HSM：使用 JAVA 应用程序使用 HSM 引入

Question

HSM 服务器和客户端设置已在我身边完成，我的问题是如何在没有 HSM 客户端的情况下与 HSM 服务器通信以通过 java 应用程序访问 Luna 密钥库，是否有任何替代方法可以在没有客户端的情况下与 HSM 服务器通信.

Answer 1

您可以使用 safenet SDK 来开发您的加密功能，这些功能可以与 Java 中的 HSM 进行交互。例如：Gemalto HSM 为 Java 开发人员提供 JSP 和 JCProv API 作为 SDK 的一部分。

Answer 2

您需要一个应用程序的 Luna 客户端来连接 HSM 以处理加密操作。 Luna 客户端包含客户端与 HSM 通信所需的库。

Answer 3

以下代码展示了如何准备命令并将命令发送到 safenet HSM。

public static final String send(String command) {
    try (Socket socket = new Socket(HSMIP, HSMPORT);
            InputStream in = socket.getInputStream();
            OutputStream os = socket.getOutputStream()) {
        byte[] commandbytes = DatatypeConverter.parseHexBinary(command);
        byte[] request = new byte[6 + commandbytes.length];
        request[0] = 0x01;  //constant as per setting during installation
        request[1] = 0x01;  //constant as per setting during installation
        request[2] = 0x00;  //constant as per setting during installation
        request[3] = 0x00;  //constant as per setting during installation
        request[4] = (byte) (commandbytes.length / 256);  //length of command
        request[5] = (byte) (commandbytes.length % 256);  //length of command
        System.arraycopy(commandbytes, 0, request, 6, commandbytes.length);
        //logger.info("request : " + DatatypeConverter.printHexBinary(request));
        os.write(request);
        os.flush();
        byte[] header = new byte[6];
        in.read(header);
        logger.info("header : " + DatatypeConverter.printHexBinary(header));
        int len = (header[4] & 0xFF) * 256 + (header[5] & 0xFF);  //length of response
        logger.info("len : " + len);
        byte[] response = new byte[len];
        in.read(response);
        logger.info("response : " + DatatypeConverter.printHexBinary(response));
        return DatatypeConverter.printHexBinary(response);
    } catch (Exception e) {
        e.printStackTrace();
    }
    return null;
}

Answer 4

以下命令显示如何向 Thales HSM 发送命令。

import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;

public class ThalesHSMConnect2 {

    //@formatter:off
    public static final String send(final String command) throws UnknownHostException, IOException {
        try(final Socket sc = new Socket(host, port);
            final DataInputStream din = new DataInputStream(sc.getInputStream());
            final DataOutputStream dos = new DataOutputStream(sc.getOutputStream())) {
            sc.setSoTimeout(5000);
            dos.writeUTF(command);
            dos.flush();
            final String response = din.readUTF();
            return response;
        }
    }

    public static final byte[] send(final byte[] command) throws Exception {
        try(Socket sc = new Socket(host, port);
            InputStream in = sc.getInputStream();
            OutputStream os = sc.getOutputStream()) {
            sc.setSoTimeout(5000);
            command[0] = (byte) ((command.length-2)/256); //two byte command length
            command[1] = (byte) ((command.length-2)%256); //two byte command length
            os.write(command); 
            os.flush();
            final byte b1 = (byte) in.read();
            final byte b2 = (byte) in.read();
            if(b1 < 0 || b2 < 0) throw new SocketTimeoutException("no response from hsm.");
            final byte[] response = new byte[b1*256+b2];
            in.read(response);
            return response;
        }
    }

    public static void main(String[] args) throws IOException {
        final String cvvGenerationResponse = send("0000CWAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB4484070020000310;2105000");
    }
}