background image
8
Crypto-J Cryptographic Toolkit
RSA BSAFE Crypto-J 5.0 Security Policy Level 1 - Roles, Authentication and Services
1.4 Roles and Services
Crypto-J meets all FIPS140-2 Level 1 requirements, implementing both a Crypto
Officer role and a Crypto User role. As allowed by FIPS 140-2, Crypto-J does not
require user identification or authentication for these roles.
The API for control of Crypto-J is through the com.rsa.jsafe.crypto.CryptoJ
class. The API is duplicated in the class com.rsa.jsafe.CryptoJ.
1.4.1 Crypto Officer Role
An operator can assume the Crypto Officer Role by invoking the
com.rsa.jsafe.crypto.CryptoJ.setRole() method with the
CryptoJ.CRYPTO_OFFICER_ROLE argument. After this invocation, services
available to the Crypto Officer Role can be used.
An operator can also assume the Crypto Officer Role by constructing a
FIPS140Context object where the role is specified as
CryptoJ.CRYPTO_OFFICER_ROLE. The FIPS140Context object can then be
input to a Service which is to be used by the Crypto Officer Role.
The Services section provides a list of services available to the Crypto Officer Role.
1.4.2 Crypto User Role
The Crypto User Role is the default operating role for the module. An operator can
explicitly assume the Crypto User Role by invoking the
com.rsa.jsafe.crypto.CryptoJ.setRole() method with the
CryptoJ.USER_ROLE argument. Once the role is set to Crypto User Role, either by
default or explicitly, services available to the Crypto User Role can be used.
An operator can also assume the Crypto User Role by constructing a
FIPS140Context object where the role is specified as CryptoJ.USER_ROLE.The
FIPS140Context object can then be input to a Service which is to be used by the
Crypto User Role.
The Services section provides a list of services available to the Crypto User Role.
1.4.3 Services
The following table lists the un-authenticated services provided by Crypto-J which
may be used by either Role in terms of the toolkit interface.
Table 1
Services Available to the Crypto User and Crypto Officer Roles
Services Available to the Crypto User and Crypto Officer Roles
CryptoJ.getFIPS140Context
CryptoJ.getSeeder
CryptoJ.setSeeder
CryptoJ.getDefaultRandom