Skip to main content
This section shows how to configure the SunPKCS11 provider to use the Futurex PKCS #11 module. The SunPKCS11 provider, an integral part of the Java Cryptography Architecture (JCA), enables Java applications to access cryptographic services through the PKCS #11 API.

Linux

Perform the following steps to configure SunPKCS11 in Linux:
1
Locate the Futurex PKCS #11 library:Confirm the location of the libfxpkcs11.so file available on your system. Note its full path for later use. For example, it might be located at /usr/local/lib/fxpkcs11/libfxpkcs11.so.
2
Create a SunPKCS11 configuration file:The SunPKCS11 provider uses a configuration file to load the Futurex PKCS #11 module. Perform the following steps:
  1. Create a file named pkcs11.cfg (or any name you prefer, with a .cfg extension). You can save this file anywhere, but a standard location would be something like /usr/local/etc/pkcs11.cfg.
  2. Add the following content to the file, adjusting the library path to indicate the installation location for the Futurex PKCS #11 library on your system:
None
name = Futurex
library = /usr/local/lib/fxpkcs11/libfxpkcs11.so
slotListIndex = 0

# PRIVATE KEY
attributes(generate,CKO_PRIVATE_KEY,*) = {
    CKA_SIGN = true
    CKA_VERIFY = true
    CKA_TOKEN = true
    CKA_PRIVATE = true
    CKA_SENSITIVE = true
    CKA_EXTRACTABLE = false
}
name: Specify a friendly name for the Futurex PKCS #11 provider. library: Specify the full path to the Futurex PKCS #11 module. slotListIndex: Specify the default Futurex PKCS #11 slot number.
3
Register the library with Java:Open the java.security file.
Shell
sudo vim $JAVA_HOME/conf/security/java.security
Add the following line with the path of the pkcs11.cfg file you just created to the SunPKCS11 security provider line. Then save the file.
None
security.provider.12=SunPKCS11 /[pathTo]/pkcs11.cfg
4
Verify the configuration:Run the following Java keytool command in a terminal to verify that you configured the SunPKCS11 provider correctly to interact with the Futurex PKCS #11 library:
Shell
keytool -list -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerName SunPKCS11-Futurex
If successful, you should see a line similar to this: Your keystore creation contains [number] entries.