Configure SunPKCS11 to use the Futurex PKCS #11 module

this section shows how to configure the sunpkcs11 provider to use the {{futurex}} pkcs #11 module, providing separate instructions for linux and windows the sunpkcs11 provider, an integral part of the java cryptography architecture (jca) , enables java applications to access cryptographic services through the pkcs #11 api choose one of the following operating systems and perform the instructions locate the futurex pkcs #11 library confirm the location of the libfxpkcs11 so file available on your system note its full path for later use for example, it might be located at /usr/local/bin/fxpkcs11/libfxpkcs11 so create a sunpkcs11 configuration file the sunpkcs11 provider uses a configuration file to load the {{futurex}} pkcs #11 module perform the following steps create a file named pkcs11 cfg (or any name you prefer, with a cfg extension) you can save this file anywhere, but a standard location would be something like /usr/local/etc/pkcs11 cfg add the following content to the file, adjusting the library path to indicate the installation location for the {{futurex}} pkcs #11 library on your system name = futurex library = /usr/local/bin/fxpkcs11/libfxpkcs11 so slotlistindex = 0 \# private key attributes(generate,cko private key, ) = { cka sign = true cka verify = true cka token = true cka private = true cka sensitive = true cka extractable = false } name specify a friendly name for the {{futurex}} pkcs #11 provider library specify the full path to the {{futurex}} pkcs #11 module slotlistindex specify the default {{futurex}} pkcs #11 slot number register the library with java open the the java security file vim $java home/conf/security/java security add the following line with the path of the pkcs11 cfg file you just created to the sunpkcs11 security provider line then save the file security provider 12=sunpkcs11 /\[pathto]/pkcs11 cfg verify the configuration run the following java keytool command in a terminal to verify that you configured the sunpkcs11 provider correctly to interact with the {{futurex}} pkcs #11 library keytool list keystore none storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex if successful, you should see a line similar to the following one your keystore creation contains \[number] entries locate the jdk installation directory find the path to your jdk installation this is typically something similar to c \program files\java\jdk \<version> create a configuration file for sunpkcs11 the sunpkcs11 provider uses a configuration file to load the {{futurex}} pkcs #11 module create a file named pkcs11 cfg (or any other name you prefer, with a cfg extension) add the following content to the file, adjusting the library path to point to where you installed the {{futurex}} pkcs #11 library on your system name = futurex library = c /program files/futurex/fxpkcs11/fxpkcs11 dll slotlistindex = 0 \# private key attributes(generate,cko private key, ) = { cka sign = true cka verify = true cka token = true cka private = true cka sensitive = true cka extractable = false } register the library with java open the the java security file in a text editor the file is usually located at %java home%\conf\security\java security add the following line with the path of the pkcs11 cfg file you just created to the sunpkcs11 security provider line then save the file use double back slashes for the path security provider 12=sunpkcs11 c \\\\\[pathto]\\\pkcs11 cfg verify the configuration open a command prompt, and run the following java keytool command to verify that you configured the sunpkcs11 provider correctly to interact with the {{futurex}} pkcs #11 library keytool list keystore none storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex if successful, you should see a line similar to the following one your keystore contains \[number] entries