How To Build The KMIP Examples
Posted by Jim Susoy, Last modified by Jim Susoy on 11 November 2015 11:52 PM
We recommend building and running the KMIP examples as the first step to get familiar with the SKC Toolkit. The examples are easy to build and makefiles (solution files on windows) are provided. A little bit of preparation and configuration will be required to successfully run them.
Verifying Your Environment
The SKC Toolkit has a couple of prerequisites that must be satisfied in order to run.
For Linux systems, we have provided a script that will check you system for the prerequisites and let you know if something is not there. On Windows you will need to get/install openssl, however entropy is usually not an issue on windows system.The scripts can be found in:
Choose the script appropriate for your operating system and run it to determine if any issues are found.
OpenSSL 1.x.x is installed but the appropriate link is missing.
In this case, the fix is simple. Just create the link manually. For example, on a Centos box:
The wrong version of OpenSSL is installed or OpenSSL is not installed.
or the location of the OpenSSL DLLs need to be added to the path so the Windows loader can find them.
On any platform, always make sure that the bitness of OpenSSL you are using matches the bitness of your project. Based on how the examples are compiled 64bit or 32bit, you will need the matching OpenSSL DLLs available.
There is not enough entropy available.
Entropy is required to create cryptographic keys. We have noticed that many Linux based systems have insufficient entropy to generate keys without significantly effecting system performance. We strongly recommend that our customers add either hardware random number generator or software that gathers entropy (e.g., egd -- entropy gathering daemon, or haveged -- A simple entropy daemon ) to their machines that will be required to create crypto keys. The haveged daemon is available as an installable package on RHEL/Centos/Ubuntu distributions.
Along with the SDK we have included several source code projects that help demonstrate how to use P6R's KMIP API. Each of these examples is designed to stand on its own. Each example creates its own keystore to securely place keys and certificates required to communicate to a KMIP server. And each keystore requires keys to encrypt and sign the data stored in it.
However, your application would normally create the keystore and its required keys only once. In addition, the keys for the keystore could be created on a special, high-entropy machine and then copied onto a separate deployed hardware. However, SSL connections also require entropy and perfoemance issues when making SSL connections will result when there is not enough entropy.
Building the examples
Several modifications are required to make this example run on your machine:
Build an example
Makefiles for Linux and solution files for Windows are provided in each example directory. You should spend a little time and become familiar with the contents of these. Understanding what they do will help you create your own SKC projects. Below is an example of building the KMIP-1 example on Linux in 64bit debug mode. You can use the command "
Next you will need to copy your SSL credentials (as discussed above) and license file into the output directory. "