RSA BSAFE® SSL-J 6.2.
Copyright and Trademark Notice and Trademarks Copyright © 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, RSA, the RSA logo, and BSAFE are registered trademarks of Dell Inc. or its subsidiaries in the United States and/or other countries. All other products and services mentioned are trademarks of their respective companies. For the most up-to-date listing of Dell trademarks, go to www.dell.com/learn/us/en/19/shared-content/dell-trademark-list.
Installation Guide 12.11.19 RSA BSAFE SSL-J 6.2.6 Installation Guide This document provides installation instructions for RSA BSAFE SSL-J 6.2.6 (SSL-J) for all released platforms. Instructions are provided for binary installations, including installation on Google® Android™, and source installations of SSL-J, including installation on Google Android.
RSA BSAFE SSL-J 6.2.6 Installation Guide About the SSL-J Toolkit SSL-J is a Java™ software development toolkit for building Transport Layer Security (TLS) into enterprise-to-enterprise and commercial Internet applications. The SSL-J distribution media contains the following: • • 2 Binary toolkit – Toolkit Java archive (jar) files – CodeBase shared libraries – OpenLDAP library – RSA BSAFE Crypto-C Micro Edition 4.1 (Crypto-C ME) shared libraries – Sample source code.
RSA BSAFE SSL-J 6.2.6 Installation Guide • – RSA BSAFE SSL-J Developers Guide, in HTML format, with information on how to build SSL security into applications. – The following Javadocs, in HTML format, provide Java API reference information: • RSA BSAFE SSLJJavadoc • RSA BSAFE JSSE Javadoc Related product documentation, consisting of: – RSA BSAFE Cert-J 6.2.4 Release Notes, in PDF, with the latest information on Cert-J. – RSA BSAFE Cert-J 6.2.
RSA BSAFE SSL-J 6.2.
RSA BSAFE SSL-J 6.2.6 Installation Guide Binary Installation This section describes how to install the SSL-J binary toolkit on your development environment. Note: For instructions to install the SSL-J binary toolkit on an Android development environment, go to Binary Installation for Android. Before you begin: • Ensure the system you are installing onto has 500 MB of free disk space. • Read these installation instructions. • Install JDK 7.
RSA BSAFE SSL-J 6.2.6 Installation Guide Install the JCE Jurisdiction Policy Files The JCE requires that Unlimited Strength Jurisdiction Policy Files are downloaded and installed in order to use some algorithms and key strengths using the JCE API. The following algorithms require these policy files: • AES, RC2, RC4, RC5 with key sizes greater than 128 bits • RSA Encryption. These algorithms are used by: • Some PKCS #12 KeyStore files • The _AES_256_, TLS_RSA_, SSL_RSA_ TLS cipher suites.
RSA BSAFE SSL-J 6.2.6 Installation Guide Install SSL-J The following describes the SSL-J binary distribution directory structure. Directory root/ license_bsafe.pdf readme.txt SSL-J_6.2.6_InstallGuide.pdf SSL-J_6.2.6_ReleaseNotes.pdf SSL-J_6.2.6_TroubleshootingGuide.
RSA BSAFE SSL-J 6.2.6 Installation Guide The following table lists these configurations and the corresponding SSL-J, Cert-J and Crypto-J jar files to be added to the class path. Table 2 Configuration and Required jar Files Configuration Jar Files to Add to the Class Path Pure JSSE root/sslj/lib/sslj-6.2.6.jar root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar1 Native JSSE2 root/sslj/lib/sslj-6.2.6.jar root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar1 Native FIPS JSSE2 root/sslj/lib/sslj-6.2.6.
RSA BSAFE SSL-J 6.2.6 Installation Guide 3. Depending on other features you intend to use, the addition of further jar files to your class path may be required. The following table lists these features and the corresponding jar files to be added to the class path. Table 3 Features and Required jar Files Feature Jar Files to Add to the Class Path LDAP root/sslj/prebuilt/openldap/openldap.jar CodeBase Native Database root/sslj/prebuilt/codebase/codebase.jar 4.
RSA BSAFE SSL-J 6.2.6 Installation Guide Table 4 Platform-specific Native Shared Libraries for Crypto-C ME (continued) Platform-specific Native Shared Libraries Subdirectory1 Oracle Solaris 10 Sparc v9 64-bit solspv9 Red Hat® Enterprise Server 32-bit linux_x86_lsb30 Red Hat Enterprise Server 64-bit linux_x64_lsb30 1 Short Platform Name. For example, for systems running a Windows operating system: copy root\sslj\prebuilt\cryptocme\win32vc8\*.* c:\Windows\System32 For systems running a Unix-like
RSA BSAFE SSL-J 6.2.6 Installation Guide For example, for systems running a Windows operating system: copy root\sslj\prebuilt\codebase\win32\*.dll c:\Windows\System32 For systems running a Unix-like operating system, add the Native library to the library path.
RSA BSAFE SSL-J 6.2.6 Installation Guide 1 The fips140initialmode value can be any of FIPS140_MODE, FIPS140_SSL_MODE, FIPS140_ECC_MODE, FIPS140_SSL_ECC_MODE or NON_FIPS140_MODE. For FIPS 140-2 Level 2 Roles, Authentication and Services compliance, add the security properties listed in the following table: Table 7 FIPS 140-2 Level 2 Property Settings Property Name Value com.rsa.sslj.fips140auth LEVEL2 com.rsa.sslj.configfile1 path and filename2 1This security property is optional.
RSA BSAFE SSL-J 6.2.6 Installation Guide Build and Run the Samples This release of SSL-J has standalone and client-server samples. The standalone samples demonstrate utility functionality such as obtaining the version number of the toolkit and checking that the JRE configuration is correct for using SSL-J. Sample source code is available for each API: • The SSL-J samples are in root/sslj/sample/src/sslj • The JSSE samples are in root/sslj/sample/src/jsse.
RSA BSAFE SSL-J 6.2.6 Installation Guide ii. Execute the server in a command shell. For example, to run the Simple server: ant -f build-api_name.xml run.server.Simple iii. Execute the client in another command shell. For example, to run the Simple client: ant -f build-api_name.xml run.client.Simple Alternately, the complete set of client-server samples can be executed in a single command shell. Use the following command: ant -f build-api_name.xml run.client-server.
RSA BSAFE SSL-J 6.2.6 Installation Guide Binary Installation for Android This section describes how to install the SSL-J binary toolkit on your Android development environment. Before you begin: • Ensure that the system you are installing onto has 900 MB of free disk space. • Obtain a decryption key from RSA. • Download the SSL-J encrypted package file and the decryption utility from the download server to a convenient directory. • Install JDK 7.
RSA BSAFE SSL-J 6.2.6 Installation Guide Install SSL-J The following describes the binary distribution directory structure. Directory root/ license_bsafe.pdf readme.txt SSL-J_6.2.6_InstallGuide.pdf SSL-J_6.2.6_ReleaseNotes.pdf SSL-J_6.2.6_TroubleshootingGuide.
RSA BSAFE SSL-J 6.2.6 Installation Guide The following table lists these toolkit configurations and the corresponding SSL-J, Cert-J and Crypto-J jar files to be added to the class path. Table 8 Configuration and Required jar Files Configuration Jar Files to Add to the Class Path Pure JSSE root/sslj/lib/sslj-6.2.6.jar root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar1 Native JSSE2 root/sslj/lib/sslj-6.2.6.jar root/sslj/prebuilt/cryptoj/cryptoj-6.2.5.jar1 Native FIPS JSSE2 root/sslj/lib/sslj-6.2.6.
RSA BSAFE SSL-J 6.2.6 Installation Guide – To work with FIPS 140-2 compliant SSL-J: • With the exception of jcmandroidfips-6.2.5.jar,copy all jar files for the selected configuration to the external library file folder in the Android project, for example, android-project/libs. • Copy the FIPS140 jar, jcmandroidfips-6.2.5.jar, to the relevant folder for loading. • To load the FIPS140 jar from the raw resources folder in the Android project, copy jcmandroidfips-6.2.5.
RSA BSAFE SSL-J 6.2.6 Installation Guide – To work with SSL-J configured as FIPS 140-2 compliant: • Copy the following shared libraries to the platform-specific folder for the shared native library files in the Android project at /jniLibs/platform or /libs/platform : • • • • • • • libccme_asym.so libccme_aux_entropy.so libccme_base.so libccme_base_non_fips.so libccme_ecc.so libccme_ecc_non_fips.so • • • • • • libccme_ecc_accel_fips.so libccme_ecc_accel_non_fips.so libccme_ecdrbg.
RSA BSAFE SSL-J 6.2.6 Installation Guide For FIPS 140-2 Level 2 Roles, Authentication and Services compliance, the security properties listed in the following table must be added. Table 11 FIPS 140-2 Level 2 Property Settings Property Name Value com.rsa.sslj.fips140auth LEVEL2 com.rsa.sslj.configfile1 path and filename2 1 This security property is optional. There are APIs to dynamically specify this property. 2The path and filename can be an absolute path or a path relative to the user.
RSA BSAFE SSL-J 6.2.6 Installation Guide Build an Application to Run the SSL-J Samples An Android samples application to run the SSL-J samples can be built from the command line and Android Studio. Instructions are provided to: • Build the Android Application from the Command Line • Install the Android Samples Application from Android Studio. Gradle scripts to build the application are included in this release at root/sslj/android/BsafeAndroidSamples.
RSA BSAFE SSL-J 6.2.6 Installation Guide The Android samples application is installed and run on the attached device. A list of all the samples is displayed on the device. To run the samples: 1. On the attached device, select and run individual samples from the list displayed. Note: The samples may take several minutes to complete when run on an emulator or older hardware. Install the Android Samples Application from Android Studio Before you Begin: • Attach the relevant Android device.
RSA BSAFE SSL-J 6.2.6 Installation Guide Source Installation This section describes how to decrypt, install and build the SSL-J toolkit on your development environment. Note: For instructions to install the SSL-J toolkit on an Android development environment, go to Source Installation for Android. Before you begin: • Ensure the system you are installing onto has 500 MB of free disk space. • Obtain the decryption key from RSA.
RSA BSAFE SSL-J 6.2.6 Installation Guide Install the JCE Jurisdiction Policy Files The JCE requires that Unlimited Strength Jurisdiction Policy Files are downloaded and installed in order to use some algorithms and key strengths using the JCE API. The following algorithms require these policy files: • AES, RC2, RC4, RC5 with key sizes greater than 128 bits • RSA Encryption. These algorithms are used by: • Some PKCS #12 KeyStore files • The _AES_256_, TLS_RSA_, SSL_RSA_ TLS cipher suites.
RSA BSAFE SSL-J 6.2.6 Installation Guide Install SSL-J The following describes the binary distribution directory structure. Directory root/ license_bsafe.pdf readme.txt SSL-J_6.2.6_InstallGuide.pdf SSL-J_6.2.6_ReleaseNotes.pdf SSL-J_6.2.6_TroubleshootingGuide.
RSA BSAFE SSL-J 6.2.6 Installation Guide Install Third-party Software Tools To successfully build and test the source release, a number of third-party tools are required. The table below lists the required tools and provides the download location from which each can be retrieved. To install each software tool: 1. Download the required file from the download location. 2. Place the required jar files in the specified sub-directory. If the file is a zip file, extract the required jar files from the zip file.
RSA BSAFE SSL-J 6.2.6 Installation Guide Create the Toolkit Jar Files To create the Toolkit Jar files: 1. In a command prompt, navigate to the root/sslj-src/ directory. 2. Compile all of the toolkit classes and run the confidence build using the following command: ant 3. View gen/reports/index.html to verify the success of the build and test process. 4. An error-free execution of the build scripts indicates the successful compilation of these files.
RSA BSAFE SSL-J 6.2.6 Installation Guide Source Installation for Android This section describes how to decrypt, install and build the SSL-J toolkit on your development environment. Before you begin: • Ensure the system you are installing onto has 500 MB of free disk space. • Obtain the decryption key from RSA. • Download the SSL-J encrypted package file and the decryption utility from the download server to a convenient directory. • Install JDK 7.
RSA BSAFE SSL-J 6.2.6 Installation Guide Install SSL-J The following describes the source distribution directory structure: Directory root/ license_bsafe.pdf readme.txt SSL-J_6.2.6_InstallGuide.pdf SSL-J_6.2.6_ReleaseNotes.pdf SSL-J_6.2.6_TroubleshootingGuide.
RSA BSAFE SSL-J 6.2.6 Installation Guide Install Third-party Software Tools To successfully build and test the source release, a number of third-party tools are required. The table below lists the required tools and provides the download location from which each can be retrieved. To install each software tool: 1. Download the required file from the download location. 2. If the file is a zip file, extract the required jar files from the zip file. 3.
RSA BSAFE SSL-J 6.2.6 Installation Guide Table 13 Third-party Software Download Details (continued) Download Location Software Tool Download File Velocity 1.5 Required jars http://archive.apache.org/dist/velocity/engine/1.5 velocity-1.5.zip commons-collections-3.1.jar commons-lang-2.1.jar jdom-1.0.jar oro-2.0.8.jar velocity-1.5.jar werken-xpath-0.9.4.jar Copy to tools/velocity/ Create the Toolkit Jar Files To create the Toolkit Jar files: 1.
RSA BSAFE SSL-J 6.2.6 Installation Guide Build and run the system tests from the Command Line To build and run the system test application from the Command Line: 1. In the development environment, navigate to the Android test directory: cd root/sslj/android/BsafeAndroid 2. Create the Gradle wrapper: gradle wrapper --gradle-version=version --gradle-distribution-url=url Where: – version is the installed version of Gradle.
RSA BSAFE SSL-J 6.2.6 Installation Guide 3. Right click com.rsa.bsafe.android.variant.TestMainActivity where variant is one of: – sslj – sslj.fips – ssljnative – ssljnative.fips 4. From the drop-down box, select Run. To run the system tests on the attached device: 1. On the attached device, select Start from the menu list to run the tests. To collect the test results in an HTML report: 1.
