猿问

HSM:使用 JAVA 应用程序使用 HSM 引入

HSM 服务器和客户端设置已在我身边完成,我的问题是如何在没有 HSM 客户端的情况下与 HSM 服务器进行通信以通过 java 应用程序访问 Luna 密钥库,是否有任何替代方法可以在没有客户端的情况下与 HSM 服务器进行通信。



繁华开满天机
浏览 283回答 4
4回答

慕容3067478

您需要 Luna 客户端到应用程序以连接 HSM 以处理加密操作。Luna 客户端包含客户端与 HSM 通信所需的库。

呼如林

您可以使用 safenet SDK 开发您的加密功能,这些功能可以与 Java 中的 HSM 进行交互。例如:Gemalto HSM 为 Java 开发人员提供 JSP 和 JCProv API 作为 SDK 的一部分。

猛跑小猪

以下命令显示如何向 Thales HSM 发送命令。import java.io.ByteArrayOutputStream;import java.io.DataInputStream;import java.io.DataOutputStream;import java.io.IOException;import java.io.InputStream;import java.io.OutputStream;import java.net.Socket;import java.net.SocketTimeoutException;import java.net.UnknownHostException;public class ThalesHSMConnect2 {&nbsp; &nbsp; //@formatter:off&nbsp; &nbsp; public static final String send(final String command) throws UnknownHostException, IOException {&nbsp; &nbsp; &nbsp; &nbsp; try(final Socket sc = new Socket(host, port);&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; final DataInputStream din = new DataInputStream(sc.getInputStream());&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; final DataOutputStream dos = new DataOutputStream(sc.getOutputStream())) {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; sc.setSoTimeout(5000);&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dos.writeUTF(command);&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dos.flush();&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; final String response = din.readUTF();&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return response;&nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; }&nbsp; &nbsp; public static final byte[] send(final byte[] command) throws Exception {&nbsp; &nbsp; &nbsp; &nbsp; try(Socket sc = new Socket(host, port);&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; InputStream in = sc.getInputStream();&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OutputStream os = sc.getOutputStream()) {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; sc.setSoTimeout(5000);&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; command[0] = (byte) ((command.length-2)/256); //two byte command length&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; command[1] = (byte) ((command.length-2)%256); //two byte command length&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; os.write(command);&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; os.flush();&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; final byte b1 = (byte) in.read();&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; final byte b2 = (byte) in.read();&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if(b1 < 0 || b2 < 0) throw new SocketTimeoutException("no response from hsm.");&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; final byte[] response = new byte[b1*256+b2];&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; in.read(response);&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return response;&nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; }&nbsp; &nbsp; public static void main(String[] args) throws IOException {&nbsp; &nbsp; &nbsp; &nbsp; final String cvvGenerationResponse = send("0000CWAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB4484070020000310;2105000");&nbsp; &nbsp; }}

喵喔喔

以下代码显示了如何准备并向 safenet HSM 发送命令。public static final String send(String command) {&nbsp; &nbsp; try (Socket socket = new Socket(HSMIP, HSMPORT);&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; InputStream in = socket.getInputStream();&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; OutputStream os = socket.getOutputStream()) {&nbsp; &nbsp; &nbsp; &nbsp; byte[] commandbytes = DatatypeConverter.parseHexBinary(command);&nbsp; &nbsp; &nbsp; &nbsp; byte[] request = new byte[6 + commandbytes.length];&nbsp; &nbsp; &nbsp; &nbsp; request[0] = 0x01;&nbsp; //constant as per setting during installation&nbsp; &nbsp; &nbsp; &nbsp; request[1] = 0x01;&nbsp; //constant as per setting during installation&nbsp; &nbsp; &nbsp; &nbsp; request[2] = 0x00;&nbsp; //constant as per setting during installation&nbsp; &nbsp; &nbsp; &nbsp; request[3] = 0x00;&nbsp; //constant as per setting during installation&nbsp; &nbsp; &nbsp; &nbsp; request[4] = (byte) (commandbytes.length / 256);&nbsp; //length of command&nbsp; &nbsp; &nbsp; &nbsp; request[5] = (byte) (commandbytes.length % 256);&nbsp; //length of command&nbsp; &nbsp; &nbsp; &nbsp; System.arraycopy(commandbytes, 0, request, 6, commandbytes.length);&nbsp; &nbsp; &nbsp; &nbsp; //logger.info("request : " + DatatypeConverter.printHexBinary(request));&nbsp; &nbsp; &nbsp; &nbsp; os.write(request);&nbsp; &nbsp; &nbsp; &nbsp; os.flush();&nbsp; &nbsp; &nbsp; &nbsp; byte[] header = new byte[6];&nbsp; &nbsp; &nbsp; &nbsp; in.read(header);&nbsp; &nbsp; &nbsp; &nbsp; logger.info("header : " + DatatypeConverter.printHexBinary(header));&nbsp; &nbsp; &nbsp; &nbsp; int len = (header[4] & 0xFF) * 256 + (header[5] & 0xFF);&nbsp; //length of response&nbsp; &nbsp; &nbsp; &nbsp; logger.info("len : " + len);&nbsp; &nbsp; &nbsp; &nbsp; byte[] response = new byte[len];&nbsp; &nbsp; &nbsp; &nbsp; in.read(response);&nbsp; &nbsp; &nbsp; &nbsp; logger.info("response : " + DatatypeConverter.printHexBinary(response));&nbsp; &nbsp; &nbsp; &nbsp; return DatatypeConverter.printHexBinary(response);&nbsp; &nbsp; } catch (Exception e) {&nbsp; &nbsp; &nbsp; &nbsp; e.printStackTrace();&nbsp; &nbsp; }&nbsp; &nbsp; return null;}
随时随地看视频慕课网APP

相关分类

Java
我要回答