TechQA.

Docker Setup with PKCS11

1.5k views Asked by At

  • Background

    We are developing a Spring application which does crypto operations. Requirement of project is that this application implementation should be independent of HSM specific libraries (because client may have any HSM) and hence we used SunPKCS11 interface. SunPKCS11 interface needs a path to HSM library file which implements common PKCS11 interface. This way any HSM which has library implemented PKCS11 interface, would work with application.

  • Current State

    We have host machine for testing where HSM is installed. HSM installer also provides the library which implements PKCS11 interface. We are planning to deploy this application using Docker. Since application should be HSM library independent we have create docker image where no HSM specific information is mentioned. However, we have mount complete lib folder (where PKCS11 implementation library is present) of HSM using docker-compose file. When we do docker-compose up, it gives error for a library which belongs to HSM (though its mounted in lib folder).

Error in loading shared library xxx.so

  • Question

    1. Should I use docker in this case? I have seen discussions in internet to access devices using docker and answer was mostly to use some other docker image which is device specific. However, I don't know if HSM to be used with application (at client side) would have such docker image.
    2. If so, Is it good idea to mount lib folder of HSM? During HSM installation, I have installed 3 rpm files. These 3 installation might have additional libraries which would be required for interacting with HSM.
    3. In case what I am doing is correct approach, what is cause of error?

Dockerfile

FROM some/url/xxxbuild:openjdk8u151-alpine3.7-1.0.0
LABEL maintainer "Team"
ENV APP_USER myapp
ENV APP_HOME /opt/my/app
USER $APP_USER
RUN madir -p $APP_HOME/config

docker-compose file

my-microservice:
image: my-microservice:1.1.0-SNAPSHOT
container_name: my-microservice-container
restart: on-failure
environment:
  SERVER_PORT: 9999
  JAVA_OPTS: -Dlog4j.configurationFile=/opt/gd/app/config/log4j2.xml
ports:
  - 8888:9999
volumes:
  - ./applicationSpecificFile:/opt/gd/app/config
  - /opt/hsm/lib:/opt/hsm/lib       <-- HSM Specific lib files

I am new to Docker and Linux. Let me know in case I miss to mention something.

hsm sunpkcs11
Original Q&A
0

There are 0 answers

Related Questions in HSM

Related Questions in SUNPKCS11

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions