The IBM Semeru JDK (version 11 and above) includes the standard SunPKCS11 provider by default, enabling integration with PKCS#11-compliant cryptographic devices without requiring an IBM-specific PKCS#11 provider.
The SunPKCS11 provider integrates with the Java Cryptography Architecture (JCA) and Java Cryptography Extension (JCE) frameworks to enable hardware-based cryptographic operations using the PKCS#11 standard. It allows Java applications to securely access external cryptographic devices, such as Hardware Security Modules (HSMs), through standard Java APIs without requiring application-level changes.
In this integration, the SunPKCS11 provider acts as a bridge between the Java runtime and the Utimaco SecurityServer HSM via the PKCS#11 library. Cryptographic operations such as key generation and digital signing are performed within the HSM, ensuring that private keys remain protected and are never exposed to the application.