JEP 131: PKCS#11 Crypto Provider for 64-bit Windows
By Smullan-Oracle on Aug 26, 2013
JEP 131 (PKCS#11 Crypto Provider for 64-bit Windows) is another of the 11 new security features funded and targeted to JDK 8.
PKCS #11 is a standard that defines a platform-independent API to cryptographic tokens like smart cards and hardware security modules. Oracle's JDK currently supports PKCS #11 on Solaris (SPARC and x86), Linux (32-bit and 64-bit), and Windows (32-bit). PKCS #11 support is provided via a JCA provider which is simply a bridge to the native PKCS #11 library. This allows developers to use the standard Java Cryptography APIs and take advantage of the PKCS #11 functionality without having to change their applications. Support for Solaris is configured out-of-the-box, but some additional configuration is required on the other platforms.
JEP 131 adds PKCS #11 support for 64-bit Windows. To use the provider, additional configuration is required that specifies the location of the native PKCS #11 library along with additional directives as documented in the Java PKCS#11 Reference Guide.
A PKCS #11 provider can be configured statically in the java.security file, ex:
or dynamically in code, ex:
Provider p = new sun.security.pkcs11.SunPKCS11(“pkcs11.cfg”); Security.addProvider(p);
Early access binaries of JDK 8 can be downloaded at http://jdk8.java.net/download.html