Setting Up Environment for SNMPv3

 

WebNMS SNMP API supports the privacy feature of SNMPv3 (privacy module defined for USM). To use these privacy functions, third-party packages called providers are required. For example, providers available from Cryptix or JCE (Java Cryptography Extension) can be used.

 

To develop/test applications supporting the privacy features of the SNMPv3, these encryption packages have to be included in the CLASSPATH. In the shell/batch file available in the example directories, the path for the Cryptix package is included as the default security provider. If the security package is SunJCE, the appropriate path has to be included.

 

The different versions of packages that support the privacy feature are as follows.

In the case of privacy, the first available security provider entry in the java.security file will be taken for communication. Suppose, if the entries in java.security file are in the following order, JCE will be the privacy package used during communication.

The corresponding jars should be present in the CLASSPATH.

 

To make the CLASSPATH settings simpler, WebNMS SNMP API provides the setv3.bat/sh file in the <bin> directory. This file can be used for setting the CLASSPATH for the privacy packages.

 

Following are the steps for setting the CLASSPATH to support SNMPv3 privacy feature.

  1. Identify the privacy package that is currently used.

  2. Set the path to point to the package by uncommenting the appropriate PATH command in the setv3.sh/bat file. For example, if the privacy package Cryptix 3.1.1 is present in the parent directory, you have to set the path as: CRYPTIX_3_1_1_DIR=..

  3. Include the necessary additions in the java.security file as instructed in the shell/batch file.

  4. The CLASSPATH settings for all the packages are provided in the shell/batch file. Uncomment the appropriate CLASSPATH command based on your privacy package.

  5. Save the file and use this for your SNMPv3 CLASSPATH settings.

After providing the correct path, executing the shell/batch file enables the user to run the SNMPv3 applications with the privacy features.

 

note.jpg

Note:

  1. 1. The setv3.bat/sh file is not required if you use SNMPv3 for development without the privacy feature.

  2. 2. If the privacy features are to be used along with JDK 1.1.x, Cryptix provider should be used. For JDK 1.2 and above, Cryptix or SunJCE provider can be used.

 

Installing Privacy Support Packages for SNMPv3

 

Cryptix

 

To use the WebNMS SNMPv3 privacy functions, you can depend on the Cryptix security package available at http://www.cryptix.org.

    1. Download and install the Cryptix package. (Cryptix 3.x.x release)

    2. Set the CLASSPATH to point to the cryptix package.

    3. Give the following command to install cryptix package. This is a one-time process that registers the cryptix package as a security provider.

  1. java cryptix.provider.Install

JCE

 

To use JCE 1.2, you need to have JDK 1.2 installed. Note that the JCE package is subject to export restrictions. The installation of this package is similar to cryptix. You need to add the JCE security provider either through the API or by manually editing the java.security file in <jdk1.2/jre/lib/security/>. Sample entries would be:

  1. security.provider.1=sun.security.provider.Sun

    security.provider.2=com.sun.crypto.provider.SunJCE

    security.provider.3=com.ibm.crypto.provider.IBMJCE

The class java.security.Security provides methods to add a provider at run time. An implementation of the JCE 1.2 is also available from Australian Business Access Pvt. Ltd. If you use this, it could be added as a security provider as well.

  1. security.provider.4=au.net.aba.crypto.provider.ABAProvider

JDK 1.2 provides a neat extension framework and therefore you can easily integrate the security provider classes with applets.

 

Applets with Privacy Features

 

To deploy/test the applets supporting the privacy features of SNMPv3, follow the same procedure as explained in the topic Deploying Applets in the Deployment instructions chapter.

 

If JCE 1.2.1 is used as the security provider, a few additional steps have to be followed after the installation. Note that the following procedure is to be followed only if the security provider is JCE.

  1. The browser should be configured with the proper plug-in.

  2. The encryption package's jar files, namely US_export_policy.jar, jce1_2_1.jar, local_policy.jar, and sunjce_provider.jar should be copied to <plugins/lib/ext> directory.

  3. Then the applet should be loaded.

note.jpg

Note: When JDK 1.4 and above is used, it is not necessary to explicitly copy the jar files.

 

Export Restrictions

 

Developers are advised to be aware of the export policies while developing application with encryption/privacy features. Encryption packages are bound by export restrictions. If JCE 1.2 and its implementations are used in developing application and applets, they cannot be used outside US and Canada.

 

However, JCE 1.2.1 does not have any export restrictions. The latest JDK version (JDK 1.4) comes integrated with the JCE 1.2.1.



Copyright © 2012, ZOHO Corp. All Rights Reserved.