Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

HashiCorp Vault

Installing and Configuring CADP for C PKCS#11 Provider

search

Installing and Configuring CADP for C PKCS#11 Provider

This section covers the installation and configuration for the following:

Installing the CADP for C PKCS#11 Provider

Perform the following steps to install the CADP PKCS#11 Provider.

  1. Unzip the CADP for C installer package.

    tar -xzf <source_directory/tar_file_name> -C <destination_directory>

  2. Create the /opt/hashi/<ARCH>/hsm/CipherTrust/CADP_for_C-<VERSION> directory. The HashiCorp Vault user must have appropriate access permissions on /opt/.

    Note

    <ARCH> is the system architecture (either 32 or 64), and <VERSION> is the software version number (for example, 8.18.0). This point onward, in this document, <ARCH> is used as 64. If the system architecture and version are different, adjust these values accordingly.

  3. Copy the library file libcadp_pkcs11.so-<version> from the extracted /root/CADP_for_C-<version> directory to /opt/hashi/64/hsm/CipherTrust/CADP_for_C.

    cp libcadp_pkcs11.so-<version> /opt/hashi/64/hsm/CipherTrust/CADP_for_C-<version>

    For example:

    cp libcadp_pkcs11.so-9.6.0.026 /opt/hashi/64/hsm/CipherTrust/CADP_for_C-8.18.0

    Note

    The receiving directory is a fixed location. HashiCorp Vault searches for this directory. It cannot be changed. Changing the directory name results in a "cannot find PKCS11 library" error.

  4. Copy the CADP_PKCS11.properties file from extracted /root/CADP_for_C-8.18.0.026/CADP_PKCS11.properties directory to /opt/hashi/64/hsm/CipherTrust/CADP_for_C.

    For example:

    cp CADP_PKCS11.properties /opt/hashi/64/hsm/CipherTrust/CADP_for_C

  5. Export the following environment variables.

    export SFNT_HSMAPI_BASE=/opt/hashi/64/hsm/CipherTrust/CADP_for_C
export NAE_Properties_Conf_Filename=$SFNT_HSMAPI_BASE/CADP_PKCS11.properties
export IngrianNAE_Properties_Conf_Slot_ID_Max=100
export IngrianNAE_Properties_Conf_SessionID_Max=100
export AES_GCM_TAG_LEN=6

Configuring the CADP for C PKCS#11 Provider

The basic configuration parameters that are required to be changed in CADP_PKCS11.properties file are:

  • NAE_IP

  • NAE_Port

  • Protocol

  • CA_File

  • Cert_File

  • Key_File

  • Log_Level

  • Log_File

You can further configure the CADP for C PKCS#11 Provider to meet the requirements of your environment. Refer to Configuring the Properties File for more details.

On this page