Initializing the z/OS SunPKCS11 provider

The recommended way on z/OS® to initialize the PKCS#11 provider is to use the SunPKCS11 configuration file.

  • This configuration file name can be included on the SunPKCS11 provider line in the list of security providers in the $JAVA_HOME/conf/security/java.security file.
  • The SunPKCS11 provider can also be initialized by using the configuration file name and location programmatically with the provider.configure() method as shown in the following example.
Provider provider = Security.getProvider("SunPKCS11");
AuthProvider authProv = provider.configure(path);
where path is the path and file name of the SunPKCS11 configuration file.

The following sample program shows how the SunPKCS11 configuration file is included on the SunPKCS11 line in the list of security providers in the $JAVA_HOME/conf/security/java.security file.
Note: A PKCS#11 session is created and initialized with the PKCS#11 configuration file information when the JVM loads the SunPKCS11 provider.
public class testPKCS11A {
               public static void main(String argv[]) {
                    Provider p = null;

                    // Get the SunPKCS11 provider whose PKCS#11
                    // config file attribute name is PKCS11Config
                    p = Security.getProvider("SunPKCS11-PKCS11Config");

                    // Your Java PKCS11 program goes here
               }
}
The following sample program shows how the SunPKCS11 configuration file is used to initialize the SunPKCS11 provider programmatically. This is required in the case when the PKCS#11 configuration file is not specified in the security providers list in the SunPKCS11 line of the java.security file.
 public class testPKCS11B {
               public static void main(String argv[]) {
                    Provider p = null;
                    AuthProvider authProv = null;

                    // Get the un-initialized SunPKCS11 provider
                    p = Security.getProvider("SunPKCS11");

                    try {
                         // Create a PKCS#11 session and initialize it
                         // using the /home/user/pkcs11.cfg PKCS#11
                         // configuration file
                         authProv = p.configure("/home/user/pkcs11.cfg");
                    } catch (Exception ex) {
                         System.out.println(ex.getMessage());
                         System.exit(1);
                    }

                    // Your Java PKCS11 program goes here

               }
}