Provides a Java PKCS#11 interface that provides low-level interface as close as possible to the cryptoki C interface and wraps with Java-styled interface providing convenience methods and using exceptions for error handling.
Uses a provider architecture to allow any implementation of the native mapping. Includes JNA < https://github.com/java-native-access/jna > as default provider to bridge between Java and native cryptoki lib.
Build and install with:
mvn install
If you want to build without running the tests, use:
mvn install -DskipTests
The tests, from src/test/java/com/isblocks/pkcs11/CryptokiSoftHSMTest.java, are run on every call to mvn install. In order to run the tests on your HSMs (note that not all operations may pass) you can set these environment variables:
export JACKNJI11_TEST_TESTSLOT=1762252043
export JACKNJI11_TEST_INITSLOT=1762252043
export JACKNJI11_TEST_SO_PIN=sopin
export JACKNJI11_TEST_USER_PIN=userpin
By default, the cryptoki
library (cryptoki.dll
or libcryptoki.so
) must be available (LD_LIBRARY_PATH
for linux).
You must either copy/symlink your library to have this name, or you can specify the library path using
JACKNJI11_PKCS11_LIB_PATH
.
If for example you run SoftHSM2, you have could either:
export JACKNJI11_PKCS11_LIB_PATH=/usr/lib/softhsm/libsofthsm2.so
or
sudo ln -s /usr/lib/softhsm/libsofthsm2.so /usr/lib/softhsm/libcryptoki.so
export LD_LIBRARY_PATH=/usr/lib/softhsm
The library has been tested against the following HSMs
- Thales DPOD
- Utimaco LAN and PCIe HSM
- Soft HSM