Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.futurex.com/llms.txt

Use this file to discover all available pages before exploring further.

You must install the Futurex PKCS #11 module on the computer or server where you plan to install Java Jarsigner.
The following process installs only the HSM Version of the PKCS #11 configuration file. For KMES integrations, you need to replace the <HSM> section with a <KMS> section. Perform the following steps to install Futurex PKCS #11 on your Windows or Linux server:

Windows

1
In a Windows Environment, the easiest way to install the Futurex PKCS #11 module is by installing FXTools. Download FXTools from the Futurex portal.
2
After you download it, run the FXTools installer as an administrator.
3
By default, all tools are installed on the system. However, you can overwrite and choose not to install certain modules. The modules include the following options:
ModuleDescription
Futurex Client ToolsCommand Line Interface (CLI) and associated SDK for both Java and C.
Futurex CNG ModuleThe Microsoft Next Generation Cryptographic Library.
Futurex Cryptographic Service Provider (CSP)The Legacy Microsoft Cryptographic Libary.
Futurex EKM ModuleThe Microsoft Enterprise Key Management library.
Futurex PKCS #11 ModuleThe Futurex PKCS #11 library and associated tools.
Futurex Secure Access ClientThe Client connects a Futurex Excrypt Touch to a local laptop through USB or to a remote Futurex device.
After starting the installation, all noted services are installed. If you selected the Futurex Secure Access Client, the Futurex Excrypt Touch driver is also installed (This tool might start minimized or run in the background).
4
After installation is complete, you can find all services in the C:\Program Files\Futurex directory. The CNG, CSP, EKM, and PKCS #11 modules all require configuration files located in their corresponding directory with a .cfg extension.

Linux

1
For a Linux Environment, download the tarball of the PKCS #11 binaries from the Futurex Portal.
2
Extract the .tar file locally where you want to install the application on your file system.For the Futurex PKCS #11 module to be accessible system-wide, an administrative user needs extract it in /usr/local/bin. If only the current user needs to use the module, then you can extract it in $HOME/bin.The extracted content of the .tar file is a single fxpkcs11 directory. Inside the fxpkcs11 directory are the following files and directories (only files and folders relevant to the installation process are included):
Filename/DirectoryDescription
fxpkcs11.cfgPKCS #11 configuration file to use for HSM integrations.
fxpkcs11-kms.cfgPKCS #11 configuration file to use for KMES Series 3 integrations.
x86/This folder contains the module files for 32-bit architecture.
x64/This folder contains the module files for 64-bit architecture.
The x86 and x64 directories contain multiple directories named for the specific OpenSSL versions. These OpenSSL directories contain the PKCS #11 module files, built with the respective OpenSSL versions.
configTestProgram to test configuration and connection to the HSM.
libfxpkcs11.soPKCS #11 Library file.
PKCS11ManagerProgram to test connection and manage the HSM through the PKCS #11 library.
3
Because the configTest and PKCS11Manager programs look for the PKCS #11 configuration file in the /etc directory, you must either move the file from the /usr/local/bin/fxpkcs11 directory to the /etc directory or set the FXPKCS11_CFG environment variable to point to the PKCS #11 configuration file.
If using the KMES version of the PKCS #11 configuration file (fxpkcs11-kms.cfg), you must rename the file to fxpkcs11.cfg.

Java and OpenSSL Installed on the Same Device

If Java and OpenSSL will be installed on the same system, please reference Using OpenSSL and Java.