Accessing NitrokeyHSM with JAVA


I would need to access the NitrokeyHSM via a JAVA provider (eg. keytool or apache-tomcat).

In an older post, I found the following qoute by Jan

In general yes, you can use Nitrokey from Java. 
For Nitrokey Pro: Either execute GnuPG or use our PKCS#11 driver.
For Nitrokey HSM: Either execute gpg-sm, use our PKCS#11 driver, or use our JCE Provider (most easy). 

I tried to connect with configuring a new provider to jre/lib/security/ /root/nitrokey.cfg

where nitrokey.cfg contains

name = nitrokey
library = /usr/lib64/

This results in a keytool error PKCS11 not found

[root@server ~] keytool -list -keystore NONE -storetype PKCS11 -providerName SunPKCS11-nitrokey
keytool error: PKCS11 not found

This method in general works with other HSM vendors

Could you give me hint where to find the mentioned PKCS11-Driver and/or JCE Provider and how to configure it?

Thanks in advance!

The JCE Provider is part of Smart Card Shell. Depending on your Linux distribution, the PKCS driver may have the location /usr/lib/x86_64-linux-gnu/