|
|
|
|
|
PKCS#11 Java Security provider supports different security hardware devices from several vendors.
1.Build and configure native library
Detailed building and configuration of these hardware modules are described by their vendors.
Some of them are listed below;
2. Java configuration
Java 8 configuration may be found at PKCS#11 Java Security provider.
Below is a sample that creates tpm2-pkcs1.cfg file and configures java.security with SunPKCS11 provider.
$ cd /usr/java/jdk-11.0.2/conf/security
$ sudo vi tpm2-pkcs11.cfg
name = TPM2
library = /usr/lib64/pkcs11/libtpm2_pkcs11.so
$ sudo vi java.security
security.provider.13=SunPKCS11 /usr/java/jdk-11.0.2/conf/security/tpm2-pkcs11.cfg
3. Using TPM 2.0 as PKCS#11 KeySore from Java
The following is an example of using TPM 2.0 device as the keystore and security provider from Java.
public static void main(String[] args) {
try {
System.out.println("START");
Provider provider = Security.getProvider("SunPKCS11-TPM2");
char[] pin = "myuserpin".toCharArray();
KeyStore keyStore = KeyStore.getInstance("PKCS11-TPM2");
keyStore.load(null, pin);
System.out.println("KeyStore Type : " + keyStore.getType());
System.out.println("KeyStore Size : " + keyStore.size());
provider = keyStore.getProvider();
System.out.println("Provider Name : " + provider.getName());
System.out.println("Provider Info : " + provider.getInfo());
System.out.println("Provider Version : " + provider.getVersionStr());
System.out.println("END");
} catch (Exception ex) {
System.out.println(ex.getMessage());
}
}
Console output:
START
KeyStore Type : PKCS11-TPM2
KeyStore Size : 0
Provider Name : SunPKCS11-TPM2
Provider Info : SunPKCS11-TPM2 using library /usr/lib64/pkcs11/libtpm2_pkcs11.so
Provider Version : 11
END