For OpenJDK 11 with EC Key | Utimaco Integration Guides

1. Generate a key pair on the Utimaco HSM.

›_ Console

# keytool -genkeypair -alias tomsslec1 -keyalg EC -keystore NONE -storetype

CryptoServer -storepass 123456 -providerpath

"/opt/tomcat/bin/CryptoServerJCE.jar" -providerclass

CryptoServerJCE.CryptoServerProvider -J-Djava.library.path=/opt/tomcat/bin/ -

J-cp -J/opt/tomcat/bin/CryptoServerJCE.jar/opt/tomcat/bin/CryptoServerJCE.jar -providername CryptoServer -v

Provide information when prompted.

Here:

keytool command to generate keys

For OpenJDK 11 RSA key algorithm is not supported with Utimaco HSM.

›_ Console

# /opt/utimaco/bin/cxitool Dev=3001@127.0.0.1 LogonPass=tom,123456 Listkeys

List keys output using cxitool

›_ Console

# keytool -list -keystore NONE -storetype CryptoServer -storepass 123456 providerpath "/usr/lib/jvm/java-11-openjdk-11.0.2.7-

2.el8.x86_64/lib/CryptoServerJCE.jar" -providerclass

CryptoServerJCE.CryptoServerProvider -J-Djava.library.path=/usr/lib/jvm/java-

11-openjdk-11.0.2.7-2.el8.x86_64/lib/ -J-cp -J/usr/lib/jvm/java-11-openjdk-

11.0.2.7-2.el8.x86_64/lib/CryptoServerJCE.jar -providername CryptoServer -v

Here:

keytool list output