Developer's Guide
 All Files Variables Pages
The KSG KMIP Server Gateway

Table of Contents

Introduction

This guide contains all the infromation you need to get started with the KMIP Server Gateway (KSG). It outlines the steps needed to install and configure the server. KSG takes KMIP client requests and translates them into PKCS#11 API calls and then takes the PKCS#11 API call results and converts them back into KMIP responses and sends them to the requesting client. KSG runs on Windows and any flavor or Linux.

Getting Help

There are many ways to get help using KSG.

  • Check the documentation (you're already here)
  • Determine what KMIP client library or 3rd party application you will use to test with KSG. P6R also sells KMIP client products.
  • Search our Knowledgebase
  • Submit a support request

Getting Started

For this version of KSG the user must configure KSG's PKCS#11 module to talk to the user's HSM. In addition, the user must set up a TLS proxy to take incoming TLS requests and forward them to KSG (e.g., Stunnel) [in a future release KSG will have its own TLS server protocol handling as an option]. Here are the KSG set up steps.

* 1) Install KSG in the directory you will run it out of
* 2) Run the p6pkcs11tool to configure the P6R PKCS#11 module so it can talk to your HSM. (See documentation for the p6pkcs11tool that comes with KSG.)
* When PKCS#11 is properly configured the following files should appear in the ..<install directory>/data directory: PKCS11, PKCS11.sig, and pkcs11baseKey.txt
* Now KSG is ready to talk to your HSM.
* 3) Modify the ..<install directory>/confs/ksg.conf file (see options below under the section "Gateway Configuration Parameters").
* 4) Install and configure Stunnel (or another TLS proxy) to sit in front of KSG (see the section "KSG and Stunnel" below).
*

Note, to run the p6pkcs11tool on Linux currently requires setting LD_LIBRARY_PATH the to "<installed path>../components" directory so it can dynamically load libp6pkcs11.so, which is P6R's PKCS#11 library implementation. Otherwise, an error that the shared library cannot be found will be returned.

See KSG Setup for more detailed setup information.

Reference Guides