Install and verify the JCE provider for Cloud HSM - Key Management Service - Alibaba Cloud - Key Management Service

The JCE Provider integrates the Java Cryptography Extension (JCE) framework with your hardware security module (HSM), enabling HSM-backed cryptographic operations through the standard Java Cryptography Architecture (JCA) interfaces.

This JCE Provider requires Java Development Kit (JDK) 1.8.

Prerequisites

Before you begin, ensure that you have:

An HSM in the Initializing state with a crypto user (CU) created. For more information, see Getting started with Cloud Hardware Security Module.
A running HSM client (hsm_proxy). The JCE Provider communicates with the HSM through this local daemon. For setup instructions, see Getting started with Cloud Hardware Security Module.
JDK 1.8

Install the JCE Provider

CentOS 8

Download the JCE Provider installation package.

Install the package.

sudo rpm -ivh ./hsm-client-jce-v2.03.15.10-2.el8.x86_64.rpm

Debian

Download the JCE Provider installation package.

Install the package.

sudo dpkg -i hsm-client-jce-2.03.15.10-20240710_1.x86_64.deb

Verify the installation

Confirm that the following files are present. Their existence indicates a complete installation.

/opt/hsm/java/caviumjca-1.0.0-jar-with-dependencies.jar
/opt/hsm/java/hamcrest-core-1.3.jar
/opt/hsm/java/junit-4.12.jar
/opt/hsm/java/hsm-test-1.0.0.jar
/opt/hsm/java/log4j-api-2.17.0.jar
/opt/hsm/java/log4j-core-2.17.0.jar
/opt/hsm/lib/libcaviumjca.so

Test basic functionality

Run the built-in test suite to confirm the JCE Provider can connect to your HSM and perform cryptographic operations.

Set the following environment variables using the CU credentials.
```
export LD_LIBRARY_PATH=/opt/hsm/lib
export HSM_PARTITION=PARTITION_1
export HSM_USER=<cu-username>
export HSM_PASSWORD=<cu-password>
```
Replace <cu-username> and <cu-password> with the CU's username and password.

Run the test.

java -classpath "/opt/hsm/java/*" org.junit.runner.JUnitCore TestBasicFunctionality

A successful run produces output similar to the following:

JUnit version 4.12
.2021-03-12 13:56:40,527 DEBUG [main] TestBasicFunctionality (TestBasicFunctionality.java:33) - Adding provider.
2021-03-12 13:56:40,721 DEBUG [main] TestBasicFunctionality (TestBasicFunctionality.java:42) - Logging in.
2021-03-12 13:56:40,721 INFO  [main] cfm2.LoginManager (LoginManager.java:244) - Looking for credentials in HsmCredentials.properties
2021-03-12 13:56:40,722 INFO  [main] cfm2.LoginManager (LoginManager.java:262) - Looking for credentials in System.properties
2021-03-12 13:56:40,722 INFO  [main] cfm2.LoginManager (LoginManager.java:270) - Looking for credentials in System.env
2021-03-12 13:56:40,750 DEBUG [main] TestBasicFunctionality (TestBasicFunctionality.java:54) - Generating AES Key with key size 256.
2021-03-12 13:56:40,765 DEBUG [main] TestBasicFunctionality (TestBasicFunctionality.java:63) - Encrypting with AES Key.
2021-03-12 13:56:40,813 DEBUG [main] TestBasicFunctionality (TestBasicFunctionality.java:84) - Deleting AES Key.
2021-03-12 13:56:40,816 DEBUG [main] TestBasicFunctionality (TestBasicFunctionality.java:92) - Logging out.

Time: 0.328

OK (1 test)