data/com/rsa/test/data/performance.
View the results of the performance tests in the csv files located in
<root>/cryptoj/cryptoj-src/gen/reports/performance.
For each test these files record:

• Description of the operation
• Toolkit tests
• Key size
• Operation name
• Test run time in number of seconds
• Number of operations completed
• Number of operations per second.
To run a complete set of tests on all jar files and the Oracle provider:
1. Run the ant test script:
ant test.performance
2. View the output of these tests in cryptoj.marketing.report.csv located in
<root>/cryptoj/cryptoj-src/gen/reports/performance .
Create the Toolkit Jar Files for Android

To create the toolkit jar files:
1. Compile all of the toolkit classes using the following commands:
ant build -DexcludeAndroid=false
An error-free execution of the build scripts indicates successful compilation of these

files. The jar files are located in <root>/cryptoj/cryptoj-src/gen/jar.
Run the Android Tests

The Android SDK and an Android device are needed to run these tests. For more
information, see the RSA BSAFE Crypto-J Developers Guide.
To run the Android tests:
1. Run the following command to list all available targets:

android list targets
2. Compile and run all the tests on a selected target:
ant -Dandroid.target=<target> test.android
Where <target> is the identifier for one of the available targets.

Note: These tests will run for several hours on newer hardware, but will
take up to a few days on older hardware or an emulator.
System and Security Properties

The system and security properties in Crypto-J are used to statically register the
JsafeJCE provider, and to configure the toolkit and FIPS-140 mode behavior.
For further detail, see the Introduction To Crypto-J -> System and Security
Properties section of the RSA BSAFE Crypto-J Developers Guide, and the RSA
BSAFE Crypto-J Troubleshooting Guide.
Uninstallation Instructions
To uninstall Crypto-J on all platforms, remove all files and directories created
during the installation process, and remove the relevant environment variables.
46 System and Security Properties

Crypto J Installation Guide

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Crypto J Installation Guide

Caricato da

Copyright:

Formati disponibili

RSA BSAFE® Crypto-J 6.2.0.

Notice and Trademarks

RSA BSAFE Crypto-J 6.2.0.1 Installation Guide

About the Crypto-J Toolkit

The Crypto-J distribution media contains the following:

2 About the Crypto-J Toolkit

Table 1 Toolkit Configuration

Cryptographic PKCS #11 FIPS

Pure JSAFE Pure Java No No

Native JSAFE Pure Java and Native Yes1 No

Pure JCE and JSAFE Pure Java No No

Native JCE and JSAFE Pure Java and Native Yes1 No

FIPS JSAFE Pure Java No Yes

FIPS Native JSAFE Pure Java and Native Yes1 Yes

FIPS JCE and JSAFE Pure Java No Yes

About the Crypto-J Toolkit 3

Note: For instructions to install the Crypto-J binary toolkit on an Android

Before you begin:

Install JCE Jurisdiction Policy Files

The following algorithms require these policy files:

These algorithms are used by some PKCS #12 KeyStore files.

To install the unlimited Jurisdiction Policy Files:

Decrypt the Toolkit Files

To decrypt Crypto-J on systems running a Windows operating system:

To decrypt Crypto-J on systems running an AIX, HP-UX, Linux or Solaris

Distribution Directory Structure

Available APIs Jar Files to Add to the Class Path

Non-FIPS JSAFE1, 2 <root>/cryptoj/lib/cryptojcommon.jar

FIPS JSAFE <root>/cryptoj/lib/cryptojcommon.jar

Non-FIPS JSAFE and JCE 2 <root>/cryptoj/lib/cryptoj.jar

Non-FIPS JSAFE and JCE1, 2 <root>/cryptoj/lib/cryptojcommon.jar

FIPS JSAFE and JCE <root>/cryptoj/lib/cryptojcommon.jar

Feature Jar Files to Add to the class path

Evaluation License <root>/cryptoj/lib/rsamisc.jar

Tools API <root>/cryptoj/lib/util.jar

4. If you do not wish to use a Native FIPS or Native non-FIPS configuration of

Subdirectory1 Platform-specific Native Shared Libraries

aix6 IBM AIX 6.1 32-bit

aix6_64 IBM AIX 6.1 64-bit

freebsd_x64_gcc FreeBSD® 8.3 64-bit

hpux1131ia32i2 HP HP-UX 11.31 Itanium2 32-bit

hpux1131ia64i2 HP HP-UX 11.31 Itanium2 64-bit

linux_x86_lsb30 Red Hat® Enterprise Server 5.5 32-bit

linux_x64_lsb30 Red Hat Enterprise Server 5.5 64-bit

linux_ia64_lsb30 Red Hat Enterprise Server 6.1 Itanium2 64-bit

Table 4 Platform-specific Native Shared Libraries for Crypto-C ME (continued)

Subdirectory1 Platform-specific Native Shared Libraries

linux_ppc_gcc Red Hat Enterprise Server 5.0 PowerPC 32-bit

linux_ppc64_gcc Red Hat Enterprise Server 5.0 PowerPC 64-bit

macosx_x86 Apple® Mac OS® X 10.6 x86 32-bit

macosx_x64 Apple Mac OS X 10.6 x86_64 64-bit

solspv8p Oracle Solaris™ 10 UltraSparc v8+ 32-bit

solspv9 Oracle Solaris 10 UltraSparc v9 64-bit

solx86 Oracle Solaris 10 x86 32-bit

solx64 Oracle Solaris 10 x86_64 64-bit

win32vc8 Microsoft Windows® 32-bit

win64x64 Microsoft Windows 64-bit

win64ia64 Microsoft Windows Itanium2 64-bit

For example, for a system running a Windows operating system:

Note: On some operating systems, it may be necessary to set the execute

Property Name Value

Property Name Value

com.rsa.cryptoj.configfile1 <path and filename>2

7. Crypto-J uses HMACDRBG256 as the default random algorithm where no other