Category: Safenet

Posted on

VM Upates for Safenet Installation

sudo su -

# DELETE CRON JOBS

cd /etc/cron.hourly
rm jboss-config
rm jboss-config~

# RE-RUN THE 256-BIT STEPS

extract the JAR file and copy the files into /opt/jce

$cd /opt/jce
$cp /home/jboss1/Desktop/jce .

$rm -f /usr/lib/jvm/jre-1.6.0-sun.x86_64/lib/security/{local,US_export}_policy.jar
$update-alternatives --auto jce_1.6.0_sun_local_policy.x86_64
$update-alternatives --install /usr/lib/jvm/jre-1.6.0-sun.x86_64/lib/security/local_policy.jar jce_1.6.0_sun_local_policy.x86_64 /opt/jce/local_policy.jar 160200 --slave /usr/lib/jvm/jre-1.6.0-sun.x86_64/lib/security/US_export_policy.jar jce_1.6.0_sun_us_export_policy.x86_64 /opt/jce/US_export_policy.jar

Posted on

256 bit encryption for Safenet

-----Original Message-----
From: Guillaume Radde [mailto:guillaume.radde@redhat.com]
Sent: Tuesday, May 22, 2012 6:11 PM
To: Ruckman, Maurice (HAL)
Cc: Hoggard, Chad (HAL); Augustine, Anila (HAL); HAL DistList: IS UNIX
Subject: 256 bit encryption for Safenet

(Added missing link)

Below are the steps to enable 256 bits encryption. This would need to be done on all JBoss servers and developer-vms.

1) Don't listen to instruction from non-RedHat sources, they pretty much all make you break your RHEL java rpm install, which will cause problem during the next java update.

2) Download the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" from [1]. Accept the license on the page and download jce_policy-6.zip.

3) Unzip the zip content into /opt. Your folder structure should look like this:

/opt/jce
/opt/jce/local_policy.jar
/opt/jce/US_export_policy.jar

3a) After you copy the files into /opt/jce you should change the ownership to root
chown -R root.root jce

4) Run the following command as root:
sudo su -
rm -f /usr/lib/jvm/jre-1.6.0-sun.x86_64/lib/security/{local,US_export}_policy.jar && update-alternatives --install /usr/lib/jvm/jre-1.6.0-sun.x86_64/lib/security/local_policy.jar jce_1.6.0_sun_local_policy.x86_64 /opt/jce/local_policy.jar 160200 --slave /usr/lib/jvm/jre-1.6.0-sun.x86_64/lib/security/US_export_policy.jar jce_1.6.0_sun_us_export_policy.x86_64 /opt/jce/US_export_policy.jar

5) Now update to the new links, choose option 2:

update-alternatives --config jce_1.6.0_sun_local_policy.x86_64

6) That's it :-)

[1] http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html

-------------------------------------
Guillaume Radde
Senior Consultant, Red Hat Consulting
guillaume.radde@redhat.com
http://www.redhat.com
-------------------------------------

Notes: You are updating the links with step #4.  For example, before changes:

[root@haldevjbs04 /opt/jce]$  ls -l /etc/alternatives | grep -i jce
lrwxrwxrwx 1 root root 71 Feb  1 12:41 jce_1.6.0_sun_local_policy.x86_64 -> /usr/lib/jvm-private/java-1.6.0-sun.x86_64/jce/vanilla/local_policy.jar
lrwxrwxrwx 1 root root 75 Feb  1 12:41 jce_1.6.0_sun_us_export_policy.x86_64 -> /usr/lib/jvm-private/java-1.6.0-sun.x86_64/jce/vanilla/US_export_policy.jar

Posted on

JCE cannot authenticate the provider IngrianProvider

Could not get Safenet working and kept getting the following error, one solution found was to explode the EAR file.

JCE cannot authenticate the provider IngrianProvider

Caused by: java.util.jar.JarException:
Cannot parse jar:file:/home/jboss1/programs/jboss-eap-5.1/jboss-as/server/haldev-vm-template-safenet/deploy/hal-ear-1.0-SNAPSHOT.ear!/hal-web-1.0-SNAPSHOT.war

Refer: https://access.redhat.com/knowledge/solutions/34813

Posted on

Set location of SafeNet properties file

Where you specify the properties file in JBoss:
/home/jboss1/programs/jboss-eap-5.1/jboss-as/server/haldev-vm-template/deploy/properties-service.xml

In the template you need to also have the properties file itself:
./conf/props/IngrianNAE.properties

Set the system property in the application:

System.setProperty(
"com.ingrian.security.nae.IngrianNAE_Properties_Conf_Filename",
"home/java/IngrianNAE.properties");

Posted on

Safenet Code Sample

The following code stub can be used to encrypt/decrypt with the Safenet appliance.  Refer: CryptoTool.java

private static String doEncrypt( final String plainText ) throws Exception
{
NAESession naesession = NAESession.getSession( "mlrtest", "asdf1234" );
SecretKey secretkey = NAEKey.getSecretKey( "test128", naesession );

Cipher cipher =
Cipher.getInstance( "AES/CBC/PKCS5Padding", "IngrianProvider" );
byte [] iv = new byte [16];
String ivString = "1234567890123456";
iv = ivString.getBytes();
cipher.init( Cipher.ENCRYPT_MODE, secretkey, new IvParameterSpec( iv ) );

byte [] outputByteArray = cipher.doFinal( plainText.getBytes() );

return IngrianProvider.byteArray2Hex( outputByteArray );
}

private static String doDecrypt( final String encryptedText )
throws Exception
{
NAESession naesession = NAESession.getSession( "mlrtest", "asdf1234" );
SecretKey secretkey = NAEKey.getSecretKey( "test128", naesession );

Cipher cipher =
Cipher.getInstance( "AES/CBC/PKCS5Padding", "IngrianProvider" );
byte [] iv = new byte [16];
String ivString = "1234567890123456";
iv = ivString.getBytes();
cipher.init( Cipher.DECRYPT_MODE, secretkey, new IvParameterSpec( iv ) );

byte [] decryptedByte =
cipher.doFinal( IngrianProvider.hex2ByteArray( encryptedText ) );
String decrypted = new String( decryptedByte );

return decrypted;
}

Posted on

How to extract private key RSA code

/hal-parent/hal-ejb/src/main/java/com/hollandamerica/common/encryption/WebKeyFactory.java

Refer: http://stackoverflow.com/questions/150167/how-do-i-list-export-private-keys-from-a-keystore

import org.apache.axis.encoding.Base64;

//NOTE: DO NOT MIGRATE THIS CODE!!!
System.out.println("ifw.getPassword()"+ifw.getPassword().toString());

decryptionKey = (RSAPrivateKey)newKeyStore.getKey(
Keystore.END_ENTITY_ALIAS,ifw.getPassword());
System.out.println("maurice:decryptionKey"+decryptionKey.toString());
//String b64 = new BASE64Encoder().encode(key.getEncoded());
String b64 = new String(Base64.encode(decryptionKey.getEncoded()));
System.out.println("-----BEGIN PRIVATE KEY-----");
System.out.println(b64);
System.out.println("-----END PRIVATE KEY-----");