JAVA Toolkit
| home | contact

News Menu

Latest News

Christmas Release


One day before Christmas we have released new versions of our SSL/TLS library iSaSiLk and our XML Security Toolkit IAIK-XSECT!

IAIK-JCE 5.60 and IAIK [CP]AdES 2.4 released!


IAIK-JCE 5.60 introduces a "subsidiary" provider as workaround for fixing a JDK JSSE MessageDigest Cloneable bug. IAIK [CP]AdES 2.4 fixes a bug in the AtsHashIndexv3 ASN.1 representation.


Our Clients

Quick Start Guide

Install the Provider

  1. Include the jar files iaikPkcs11Provider.jar, iaikPkcs11Wrapper.jar and iaik_jce.jar in your class path or put them in the jre/lib/ext directory of your Java runtime (use the signed versions of iaikPkcs11Provider.jar and iaik_jce.jar for JDK 1.4 and higher).
  2. PKCS#11 wrapper native library:
    • The native libraries for Windows, Linux, MacOS and Solaris are included in the PKCS#11 wrapper's jar-file since version 1.4. If the path to the wrapper's native library is not configured (as given below) the PKCS#11 wrapper will automatically try to copy it from the jar file to the local temporary directory configured for Java and load it from there.
    • In case of errors (e.g. if the temporary directory is not writable) or you prefer to define the used file yourself, you can either put the shared library, e.g. pkcs11wrapper.dll for Windows and for UNIX, in any directory of your system's library search path or VM library path (e.g. jre/bin). You can extend the VM library path using the java.library.path system property (e.g. using the VM command line argument -Djava.library.path=wrapper/native/windows/win-x86_64). Alternatively, you can specify the absolute path to the library in your properties file with the key PKCS11_WRAPPER_PATH, eg.
           PKCS11_WRAPPER_PATH = C:\\IAIK\\pkcs11wrapper.dll

Configure the Provider

1. Using the properties file:
  • Create a properties file called iaik/pkcs/pkcs11/provider/ which contains the configuration for your provider (e.g. what hardware PKCS#11 module to use).
    This properties file must contain at least one property entry with the key PKCS11_NATIVE_MODULE. Its value must be the PKCS#11 module of the crypto hardware; e.g. PKCS11_NATIVE_MODULE = cryptoki.dll.
    You may need to specify the PKCS#11 module with full path name, if it is not in your system's search path. The name of the PKCS#11 module may vary depending on your crypto hardware. Other entries are optional. For typical names of modules have a look at the Detailed Usage Instructions. You may use the configuration file of a demo as template.
  • Put the configuration file somewhere in the class path taking the subdirectory structure into account (same as for class files). You may also include this configuration file in any jar file which is in your class path.
2. Dynamically:

By creating a Properties object (Properties properties = new Properties()). Then you can configure the same settings as if using the properties file. E.g. to set the PKCS#11 module add the property like this: properties.put(Constants.PKCS11_NATIVE_MODULE, "cryptoki.dll"). Instantiate the PKCS#11 provider with these properties: new IAIKPkcs11(properties) .

Test the Provider Configuration

Try to run an application that makes a simple test with the provider. You may try some of the included demos; e.g. demo.pkcs.pkcs11.provider.signatures.SigningDemo in the demo directory.

You can find more detailed instructions here.

print    tip a friend
back to previous page back  |  top to the top of the page