org.xipki.iaik:pkcs11wrapper-parent

PKCS#11 wrapper parent


License
TU-Berlin-2.0

Documentation

Build Status GitHub release Github forks Github stars

Original Readme.txt

Prerequisite

  • JRE / JDK 8 (build 162+) or above

Use xipki/pkcs11wrapper in your project

  • Maven
    <dependency>
        <groupId>org.xipki.iaik</groupId>
        <artifactId>sunpkcs11-wrapper</artifactId>
        <version>1.4.7</version>
    </dependency>
    
  • Or copy the following jar file to your classpath:

JDK17 or above

To use pkcs11wrapper in JDK 17 or above, please add the following java option:

--add-exports=jdk.crypto.cryptoki/sun.security.pkcs11.wrapper=ALL-UNNAMED

JUnit tests

  • Configure the library and PIN of your HSM module in the file example/data/pkcs11.properties.
  • mvn test
    • To activate the speed tests use -PspeedTests
    • By default the speed test will run with 2 threads, you can change the value via the Java property speed.threads, e.g. -Dspeed.threads=5 to use 5 threads.
    • By default the speed test will take 3 seconds, you can change the value via the Java property speed.duration, e.g. -Dspeed.duration=10s for 10 seconds.

Changes compared to mikma/pkcs11wrapper

  • No external library is required
  • Require OpenJDK or Oracle Java Runtime 1.8 or higher
  • Support PKCS#11 version 2.40
  • Support EdDSA Ed25519 (Signature and Keypair generation)
  • Port from mikma/pkcs11wrapper to this project
    • For *SecretKey, please use the constructor ValuedSecretKey(long keyType) instead, e.g. use new ValuedSecretKey(PKCS11Constants.CKK_AES) for AES SecretKey.
    • For ECDSAPrivateKey and ECDSAPublicKey, please use ECPrivateKey and ECPublicKey instead.
    • iaik.pkcs.pkcs11.objects.Object is renamed to iaik.pkcs.pkcs11.objects.PKCS11Object.
    • Token.closeAllSession() cannot be supported, since it is not supported in the underlying JNI (JDK's SunPKCS11 provider). Please manage your session by yourself. You can close a single session by Session.closeSession().
    • Unlike the original PKCS#11 wrapper, we only call Module.initialize() once per native .so/.dll. Once Module.finalize(Object) has been called, the module cannot be initialized anymore.