Skip to main content
The Generic FXPKCS11 with Java Provider service template enables you to deploy CryptoHub with third-party applications that support integration with an HSM or Key Management device through PKCS #11 but have not yet been officially tested and added to the CryptoHub Service Management store. Contact the Futurex support team if you need us to add a specific third-party application to CryptoHub. Our dedicated Integration Engineering team tests and documents the integration by using the following process.

Futurex certification process

The Futurex certification process is a rigorous and standardized approach to testing and certifying integrations between third-party applications and Futurex HSMs and key management servers (such as KMES Series 3). The certification process ensures that we fully test and validate third-party application integrations in a lab environment before deploying them in a production environment. Our Integration Engineering team implements this process so you can be confident that third-party applications integrate seamlessly with our HSMs and KMES Series 3 devices, and that all operations result in the expected behavior. The certification process involves research, testing, troubleshooting, and certification and is fully documented in individual integration guides by using the following process:
  1. Research the third-party application to understand the solution and the protocol it uses to integrate with an HSM or KMS device (such as PKCS #11, Microsoft CNG, JCE, OpenSSL Engine, or KMIP).
  2. Determine how the third-party application uses the HSM or KMS device, including its specific functionalities (such as data encryption, key protection, entropy, and so on).
  3. Install and configure the third-party application in a lab environment, where all testing and validation occur.
  4. Establish a connection between the third-party application and the Futurex device, which typically involves configuring TLS certificates and creating roles and identities that the third-party application uses to connect and authenticate to the Futurex device.
  5. Initiate a request from the third-party application to the Futurex device, such as generating keys or certificates, encrypting or decrypting data, or performing other cryptographic functions.
  6. If errors occur during testing, the Integration Engineering team diagnoses the issues and takes corrective actions. If necessary, the team also documents the errors by creating engineering change requests (ECRs) to ensure all issues are addressed and resolved before certification.
  7. After making any necessary engineering changes, they perform a new end-to-end test to ensure that all errors are resolved and that all operations are successful.
  8. Certify the integration by creating an integration guide that covers all necessary prerequisites, configurations required in both the third-party application and the Futurex device, and the steps to test the functionality.
Following these steps helps ensure that the integration between the third-party application and the Futurex device is ready for use.