Install Futurex PKCS #11 (FXPKCS11)
Install FXPKCS11 on the same computer as the application integrating with the Vectera Plus HSM.
Perform the following steps to install PKCS #11:
In a Windows environment, the easiest way to install the PKCS #11 module is to download FXTools from the portal and install it.
After you download FXTools, run the installer as an administrator.
By default, the system installs all tools. You can overwrite and choose not to install the following modules:
Module
Description
Futurex Client Tools
Command Line Interface (CLI) and associated SDK for both Java and C.
Futurex CNG Module
The Microsoft Next Generation Cryptographic Library.
Futurex Cryptographic Service Provider (CSP)
The Legacy Microsoft Cryptographic Libary.
Futurex EKM Module
The Microsoft Enterprise Key Management library.
Futurex PKCS #11 Module
The PKCS #11 library and associated tools.
Futurex Secure Access Client
The Client that connects a Excrypt Touch to a local laptop with a USB or to a remote device.
After starting the installation, the system installs all noted services. If you selected the Secure Access Client, the Excrypt Touch driver is also installed and might start minimized or in the background.
The installation installs all services in the C:\Program Files\Futurex directory. The CNG Module, CSP Module, EKM Module, and PKCS #11 Module all require configuration files, located in their corresponding directory with a .cfg extension.
For a Linux environment, download the tarball of the PKCS #11 binaries from the Portal.
Extract the .tar file locally where you want to install the application on your file system.
For the PKCS #11 module to be accessible system-wide, an administrative user must place it in /usr/local/bin. If only the current user needs to use the module, then installing into $HOME/bin is appropriate.
The extracted content of the .tar file is a single fxpkcs11 directory. This directory contains the following files and directories (only the files and folders relevant to the installation process are included in this list):
File name or directory
Description
fxpkcs11.cfg
PKCS #11 configuration file to use for HSM Integrations.
x86/
This folder contains the module files for 32-bit architecture.
x64/
This folder contains the module files for 64-bit architecture.
The x86 and x64 directories contain multiple directories named for the specific OpenSSL versions. These OpenSSL directories contain the PKCS #11 module files built with the respective OpenSSL versions.
File name
Description
configTest
Program to test configuration and connection to the HSM.
libfxpkcs11.so
PKCS #11 Library file.
PKCS11Manager
Program to test connection and manage the HSM through the PKCS #11 library.
The configTest and PKCS11Manager programs look for the PKCS #11 configuration file in the /etc directory. You must either move the file from the /usr/local/bin/fxpkcs11 directory to the /etc directory or set the FXPKCS11_CFG environment variable to point to it.