JAVA Toolkit
| home | contact

Installing the IAIK JCE Provider for PKCS#11

Including the Jar Files

This library requires Java 1.3 or higher. If you use JDK 1.3, you have to include the JCE framework. You can use the original JCE framework implementation from SUN (e.g. jce1_2_1.jar) or you can use the implementation from IAIK (iaik_javax_crypto.jar).
First, include the IAIK-JCE library. Include iaik_jce.jar or iaik_jce_full.jar. Don't forget that you must use the signed version of this file for Java 1.4 or later (also for IBM JDK 1.3 or later). Second, include the IAIK PKCS#11 Wrapper, i.e. the file iaikPkcs11Wrapper.jar.
Next, you must include the IAIK JCE Provider for PKCS#11, i.e. the iaikPkcs11Provider.jar file in the bin directory (or iaikPkcs11Provider_unsigned.jar for the unsigned version). If you are using JDK 1.4 or higher (or IBM JDK 1.3 or later), you must use the signed version.
 Moreover, you should install the JavaTM Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files, if you are using JDK 1.4 or higher (or IBM JDK 1.3 or later); otherwise, you will not be able to use all algorithms with all key lengths. You can download these policy files for example from the JDK download page on SUN's web-site.
In general, you have two options to include all these jar files. First, you can simply include it in the class path. For Java 1.4 or later, this may look something like this.

set CLASSPATH=yourpath/iaikPkcs11Provider_demos.jar;yourpath/iaikPkcs11Provider.jar;yourpath/iaikPkcs11Wrapper.jar;yourpath/iaik_jce.jar
java demo.pkcs.pkcs11.provider.signatures.SigningDemo 

Alternatively, you can place the jar files in the lib/ext directory of your Java runtime environment. Then, it is not required to include them in the class path. However, please note that you may need to place any configuration properties files into this directory as well. This is because classes from this directory are usually loaded by the system classloader which will not find resources which are in the application class path.

Configuring the path to the PKCS#11 Wrapper's native Library

The IAIK JCE Provider for PKCS#11 is based on the IAIK PKCS#11 Wrapper. The wrapper requires its native library to operate. By default (if the path to the wrapper's native library is not configured) it will be loaded from the iaikPkcs11Wrapper.jar. Since version 1.4 the PKCS#11 wrapper's jar file also includes the native libraries for Windows, Linux, MacOS and Solaris. If no path is configured, the PKCS#11 wrapper will try to copy the appropriate library for the used system to the local temporary directory as used by Java and loaded from there.
If you want to define the used library yourself, you have the below options. The library is called pkcs11wrapper.dll on Windows platforms, on Linux and Solaris platforms and libpkcs11wrapper.jnilib on MacOS. You can find these files in the bin/ <platform> directory of the PKCS#11 wrapper package, where <platform> is the name of your platform. For the Java VM being able to load this library, it must be either in the system library search path or in the VM's own library search path.
 You can add the library using one of the following methods:

  •  On Windows systems you can set the PATH environment variable and on UNIX systems you can set LD_LIBRARY_PATH environment variable to include the directory where the PKCS#11 wrapper library resides.
  •  You can set the VM system property called java.library.path like this: -Djava.library.path=bin/windows/win-x86_64/release.
  •  If you prefer specifying the absolute path to the library in your program and not loading it with the Java VM you can use the property key PKCS11_WRAPPER_PATH. More information to properties files can be found in the Using part of this documentation.

Having finished the installation of the files of the provider, you need to configure the provider in your Java VM. You can do this statically or dynamically. Read the Using part of this documentation to see how to do this.


print    tip a friend
back to previous page back  |  top to the top of the page