Java PKCS11
From Dogtag
Contents
Sun PKCS#11 Provider
Main class: sun.security.pkcs11.SunPKCS11
See also:
- https://github.com/dmlloyd/openjdk/blob/jdk/jdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
- https://github.com/dmlloyd/openjdk/blob/jdk/jdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java
- JDK 8 PKCS#11 Reference Guide
- SunPKCS11 provider in Java 9
Installation
Static Installation
To install the provider statically, add the following property into $JAVA_HOME/lib/security/java.security:
security.provider.7=sun.security.pkcs11.SunPKCS11 /etc/pki/nssdb/pkcs11.cfg
Dynamic Installation
To install the provider dynamically, use the following code:
String configName = "/etc/pki/nssdb/pkcs11.cfg"; Provider p = new sun.security.pkcs11.SunPKCS11(configName); Security.addProvider(p);
Configuration
Parameters:
- name
- library
- description
- slot
- slotListIndex
- enabledMechanisms
- disabledMechanisms
- attributes
- handleStartupErrors
- insertionCheckInterval
- showInfo
- keyStoreCompatibilityMode
- explicitCancel
- omitInitialize
- allowSingleThreadedModules
- functionList
- nssUseSecmod
- nssLibraryDirectory
- nssSecmodDirectory
- nssModule
- nssDbMode
- nssNetscapeDbWorkaround
- nssArgs
- nssUseSecmodTrust
- useEcX963Encoding
- nssOptimizeSpace
For example:
name=NSS nssLibraryDirectory=/usr/lib64 nssSecmodDirectory=/etc/pki/nssdb nssModule=keystore
See also:
JSS Provider
Main class: org.mozilla.jss.provider.java.security.JSSKeyStoreSpi
See also:
- JSS KeyStore
- https://github.com/dogtagpki/jss/blob/master/org/mozilla/jss/provider/java/security/JSSKeyStoreSpi.java
- https://github.com/dogtagpki/jss/blob/master/org/mozilla/jss/provider/java/security/JSSKeyStoreSpi.c
- https://github.com/dogtagpki/jss/blob/master/org/mozilla/jss/tests/KeyStoreTest.java
- Tomcat SSL
