Privileged access management
Curity Identity Server
Configure SunPKCS11 to use the Futurex PKCS #11 module
1 min
this section shows how to configure the sunpkcs11 provider to use the {{futurex}} pkcs #11 module the sunpkcs11 provider , an integral part of the java cryptography architecture (jca) , enables java applications to access cryptographic services through the pkcs #11 api linux perform the following steps to configure sunpkcs11 in linux locate the futurex pkcs #11 library confirm the location of the libfxpkcs11 so file available on your system note its full path for later use for example, it might be located at /usr/local/lib/fxpkcs11/libfxpkcs11 so create a sunpkcs11 configuration file the sunpkcs11 provider uses a configuration file to load the {{futurex}} pkcs #11 module perform the following steps create a file named pkcs11 cfg (or any name you prefer, with a cfg extension) you can save this file anywhere, but a standard location would be something like /usr/local/etc/pkcs11 cfg add the following content to the file, adjusting the library path to indicate the installation location for the {{futurex}} pkcs #11 library on your system name = futurex library = /usr/local/lib/fxpkcs11/libfxpkcs11 so slotlistindex = 0 \# private key attributes(generate,cko private key, ) = { cka sign = true cka verify = true cka token = true cka private = true cka sensitive = true cka extractable = false } name specify a friendly name for the {{futurex}} pkcs #11 provider library specify the full path to the {{futurex}} pkcs #11 module slotlistindex specify the default {{futurex}} pkcs #11 slot number register the library with java open the java security file sudo vim $java home/conf/security/java security add the following line with the path of the pkcs11 cfg file you just created to the sunpkcs11 security provider line then save the file security provider 12=sunpkcs11 /\[pathto]/pkcs11 cfg verify the configuration run the following java keytool command in a terminal to verify that you configured the sunpkcs11 provider correctly to interact with the {{futurex}} pkcs #11 library keytool list keystore none storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex if successful, you should see a line similar to this your keystore creation contains \[number] entries