Configure SunPKCS11 to use the Futurex PKCS11 module
This section shows how to configure the SunPKCS11 provider to use the PKCS #11 module, providing separate instructions for Linux and Windows. The SunPKCS11 provider, an integral part of the Java Cryptography Architecture (JCA), enables Java applications to access cryptographic services through the PKCS #11 API.
Choose one of the following operating systems and perform the instructions:
Locate the Futurex PKCS #11 library:
Confirm the location of the libfxpkcs11.so file available on your system. Note its full path for later use. For example, it might be located at /usr/local/bin/fxpkcs11/libfxpkcs11.so.
Create a SunPKCS11 configuration file:
The SunPKCS11 provider uses a configuration file to load the PKCS #11 module. Perform the following steps:
- Create a file named pkcs11.cfg (or any name you prefer, with a .cfg extension). You can save this file anywhere, but a standard location would be something like /usr/local/etc/pkcs11.cfg.
- Add the following content to the file, adjusting the library path to indicate the installation location for the PKCS #11 library on your system:
name: Specify a friendly name for the PKCS #11 provider. library: Specify the full path to the PKCS #11 module. slotListIndex: Specify the default PKCS #11 slot number.
Register the library with Java:
Open the the java.security file.
Add the following line with the path of the pkcs11.cfg file you just created to the SunPKCS11 security provider line. Then save the file.
Verify the configuration:
Run the following Java keytool command in a terminal to verify that you configured the SunPKCS11 provider correctly to interact with the PKCS #11 library:
If successful, you should see a line similar to the following one: Your keystore creation contains [number] entries.
Locate the JDK installation directory:
Find the path to your JDK installation. This is typically something similar to C:\Program Files\Java\jdk-<version>.
Create a configuration file for SunPKCS11:
The SunPKCS11 provider uses a configuration file to load the PKCS #11 module. Create a file named pkcs11.cfg (or any other name you prefer, with a .cfg extension).
Add the following content to the file, adjusting the library path to point to where you installed the PKCS #11 library on your system:
Register the library with Java:
Open the the java.security file in a text editor. The file is usually located at %JAVA_HOME%\conf\security\java.security
Add the following line with the path of the pkcs11.cfg file you just created to the SunPKCS11 security provider line. Then save the file.
Use double back slashes for the path.
Verify the configuration:
Open a command prompt, and run the following java keytool command to verify that you configured the SunPKCS11 provider correctly to interact with the PKCS #11 library:
If successful, you should see a line similar to the following one: Your keystore contains [number] entries.