Difference between revisions of "Java PKCS11"

From Dogtag
Jump to: navigation, search
m (JSS Provider)
m
 
(10 intermediate revisions by the same user not shown)
Line 6: Line 6:
 
* https://github.com/dmlloyd/openjdk/blob/jdk/jdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
 
* https://github.com/dmlloyd/openjdk/blob/jdk/jdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
 
* https://github.com/dmlloyd/openjdk/blob/jdk/jdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java
 
* https://github.com/dmlloyd/openjdk/blob/jdk/jdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java
 +
* [https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html JDK 8 PKCS#11 Reference Guide]
 +
* [https://stackoverflow.com/questions/46521791/sunpkcs11-provider-in-java-9 SunPKCS11 provider in Java 9]
  
 
== Installation ==
 
== Installation ==
Line 25: Line 27:
 
== Configuration ==
 
== Configuration ==
  
name=NSS
+
Parameters:
nssLibraryDirectory=/usr/lib64
+
 
nssSecmodDirectory=/etc/pki/nssdb
+
* name
nssModule=keystore
+
* library
 +
* description
 +
* slot
 +
* slotListIndex
 +
* enabledMechanisms
 +
* disabledMechanisms
 +
* attributes
 +
* handleStartupErrors
 +
* insertionCheckInterval
 +
* showInfo
 +
* keyStoreCompatibilityMode
 +
* explicitCancel
 +
* omitInitialize
 +
* allowSingleThreadedModules
 +
* functionList
 +
* nssUseSecmod
 +
* nssLibraryDirectory
 +
* nssSecmodDirectory
 +
* nssModule
 +
* nssDbMode
 +
* nssNetscapeDbWorkaround
 +
* nssArgs
 +
* nssUseSecmodTrust
 +
* useEcX963Encoding
 +
* nssOptimizeSpace
 +
 
 +
For example:
 +
 
 +
<pre>
 +
name=NSS
 +
nssLibraryDirectory=/usr/lib64
 +
nssSecmodDirectory=/etc/pki/nssdb
 +
nssModule=keystore
 +
</pre>
 +
 
 +
See also:
 +
 
 +
* [https://github.com/dmlloyd/openjdk/blob/jdk8u/jdk8u/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java SunPKCS11.java]
 +
* [https://github.com/dmlloyd/openjdk/blob/jdk8u/jdk8u/jdk/src/share/classes/sun/security/pkcs11/Config.java Config.java]
 +
* [https://github.com/dmlloyd/openjdk/blob/jdk8u/jdk8u/jdk/src/share/classes/sun/security/pkcs11/Secmod.java Secmod.java]
  
 
= JSS Provider =
 
= JSS Provider =
Line 35: Line 76:
  
 
See also:
 
See also:
 +
* [https://github.com/dogtagpki/jss/wiki/JSS-KeyStore JSS KeyStore]
 
* https://github.com/dogtagpki/jss/blob/master/org/mozilla/jss/provider/java/security/JSSKeyStoreSpi.java
 
* https://github.com/dogtagpki/jss/blob/master/org/mozilla/jss/provider/java/security/JSSKeyStoreSpi.java
 
* https://github.com/dogtagpki/jss/blob/master/org/mozilla/jss/provider/java/security/JSSKeyStoreSpi.c
 
* https://github.com/dogtagpki/jss/blob/master/org/mozilla/jss/provider/java/security/JSSKeyStoreSpi.c
 
* https://github.com/dogtagpki/jss/blob/master/org/mozilla/jss/tests/KeyStoreTest.java
 
* https://github.com/dogtagpki/jss/blob/master/org/mozilla/jss/tests/KeyStoreTest.java
* [[Tomcat SSL Configuration]]
+
* [[Tomcat SSL]]
  
 
= References =
 
= References =
  
 
* [[Java]]
 
* [[Java]]
* [https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html JDK 8 PKCS#11 Reference Guide]
+
* [https://github.com/dogtagpki/jss/wiki JSS]
* [[JSS]]
 
 
* [[PKCS11]]
 
* [[PKCS11]]

Latest revision as of 04:18, 2 February 2022

Sun PKCS#11 Provider

Main class: sun.security.pkcs11.SunPKCS11

See also:

Installation

Static Installation

To install the provider statically, add the following property into $JAVA_HOME/lib/security/java.security:

security.provider.7=sun.security.pkcs11.SunPKCS11 /etc/pki/nssdb/pkcs11.cfg

Dynamic Installation

To install the provider dynamically, use the following code:

String configName = "/etc/pki/nssdb/pkcs11.cfg";
Provider p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);

Configuration

Parameters:

  • name
  • library
  • description
  • slot
  • slotListIndex
  • enabledMechanisms
  • disabledMechanisms
  • attributes
  • handleStartupErrors
  • insertionCheckInterval
  • showInfo
  • keyStoreCompatibilityMode
  • explicitCancel
  • omitInitialize
  • allowSingleThreadedModules
  • functionList
  • nssUseSecmod
  • nssLibraryDirectory
  • nssSecmodDirectory
  • nssModule
  • nssDbMode
  • nssNetscapeDbWorkaround
  • nssArgs
  • nssUseSecmodTrust
  • useEcX963Encoding
  • nssOptimizeSpace

For example:

name=NSS
nssLibraryDirectory=/usr/lib64
nssSecmodDirectory=/etc/pki/nssdb
nssModule=keystore

See also:

JSS Provider

Main class: org.mozilla.jss.provider.java.security.JSSKeyStoreSpi

See also:

References