Prerequisite
- JRE / JDK 8 (build 162+) or above
Use xipki/pkcs11wrapper in your project
- Maven
<dependency> <groupId>org.xipki.iaik</groupId> <artifactId>sunpkcs11-wrapper</artifactId> <version>1.4.7</version> </dependency>
- Or copy the following jar file to your classpath:
JDK17 or above
To use pkcs11wrapper in JDK 17 or above, please add the following java option:
--add-exports=jdk.crypto.cryptoki/sun.security.pkcs11.wrapper=ALL-UNNAMED
JUnit tests
- Configure the library and PIN of your HSM module in the file
example/data/pkcs11.properties
. -
mvn test
- To activate the speed tests use
-PspeedTests
- By default the speed test will run with 2 threads, you can change the
value via the Java property
speed.threads
, e.g.-Dspeed.threads=5
to use 5 threads. - By default the speed test will take 3 seconds, you can change the
value via the Java property
speed.duration
, e.g.-Dspeed.duration=10s
for 10 seconds.
- To activate the speed tests use
mikma/pkcs11wrapper
Changes compared to- No external library is required
- Require OpenJDK or Oracle Java Runtime 1.8 or higher
- Support PKCS#11 version 2.40
- Support EdDSA Ed25519 (Signature and Keypair generation)
- Port from mikma/pkcs11wrapper to this project
- For
*SecretKey
, please use the constructorValuedSecretKey(long keyType)
instead, e.g. usenew ValuedSecretKey(PKCS11Constants.CKK_AES)
for AES SecretKey. - For
ECDSAPrivateKey
andECDSAPublicKey
, please useECPrivateKey
andECPublicKey
instead. -
iaik.pkcs.pkcs11.objects.Object
is renamed toiaik.pkcs.pkcs11.objects.PKCS11Object
. -
Token.closeAllSession()
cannot be supported, since it is not supported in the underlying JNI (JDK's SunPKCS11 provider). Please manage your session by yourself. You can close a single session bySession.closeSession()
. - Unlike the original PKCS#11 wrapper, we only call
Module.initialize()
once per native .so/.dll. OnceModule.finalize(Object)
has been called, the module cannot be initialized anymore.
- For