Breadcrumbs

For OpenJDK 8 with EC Key

1. Generate an EC key pair on the Utimaco HSM.

›_ Console

# keytool -genkey -keyalg EC -keystore NONE -storetype CryptoServer -storepass

12345678 -providername CryptoServer -alias tomcatselfsignedECKey

Provide information when prompted.

Here:

  • EC is the key algorithm

  • NONE is the keystore for HSM

  • CryptoServer is the store type

  • 12345678 is the slot PIN

  • CryptoServer is the provider name

  • tomcatselfsignedECKey is the key name that will be generated on the Utimaco HSM

228e60b4-7649-4e86-82f3-9c88a93574e5.jpg


keytool command to generate keys

  1. List the keys using the cxitool.

›_ Console

# /opt/utimaco/bin/cxitool Dev=3001@127.0.0.1 Logonpass=tomcat,12345678 Group=JCE ListKeys

7816e67b-892d-4b13-9a9b-9faa242fb469.jpg


List keys output using cxitool

  1. Verify that the keytool command shows the created certificate.

›_ Console

# keytool -list -keystore NONE -storetype CryptoServer -providername

CryptoServer -storepass 12345678 -v

Here:

  • NONE is the key store for HSM

  • CryptoServer is the store type

  • 12345678 is the PIN

  • CryptoServer is the provider name

3409a7e8-fefd-4cfb-9a65-a51d2639c034.jpg


keytool list output