SafeNet PKCS #11
The PKCS #11 standard defines a platform-independent API to cryptographic tokens, such as hardware security modules (HSM), smart cards, and names the API itself "Cryptoki" (from "cryptographic token interface" and pronounced as "crypto-key" - but "PKCS #11" is often used to refer to the API as well as the standard that defines it).
The API defines most commonly used cryptographic object types (RSAX.509 keys, DES/Triple DES Certificates/keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.
The driver installers can be found at https://support.globalsign.com/customer/portal/articles/1698654-safenet-drivers.
Get the SafeNet PKCS #11 container object
For more information on how to configure the T1C-JLIB client library see Client Configuration. Initialize a gclClient:
LibConfig conf = new LibConfig();
conf.setEnvironment(Environment.DEV);
conf.setDsUri(DS_URI);
conf.setOcvUri(OCV_URI);
conf.setGclClientUri(URI_T1C_GCL);
conf.setApiKey(API_KEY);
conf.setHardwarePinPadForced(false);
conf.setDefaultPollingIntervalInSeconds(5);
conf.setDefaultPollingTimeoutInSeconds(10);
conf.setSessionTimeout(60);
T1cClient t1cClient = new T1cClient(conf);
});
The SafeNet PKCS#11 container has some default locations where it will check for the required drivers. If your installation has put these in a different place, it is possible to override the default locations by passing in a moduleConfig object when retrieving the SafeNet contianer service:
Path linux = Paths.get("/usr/local/lib/libeTPkcs11.so");
Path mac = Paths.get("/usr/local/lib/libeTPkcs11.dylib");
Path win = Paths.get("C:\\Windows\\System32\\eTPKCS11.dll");
SafeNetContainerConfiguration config = new SafeNetContainerConfiguration()
.withLinux(linux)
.withMac(mac)
.withWindows(win);
SafeNetContainer container = client.getSafeNetContainer(reader, config);
Reading data
Info
This methods returns more information about the PKCS #11 library you are using.
GclSafeNetInfo info = container.getSafeNetInfo();
An example response:
com.t1t.t1c.containers.smartcards.pkcs11.safenet.GclSafeNetInfo
| Name | Description | Example Value | Type |
|---|---|---|---|
cryptokiVersion |
The crypto key version | "2.20" | java.lang.String |
manufacturerId |
The manufacturer ID | "SafeNet, Inc." | java.lang.String |
flags |
The flags | 7 | java.lang.Integer |
libraryDescription |
The library description | "SafeNet eToken PKCS#11" | java.lang.String |
libraryVersion |
The library version | "9.1" | java.lang.String |
Slots
This methods return the available slots on the system.
List<GclSafeNetSlot> slots = container.getSafeNetSlots();
An example response:
java.util.List<com.t1t.t1c.containers.smartcards.pkcs11.safenet.GclSafeNetSlot>
| Name | Description | Example Value | Type |
|---|---|---|---|
slotId |
The slot ID | 0 | java.lang.Integer |
description |
The description | "SafeNet eToken 5100" | java.lang.String |
flags |
The flags | 7 | java.lang.Integer |
hardwareVersion |
The hardware version | "2.0" | java.lang.String |
firmwareVersion |
The firmware version | "0.0" | java.lang.String |
The flags value gives more information about the slot, possible values are
| Value | Description |
|---|---|
0 |
Empty |
1 |
Token present |
2 |
Removable device |
3 |
Token present + removable device |
4 |
Hardware slot |
5 |
Token present + hardware slot |
6 |
Removable device + hardware slot |
7 |
Token present + removable device + hardware slot |
32 |
Unknown |
Slots with tokens present
This method is similar the the slots endpoint but only returns a list of slots where a token is present.
List<GclSafeNetSlot> slots = container.getSafeNetSlotsWithTokensPresent(true);
An example response:
java.util.List<com.t1t.t1c.containers.smartcards.pkcs11.safenet.GclSafeNetSlot>
Certificates
This methods allows you to retrieve the certificates from the SafeNet PKCS #11 token.
List<GclSafeNetSlot> slots = container.getSafeNetSlotsWithTokensPresent(true);
GclSafeNetSlot slot = slots.get(0);
String pin = "1234";
SafeNetCertificates certificates = container.getSafeNetCertificates(slot.getSlotId(), pin);
Response:
com.t1t.t1c.containers.smartcards.pkcs11.safenet.SafeNetCertificates
| Name | Description | Example Value | Type |
|---|---|---|---|
certificates |
The certificates | See below | java.util.List<com.t1t.t1c.model.T1cCertificate> |
com.t1t.t1c.model.T1cCertificate
| Name | Description | Example Value | Type |
|---|---|---|---|
base64 |
The base64 encoded certificate | ""MIIFjjCCA3agAwI...rTBDdrlEWVaLrY+M+xeIctrC0WnP7u4xg==" | java.lang.String |
parsed |
The decoded certificate | N/A | java.security.cert.Certificate |