• About this guide
  • License agreements
    • Developer license agreement
    • Ancillary License File
  • Release notes
    • Changes in the Security Toolkit 9.0 for Java
      • New post-quantum support
      • Improved functionality
      • Third-party software upgrades
    • Fixed for the Security Toolkit 9.0 for Java
    • Known issues and limitations of the Security Toolkit 9.0 for Java
    • Important UAL considerations
    • Interoperability notes
    • Dependency changes
    • API changes
    • Removed features
  • Overview
    • Interoperability
    • Architecture
    • High-level classes
    • Low-level classes
    • Object identifiers
  • Requirements
  • Installation
    • etjava90.zip
    • etjava_9.0_lib.zip
    • etjava90_examples.zip
    • etjava90_pqbeta.zip
  • Programmer's guide
    • Selecting the security providers
    • Selecting the JAR files
    • Using configuration files
      • Structuring configuration files
      • Managing configuration files with the IniFile class
    • Comparing byte arrays
    • Tracing events
      • Redirecting the logging output
      • Setting the trace level
    • Managing authorization codes
      • Creating credentials
      • Recovering credentials
      • Authenticating a user
      • Obtaining user information
    • Managing roaming credentials
      • Roaming credential capabilities
      • Creating roaming credentials
      • Recovering roaming credentials
      • Authenticating a roaming user
    • Managing PKCS #12 credentials
      • Exporting PKCS #12 credentials
      • Importing credentials
    • Managing Microsoft Crypto API credentials
    • Managing PKCS #11 tokens
    • Managing key stores
      • Key store initialization files
        • Certificate Store
        • Credential Store
        • Integrity
        • Ldap
        • Manager
        • Password Token
      • Creating a key store initialization file
      • Getting key store contents
      • Working with key stores in memory
    • Managing server logins
    • Managing SSL/TLS connections
      • Using the JSSE API
      • Creating an HTTP tunnel
      • Creating an HTTPS tunnel
    • Managing certificates
      • Managing certificate revocation
      • Managing certificate cache archives
      • Managing CRL and ARL cache archives
      • Exporting certificates
    • Managing LDAP directories
      • Reading certificates in Active Directory
      • Connecting to LDAP over SSL
    • Managing messages
      • Encrypting and signing messages
      • Signing messages with a nonrepudiation key
      • Decoding encrypted and signed messages
      • Decoding clear-signed data
      • Timestamping messages
    • Managing XML signatures
      • Creating a detached XML signature
      • Creating an enveloped XML signature
      • Creating an enveloping XML signature
      • Decrypting an XML signature
      • Handling signature properties
      • Verifying an XML digital signature
    • Managing XML encryption
      • Encrypting XML documents
      • Decrypting XML documents
      • Encrypting binary data using XML
      • Decrypting binary data using XML
      • entxml.jar
        • com.entrust.toolkit.xencrypt.algorithms
        • com.entrust.toolkit.xencrypt.core
        • com.entrust.toolkit.xencrypt.exceptions
        • com.entrust.toolkit.xencrypt.init
      • init.properties
    • Configuring revocation check
      • Configuring CRL revocation
        • requireCRL
        • revstore
      • Configuring OCSP revocation
        • accesslocation
        • aiachecking
        • cadn
        • certidhashalgorithm
        • connecttimeout
        • includeacceptableresponse
        • includerequestorname
        • nonce
        • readtimeout
        • respondercert
        • retries
        • signocsp
        • signocsp.algid
        • signocsp.includecerts
      • Ordering revocation mechanisms
    • Managing the toolkit behavior with system properties 
      • com.entrust.toolkit.checkCAConnection
      • com.entrust.toolkit.credentials.CMPLogPath
      • com.entrust.toolkit.NoWritePermissionCheck
      • com.entrust.toolkit.security.crypto.ec.EcP ublicKey.forceSpecified
      • com.entrust.toolkit.security.crypto.rsa.en forceExponentLength
      • com.entrust.toolkit.security.provider.Initializer.defaultMode
      • com.entrust.toolkit.security.provider.Init ializer.requireVeryStrongCrypto
      • com.entrust.toolkit.security.provider.jarcaching
      • com.entrust.toolkit.trace
      • com.entrust.toolkit.tracing.logclass
      • com.entrust.toolkit.util.IniFile.CaseSensitive
      • com.entrust.toolkit.util.IniFile.encoding
      • com.entrust.toolkit.util.net.HttpConnectio n.MaxAllowedBytes
      • com.entrust.toolkit.x509.certstore.Collect ionCS.ExtensionSearchLimit
      • com.entrust.toolkit.x509.CertVerifier.ForceV1CertAsCA
      • com.entrust.toolkit.x509.policies.Cli entSettings.enableCacheUsage.xcc
      • com.entrust.toolkit.xml.confirmSecureProcessingEnabled
      • http.nonProxyHosts
      • https.nonProxyHosts
      • iaik.security.ssl.clientAllowUnboundRenegotiate
      • iaik.security.ssl.clientUseSignalingCipherSuiteValue
      • iaik.security.ssl.serverAllowUnboundRenegotiate
      • iaik.security.ssl.SSLInputStream.RequireCloseNotify
      • iaik.x509.X509Certificate.StaticCacheSize
    • Compatibilities reference
      • Asymmetric cipher algorithms
      • Asymmetric key types
      • Hash algorithms
      • MAC algorithms
      • Signature algorithms
      • Symmetric cipher algorithms
  • Samples
    • Active Directory samples
      • Compiling the Active Directory samples
      • Running the ActiveDirectoryServer sample
      • Running the CreateUserOnActiveDirectory sample
      • Running the LoginActiveDirectory sample
    • Card Management System sample
    • Certificate and CRL cache samples
      • Compiling the certificate and CRL cache samples
      • Running CacheCRL
      • Running OfflineLoginUsingCache
    • Credential samples
      • Compiling the credentials samples
      • Running CreateCredential
      • Running PrintKeyDates
      • Running RecoverCredential
    • Cryptographic Message Syntax samples
      • Compiling the Cryptographic Message Syntax samples
      • Running DecodeESPFromPassword
      • Running ESPEncodeMessage
      • Running PasswordBasedEncryption
    • Elliptic Curve sample
    • Entrust Archive sample
    • Java Cryptography Architecture samples
      • Compiling the Java Cryptography Architecture samples
      • Running CipherExampleAES
      • Running CipherExampleDESede
      • Running CipherExamplePBE
      • Running CipherExamplePBES2
      • Running CipherExampleRSA
      • Running CipherStreamExample
      • Running JcaAlgorithmImplementations
      • Running MacExampleDESede
      • Running MessageDigestExampleSHA1
      • Running SecureRandomExampleFIPS186_2
      • Running SignatureExampleComposite
      • Running SignatureExampleDSA
      • Running SignatureExamplePQ
      • Running SignatureExampleRSA
    • Java Secure Sockets Extension samples
      • Compiling the Java Secure Sockets Extension samples
      • Runing JSSEClient
      • Running JSSEServer
    • KeyStore samples
      • Compiling the KeyStore samples
      • Running KeyStoreExample
      • Running KeyStoreInMemory
    • Microsoft CryptoAPI samples
      • Compiling the Microsoft CryptoAPI samples
      • Running CapiLogin
      • Running EnumCertificates
      • Running EnumKeyContainers
      • Running EnumProviders
    • Multithread sample
    • OCSP samples
      • Compiling the OCSP samples
      • Running OCSPCheckExample
      • Running OCSPConfigExample
    • PKCS #7 samples
      • Compiling the PKCS #7 samples
      • Running the Decode sample
      • Running the Encode sample
      • Running the Pkcs7NonRepudiation sample
    • PKCS #8 sample
    • PKCS #10 samples
      • Compiling the PKCS #10 samples
      • Running CreateP10CertificateRequest
      • Running CreateShortLivedCertificate
      • Running RetrieveCertificate
    • PKCS #11 samples
      • Compiling the PKCS #11 samples
      • Installing the PKCS #11 library
      • Running CreateUser
      • Running RecoverUser
      • Running WriteEpfToToken
    • Public Key Infrastructure Testing Suite sample
    • Resource monitor sample
    • Roaming server samples
      • Compiling the roaming server samples
      • Running Create
      • Running Login
      • Running Deregister
    • S/MIME samples
      • Compiling the S/MIME samples
      • Configuring the mail server
      • Running SMimeSend
      • Running SMimeShow
    • S/MIME v3 samples
      • Compiling the S/MIME v3 samples
      • Running EntelligenceInterop
      • Running SMimeSend for S/MIME v3
      • Running SMimeShow for S/MIME v3
    • Server login samples
    • Servlet sample
    • SSL Tunneling sample
    • Timestamping samples
      • Compiling the timestamping samples
      • Running RequestTimeStamp
      • Running TimeStampedSignedData
    • Transaction counting sample
    • Tunneling samples
      • Compiling the tunneling samples
      • Running CreateCredentialByHttpTunnel
      • Running CreateCredentialByProxiedHttpTunnel
    • XML samples
      • XML signature samples
        • Compiling the XML signature samples
        • Running Sign
        • Running SignEnveloped
        • Running SignEnvelopedXSLT
        • Running SignEnveloping
        • Running Verify
      • XML SOAP signature sample
      • XML encryption samples
        • Compiling the XML encryption samples
        • Running Encrypt
        • Running EncryptArbitraryData
        • Running EncryptExtended
      • Decryption Transform for XML Signature sample
  • PKIUtil client
    • Running PKIUtil
      • pkiutil issue
      • pkiutil issuecrl -addrevocation <cert>
      • pkiutil issuecrl -createnew
      • pkiutil keygen
      • pkiutil newca
      • pkiutil newcsr
      • pkiutil plugins
      • pkiutil sign
      • pkiutil verify -cer <cer>
      • pkiutil verify -certchain <certchain>
      • pkiutil verify -crl <crl>
      • pkiutil verify -csr <csr>
      • pkiutil verify -sig
      • pkiutil version
    • PKIUtil use cases
      • Certifying a ML-DSA-65 keypair as a self-signed root certificate
      • Certifying a Falcon-1024 intermediate signed by the root ML-DSA-65
      • Certifying a Composite End-Entity
    • PKIUtil algorithm reference
  • Glossary
    • CipherSuite
    • Detached XML signature
    • Digital signature
    • Enveloped XML signature
    • Enveloping XML signature
    • SSL/TLS context
    • Timestamp
    • XML encrypted data structure
    • XML encryption
    • XML encryption algorithms
  • Javadoc
  • Technical support