Sun PKCS#11 Provider: Certificate Services and SafeNet HSMs


For programmers who work with the Java platform, there is a set of programming interfaces for performing cryptographic operations, collectively known as the Java Cryptography Architecture (JCA) and the Java Cryptography Extension (JCE). Applications talk to APIs and the actual cryptographic operations are performed in configured providers.

The Sun PKCS#11 Provider does not implement cryptographic algorithms itself. Instead, it acts as a bridge between the Java JCA and JCE APIs and the native PKCS#11 cryptographic API, translating the calls and conventions between the two. This means that Java applications calling standard JCA and JCE APIs can, without modification, take advantage of algorithms offered by the underlying PKCS#11 implementations.

This enables developers to use cryptographic hardware, such as the SafeNet family of HSMs, within their Java applications. Applications which are already based on a pure software implementation of the JCE API can use SafeNet Enterprise HSM, or the PCI-E HSM (formerly Luna SA and PCI HSMs, respectively) with little or no change to their existing applications.

Resources and Additional Information

Read the Sun PKCS#11 Provider Reference Guide

Oracle Sun PKCS#11 Provider and SafeNet HSM Integration Guide

Find out more about the SafeNet family of HSMs.