Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.futurex.com/llms.txt

Use this file to discover all available pages before exploring further.

This section shows how to configure the SunPKCS11 provider to use the Futurex PKCS #11 module, providing separate instructions for Linux and Windows. The SunPKCS11 provider, an integral part of the Java Cryptography Architecture (JCA), enables Java applications to access cryptographic services through the PKCS #11 API. Choose one of the following operating systems and perform the instructions:

Linux

Perform the following steps to configure SunPKCS11 in Linux:
1
Locate the Futurex PKCS #11 library:Confirm the location of the libfxpkcs11.so file available on your system. Note its full path for later use. For example, it might be located at /usr/local/lib/fxpkcs11/libfxpkcs11.so.
2
Create a SunPKCS11 configuration file:The SunPKCS11 provider uses a configuration file to load the Futurex PKCS #11 module. Perform the following steps:
  1. Create a file named pkcs11.cfg (or any name you prefer, with a .cfg extension). You can save this file anywhere, but a standard location would be something like /usr/local/etc/pkcs11.cfg.
  2. Add the following content to the file, adjusting the library path to indicate the installation location for the Futurex PKCS #11 library on your system:
None
name = Futurex
library = /usr/local/lib/fxpkcs11/libfxpkcs11.so
slotListIndex = 0

# PRIVATE KEY
attributes(generate,CKO_PRIVATE_KEY,*) = {
    CKA_SIGN = true
    CKA_VERIFY = true
    CKA_TOKEN = true
    CKA_PRIVATE = true
    CKA_SENSITIVE = true
    CKA_EXTRACTABLE = false
}
name: Specify a friendly name for the Futurex PKCS #11 provider. library: Specify the full path to the Futurex PKCS #11 module. slotListIndex: Specify the default Futurex PKCS #11 slot number.
3
Register the library with Java:Open the java.security file.
Shell
sudo vim $JAVA_HOME/conf/security/java.security
Add the following line with the path of the pkcs11.cfg file you just created to the SunPKCS11 security provider line. Then save the file.
None
security.provider.12=SunPKCS11 /[pathTo]/pkcs11.cfg
4
Verify the configuration:Run the following Java keytool command in a terminal to verify that you configured the SunPKCS11 provider correctly to interact with the Futurex PKCS #11 library:
Shell
keytool -list -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerName SunPKCS11-Futurex
If successful, you should see a line similar to this: Your keystore creation contains [number] entries.

Windows

Perform the following steps to configure SunPKCS11 in Windows:
1
Locate the JDK installation directory:Find the path to your JDK installation. This is typically something similar to C:\Program Files\Java\jdk-<version>.
2
Create a configuration file for SunPKCS11:The SunPKCS11 provider uses a configuration file to load the Futurex PKCS #11 module. Create a file named pkcs11.cfg (or any other name you prefer, with a .cfg extension).Add the following content to the file, adjusting the library path to point to where you installed the Futurex PKCS #11 library on your system:
None
name = Futurex
library = C:/Program Files/Futurex/fxpkcs11/fxpkcs11.dll
slotListIndex = 0

# PRIVATE KEY
attributes(generate,CKO_PRIVATE_KEY,*) = {
    CKA_SIGN = true
    CKA_VERIFY = true
    CKA_TOKEN = true
    CKA_PRIVATE = true
    CKA_SENSITIVE = true
    CKA_EXTRACTABLE = false
}
3
Register the library with Java:Open the the java.security file in a text editor. The file is usually located at %JAVA_HOME%\conf\security\java.securityAdd the following line with the path of the pkcs11.cfg file you just created to the SunPKCS11 security provider line. Then, save the file.
Use double backslashes for the path.
None
security.provider.12=SunPKCS11 C:\\[pathTo]\\pkcs11.cfg
4
Verify the configuration:Open a command prompt and run the following java keytool command to verify that you configured the SunPKCS11 provider correctly to interact with the Futurex PKCS #11 library:
Shell
keytool -list -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerName SunPKCS11-Futurex
If successful, you should see a line similar to this: Your keystore contains [number] entries.