Setup Java Security Provider for Luna HSMs (LunaProvider)

Static method of registration (Unix/Linux).

  1. Copy LUNA_CLIENT_DIRECTORY/jsp/lib/LunaProvider.jar into JAVA_HOME/jre/lib/ext
  2. Create a symlink of LUNA_CLIENT_DIRECTORY/jsp/lib/libLunaAPI.so in /usr/lib
  3. Add "com.safenetinc.luna.provider.LunaProvider" in JAVA_HOME/jre/lib/security/java.security
  4. Create a keystore file with "slot:SLOT_LABEL" or "tokenlabel:SLOT_LABEL"
  5. Test LunaProvider by executing keytool list command.
keytool -list -keystore keystore_file -storetype Luna


Static method of registration (Windows)

  1. Copy LunaProvider.jar into %JAVA_HOME%\jre\lib\ext
  2. Copy LunaAPI.dll in C:\Windows\System32 or add C:\Program Files\SafeNet\LunaClient\jsp\lib into %PATH% environment variable
  3. Add com.safenetinc.luna.provider.LunaProvider entry in %JAVA_HOME%/jre/lib/security/java.security
  4. Create a keystore file with "slot:SLOT_NUMBER" or "tokenlabel:SLOT_LABEL" as it's content
  5. Test LunaProvider using keytool.
keytool -list -keystore KeyStore_File -storetype Luna

Loading LunaProvider dynamically.


Create a keystore file with "slot:SLOT_NUMBER" or "tokenlabel:SLOT_LABEL" as its content

Here's a sample command to list contents of a keystore using LunaProvider
keytool -list -keystore -storetype Luna -providerclass com.safenetinc.luna.provider.LunaProvider -providerpath /usr/safenet/lunaclient/jsp/lib/LunaProvider.jar -J-Djava.library.path=/usr/safenet/lunaclient/jsp/lib

Generate a keypair by loading LunaProvider dynamically (Unix/Linux).
keytool -genkey -alias mySigningKey -keyalg RSA -keysize 2048 -sigalg sha256WithRSA -validity 730 -keystore keystore_file -storetype Luna -providerclass com.safenetinc.luna.provider.LunaProvider -providerpath /usr/safenet/lunaclient/jsp/lib/LunaProvider.jar -J-Djava.library.path=/usr/safenet/lunaclient/jsp/lib

Generate a keypair by loading LunaProvider dynamically (Windows).
keytool -list -keystore -storetype Luna -providerclass com.safenetinc.luna.provider.LunaProvider -providerpath C:\Program Files\SafeNet\LunaClient\jsp\lib\LunaProvider.jar -J-Djava.library.path=C:\Program Files\SafeNet\LunaClient\jsp\lib