This project is deprecated, please use xipki/ipkcs11wrapper(preferred) or xipki/jpkcs11wrapper instead.
- JRE / JDK 8 (build 162+) or above
- Maven
<dependency> <groupId>org.xipki.iaik</groupId> <artifactId>sunpkcs11-wrapper</artifactId> <version>1.4.10</version> </dependency> - Or copy the following jar file to your classpath:
To use pkcs11wrapper in JDK 17 or above, please add the following java option:
--add-exports=jdk.crypto.cryptoki/sun.security.pkcs11.wrapper=ALL-UNNAMED
- Configure the library and PIN of your HSM module in the file
example/data/pkcs11.properties. mvn test- To activate the speed tests use
-PspeedTests - By default the speed test will run with 2 threads, you can change the
value via the Java property
speed.threads, e.g.-Dspeed.threads=5to use 5 threads. - By default the speed test will take 3 seconds, you can change the
value via the Java property
speed.duration, e.g.-Dspeed.duration=10sfor 10 seconds.
- To activate the speed tests use
Changes compared to mikma/pkcs11wrapper
- No external library is required
- Require OpenJDK or Oracle Java Runtime 1.8 or higher
- Support PKCS#11 version 2.40
- Support EdDSA Ed25519 (Signature and Keypair generation)
- Port from mikma/pkcs11wrapper to this project
- For
*SecretKey, please use the constructorValuedSecretKey(long keyType)instead, e.g. usenew ValuedSecretKey(PKCS11Constants.CKK_AES)for AES SecretKey. - For
ECDSAPrivateKeyandECDSAPublicKey, please useECPrivateKeyandECPublicKeyinstead. iaik.pkcs.pkcs11.objects.Objectis renamed toiaik.pkcs.pkcs11.objects.PKCS11Object.Token.closeAllSession()cannot be supported, since it is not supported in the underlying JNI (JDK's SunPKCS11 provider). Please manage your session by yourself. You can close a single session bySession.closeSession().- Unlike the original PKCS#11 wrapper, we only call
Module.initialize()once per native .so/.dll. OnceModule.finalize(Object)has been called, the module cannot be initialized anymore.
- For