Keytool usage with existing keys

0

Hi, My question is about keytool usage (https://docs.aws.amazon.com/cloudhsm/latest/userguide/keystore-third-party-tools_5.html) If we have keys that were already created into CloudHSM (created with previous keytool -genkeypair commands for example), can we create a new keystore and use those previously created keys (by re-importing the cert on the keystore?)

Use cases:

  • If you lost your keystore, (you are still able to see our keys into cloudhsm) so you are able to regenerate a new keystore and then re-import the signed certificate on it to use it properly.
  • if you want to use keytool with existing keys created by another tool

Thanks a for the feedback,

Adrien

asked 3 months ago118 views
1 Answer
1

if keys were already created in CloudHSM using keytool or other methods, they can be imported into a new CloudHSM keystore.

To do this:

  • Create a new empty CloudHSM keystore and load it.

  • Use the key_mgmt_util importPrivateKey command to import each existing private key file into the HSM, specifying the new keystore alias.

  • The public key certificate corresponding to each private key can then be imported into the new keystore using keytool -importcert

  • Save the keystore to persist the imported keys. The keystore can then be reloaded as needed to access the imported keys.

https://docs.aws.amazon.com/cloudhsm/latest/userguide/alternative-keystore.html

https://docs.aws.amazon.com/cloudhsm/latest/userguide/manage-keys.html

AWS
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions