-
Generate a keypair on Utimaco HSM.
|
›_ Console |
|---|
|
Provide information when prompted Here:
-
RSA is the key algorithm
-
2048 is the key size
-
NONE is the keystore for HSM
-
PKCS11 is the storetype
-
sun.security.pkcs11.SunPKCS11 is the provider class
-
utimacoRSAKey is the key name that will be generated on Utimaco HSM
Provide the keystore password when prompted
Key generation using keytool command
It is recommended to use CA signed certificate for production environment.
-
Verify the entry with same alias name is generated using keytool command.
|
›_ Console |
|---|
|
Here:
-
NONE is the keystore for HSM
-
PKCS11 is the storetype
-
sun.security.pkcs11.SunPKCS11 is the provider class
Provide the keystore password when prompted.
Listkeys output
-
List the objects using p11tool2.
|
›_ Console |
|---|
|
Enter user PIN when prompted.
List keys output using p11tool2
-
Sign any sample jar file with jarsigner command.
|
›_ Console |
|---|
|
Here:
-
http://timestamp.digicert.com is URL of timestamp server
-
NONE is the keystore for HSM
-
PKCS11 is the storetype
-
sun.security.pkcs11.SunPKCS11 is the provider class
-
HelloWorldRSASigned.jar is the new output signed jar file that will be generated
-
HelloWorld.jar is the Jar file to be signed
-
utimacoRSAKey is the RSA key used for jar signing
Provide the keystore password when prompted.
Signing the jar using jarsigner command
-
Verify the signed jar.
|
›_ Console |
|---|
|
Here HelloWorldRSASigned.jar is the newly generated signed jar file.
Verifying signed jar