|Applies To||RSA BSAFE Cert-J|
RSA BSAFE Crypto-J
|Issue||Support for PKCS 11 in RSA BSAFE Cert-J and Crypto-J|
The end user wishes to use PKI credentials within a Java Application. However, these credentials are stored in a device which is only accessible via a Third Party vendors PKCS11 library.
|Cause||PKCS 11 is a standard which defines a C language API for talking to cryptographic tokens. However, it can also be used for talking to any real or virtual(software) devices. As the API is written in C and needs to be compiled for each operating system, it cannot be directly accessed by the Java Vertual Machine without the aid of a Java Native Interface (JNI).|
|Resolution||RSA BSAFE Crypto-J version 3.2 and above implements a native interface to any third party PKCS11 compliant library, allowing a customer to access a PKCS11 device without the need to write their own JNI. Crypto-J does this through the JSAFE_PKCS11SessionSpec class, which is an extension of JSAFE_SessionSpec.|
RSA BSAFE Cert-J version 2.0 and above has a database provider, PKCS11DB, that uses the native pkcs11 support provided by Crypto-J 3.2. Using PKCS11DB, the certificates and keys held in the PKCS11 device can be accessed through standard database operations.
|Legacy Article ID||a4122|