Code signing
Java Jarsigner

Configure SunPKCS11 to use the Futurex PKCS11 module

1min

This section shows how to configure the SunPKCS11 provider to use the PKCS #11 module, providing separate instructions for Linux and Windows. The SunPKCS11 provider, an integral part of the Java Cryptography Architecture (JCA), enables Java applications to access cryptographic services through the PKCS #11 API.

Choose one of the following operating systems and perform the instructions:

Linux
Windows
1

Locate the Futurex PKCS #11 library:

Confirm the location of the libfxpkcs11.so file available on your system. Note its full path for later use. For example, it might be located at /usr/local/bin/fxpkcs11/libfxpkcs11.so.

2

Create a SunPKCS11 configuration file:

The SunPKCS11 provider uses a configuration file to load the PKCS #11 module. Perform the following steps:

  1. Create a file named pkcs11.cfg (or any name you prefer, with a .cfg extension). You can save this file anywhere, but a standard location would be something like /usr/local/etc/pkcs11.cfg.
  2. Add the following content to the file, adjusting the library path to indicate the installation location for the PKCS #11 library on your system:
Text


name: Specify a friendly name for the PKCS #11 provider. library: Specify the full path to the PKCS #11 module. slotListIndex: Specify the default PKCS #11 slot number.

3

Register the library with Java:

Open the the java.security file.

Shell


Add the following line with the path of the pkcs11.cfg file you just created to the SunPKCS11 security provider line. Then save the file.

Text

4

Verify the configuration:

Run the following Java keytool command in a terminal to verify that you configured the SunPKCS11 provider correctly to interact with the PKCS #11 library:

Shell


If successful, you should see a line similar to the following one: Your keystore creation contains [number] entries.