Skip to main content

KeytoolX & JarsignerX

KeytoolX and JarsignerX are utilities within the Primus Tools. They are adapted from Sun/Oracle's keytool and jarsigner utilities to work with PrimusHSMs.

keytool is a tool to manage Java key stores. jarsigner is a tool to sign Java Archives (JARs).

Prerequisites

Using KeytoolX and JarsignerX requires:

  • kt.jar to be in the same folder as primus-tools.jar.
  • Passing the <HSM connection and credentials> details to be able to connect to the HSM. For details, see the Primus Tools installation guide.

KeytoolX

KeytoolX has the following options:

java -jar primus-tools.jar KeytoolX
Key and Certificate Management Tool

Commands:
 -certreq            Generates a certificate request
 -changealias        Changes an entry's alias
 -delete             Deletes an entry
 -exportcert         Exports certificate
 -genkeypair         Generates a key pair
 -genseckey          Generates a secret key
 -gencert            Generates certificate from a certificate request
 -importcert         Imports a certificate or a certificate chain
 -importpass         Imports a password
 -importkeystore     Imports one or all entries from another keystore
 -keypasswd          Changes the key password of an entry
 -list               Lists entries in a keystore
 -printcert          Prints the content of a certificate
 -printcertreq       Prints the content of a certificate request
 -printcrl           Prints the content of a CRL file
 -storepasswd        Changes the store password of a keystore
 -keyclone           Clones a key entry
 -selfcert           Generates a self-signed certificate
 -gencrl             Generates CRL
 -identitydb         Imports entries from a JDK 1.1.x-style identity database

Sample command with KeytoolX:

java -jar primus-tools.jar KeytoolX <HSM connection and credentials> -certreq

For more information about the keytool utility and its command and parameter description, see the Java keytool documentation.

JarsignerX

In this example, we will sign and verify an executable .jar:

java -jar primus-tools.jar JarsignerX \
    <HSM connection and credentials> \         # Connection details for your HSM (slot, PIN, etc.)
    -storetype Primus \                        # Specifies the keystore type ("Primus" for Securosys HSM)
    -providerName SecurosysPrimusXSeries \     # Java security provider for the Primus HSM
    -tsa http://tsa.swisssign.net \            # First Time Stamping Authority (SwissSign)
    -tsa http://timestamp.digicert.com \       # Second TSA (DigiCert, fallback/backup)
    -digestalg SHA-256 \                       # Digest algorithm for signing
    Executable.jar \                           # The JAR file that will be signed
    sign                                       # Action to perform (sign the JAR)

jar signed.                                    # Command output

java -jar primus-tools.jar JarsignerX <HSM connection and credentials> -verify Executable.jar
jar verified.

For more information about the keytool utility and its command and parameter description, see the Java jarsigner documentation.

Get started withCloudHSM for free.
Other questions?Ask Sales.
Last updated on
Feedback
Need help?