HSM:使用JAVA应用程序引入HSM

Question

HSM服务器和客户端安装在我身边，我的问题是如何在没有HSM客户端的情况下与HSM服务器通信，通过java应用程序访问露娜密钥库，在没有客户端的情况下与HSM服务器通信有什么替代方案吗？

Answer 1

你可以使用safenet SDK来开发你的加密函数，它可以与java中的HSM交互。Gemalto HSM为java开发者提供了JSP和SDK API作为JCProv的一部分。

Answer 2

您需要一个应用程序的露娜客户端来连接HSM来处理加密操作。露娜客户端包含客户端与HSM对话所需的库。

Answer 3

下面的代码显示了如何准备命令并将命令发送到safenet HSM。

public static final String send(String command) {
    try (Socket socket = new Socket(HSMIP, HSMPORT);
            InputStream in = socket.getInputStream();
            OutputStream os = socket.getOutputStream()) {
        byte[] commandbytes = DatatypeConverter.parseHexBinary(command);
        byte[] request = new byte[6 + commandbytes.length];
        request[0] = 0x01;  //constant as per setting during installation
        request[1] = 0x01;  //constant as per setting during installation
        request[2] = 0x00;  //constant as per setting during installation
        request[3] = 0x00;  //constant as per setting during installation
        request[4] = (byte) (commandbytes.length / 256);  //length of command
        request[5] = (byte) (commandbytes.length % 256);  //length of command
        System.arraycopy(commandbytes, 0, request, 6, commandbytes.length);
        //logger.info("request : " + DatatypeConverter.printHexBinary(request));
        os.write(request);
        os.flush();
        byte[] header = new byte[6];
        in.read(header);
        logger.info("header : " + DatatypeConverter.printHexBinary(header));
        int len = (header[4] & 0xFF) * 256 + (header[5] & 0xFF);  //length of response
        logger.info("len : " + len);
        byte[] response = new byte[len];
        in.read(response);
        logger.info("response : " + DatatypeConverter.printHexBinary(response));
        return DatatypeConverter.printHexBinary(response);
    } catch (Exception e) {
        e.printStackTrace();
    }
    return null;
}