Command Summary | Utimaco Integration Guides

Command	Purpose
`keytool -genkeypair -alias <key name> -keyalg RSA -keysize 2048 -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /etc/utimaco/pkcs11-java.cfg`	Generate an RSA key pair directly inside the Utimaco HSM using the PKCS#11 provider.
`keytool -genkeypair -alias <key name> -keyalg EC -groupname secp256r1 -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /etc/utimaco/pkcs11-java.cfg`	Generate an EC key pair directly inside the Utimaco HSM using the PKCS#11 provider.
`keytool -list -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /etc/utimaco/pkcs11-java.cfg`	List all key entries available in the HSM that are accessible via Java.
`./p11tool2 Slot=0 LoginUser=ask ListObjects`	Verify and list all objects (keys, certificates) present in the HSM.
`keytool -certreq -alias <key name> -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /etc/utimaco/pkcs11-java.cfg -file <file name>.csr`	Generate a Certificate Signing Request (CSR) for the key stored in the HSM.
`openssl x509 -req -in <file name>.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out serverR<file name>SA.crt -days 365 -sha256`	Sign the CSR using a Certificate Authority (CA) to generate a signed certificate.
`cat <file name>.crt ca.crt > <full chain>.crt`	Combine the signed certificate and CA certificate into a full chain certificate file.
`keytool -importcert -alias <key name> -file <full chain>.crt -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /etc/utimaco/pkcs11-java.cfg`	Import the signed certificate (and chain) into the HSM and associate it with the existing key.
`jarsigner -tsa http://timestamp.digicert.com -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /etc/utimaco/pkcs11-java.cfg -signedjar <output jar name>.jar <input jar name>.jar <key name>`	Sign the JAR file using the HSM-based private key with timestamping support.
`jarsigner -verify <output jar name>.jar`	Verify the integrity and signature of the signed JAR file.

Commands