Skip to content

Getting Started

Downloading the Tracer Agent

What is the tracer agent?

The Cryptosense Java Tracer is a Java Agent that logs cryptographic calls made by a JVM and its Java application in a format suitable for treatment by Cryptosense Analyzer.

How do I download the tracer agent?

To download the tracer agent, login to your account, then click on the 'Download Tracer' button on the Traces tab.

Do you have sample data?

Yes we do! You can download a sample trace from the Traces tab once logged into your Analyzer account. You can use the sample trace to generate your first report .

Someone else at my organization will make the trace for me, what should I ask them to do?

We've prepared an email that explains all the details.

Making Traces

How do I get a trace from my application?

To get a trace you need to run the application with the Cryptosense Java Tracer installed. This will record a trace of all calls to the crypto library and the responses. See our Java Tracer user manual.

To make a trace, users typically do one of two things: run the application's integration test suite, or play through some specific scenario in the application to explore the cryptography used at that point.

What goes into the trace?

Briefly, it contains all the exchanges between the application and its crypto library. That includes plaintexts and ciphertexts, digests for signature, data to be hashed, public keys, private keys, secret keys, passwords and other parameters of crypto calls. For this reason, we recommend the tracer be used in applications running in pre-production, staging or testing. We also recommend running with test data rather than real customer data.

How do I use the agent if my application runs under a framework like Weblogic/JBoss/Websphere/Tomcat...?

There will be a place in the framework's configuration where you can add a parameter to include the use of the Cryptosense tracer Agent. We give examples for several frameworks in the Java Tracer user manual.

Where does the trace file get written to?

By default it's written to the cs-tracer/ subdirectory of the working directory where you launched the application. You can change this behaviour with the -out option. If the directory doesn't exist, it will be created. The filename will be a timestamp for the moment the application was launched.

I can't see a trace file, is this thing working?

You may have to wait until the application closes for the trace file to appear.

How do I know whether my trace covers all the crypto in my application?

You can use the Cryptosense Static Scanner tool to measure how many of the different call sites for crypto functions in your application have been covered by the calls in a trace.

Uploading Traces

How do I upload my trace?

After logging in at, click on "Upload New" next to the Traces box.

My trace is very big, can I upload it compressed?

Yes, first you can make the Java Tracer compress the trace on the fly by including the compress option (enabled by default). Then you can upload the compressed trace and the Analyzer will take care of it. If you already have a large uncompressed trace, you can compress it yourself with gzip and then upload it. You can also upload trace uncompressed, of course.

Is there a size limit on traces?

On the SaaS platform, the size is limited to 4GB compressed. The tracer will automatically limit the size of the trace to 4GB unless you override this behaviour with the unlimitedTraceSize option.