Skip to main content

Primus Tools Commands

note

Usage of the Primus Tools requires a Java Runtime Environment (JRE) (see the prerequisites).

The primus-tools.jar file contains a set of different Java CLI commands for the Primus HSM or CloudHSM, as well as other utilities.

The general call structure is as follows:

java -jar primus-tools.jar <ToolName> <HSM connection and credentials> [further tool parameters] [-help]

Commands require an established <HSM connection and credentials> parameter to be able to execute properly. Ensure you have your <HSM connection and credentials> details, as defined in the HSM Connection section.

Commands Overview

The tables below give an overview of current Primus Tools commands. Detailed descriptions of each commands can be found in the command details section.

Help

The global help lists all commands:

java -jar primus-tools.jar -help

Each command has its own help:

java -jar primus-tools.jar CreateKey -help

Credential Management

Used for credential management for the HSM and the connection to it.

CommandDescription
GetUserSecretGet (optionally blinded) permanent user secret
GenerateBlindingKeyFileGenerate a blinding key file
BlindPasswordBlinding of passwords, setup passwords, user secrets
LoginLogin test (to check credentials and connectivity)

HSM Device Information

Used for acquiring HSM device information and logs.

CommandDescription
GetLogGet the HSM user log
GetDeviceInfoGet device name, firmware version and used provider version

Object Management

Commands used for managing HSM objects.

CommandDescription
ListKeyStoreObjectList partition objects (type, size, flags, hash) for single aliases
ListKeyStoreObjectsList partition objects (type, size, flags, hash)
ListKeyEntryList key information
ListKeyFlagsList key flags
CreateKeyCreate key
DeleteKeyDelete key
GetKeyFlagGet a single key flag for a key
SetKeyFlagSet key flag
SetKeyIdSet key id
RenameKeyRename a key or change a key password
ImportCertificateCertificate Import
ImportPublicKeyImport a public key
ImportKeyWrappedImport a wrapped key
GetPublicKeyExport a public key
ExportKeyWrappedExport a wrapped key

Partition Management

Commands used for managing HSM partitions.

CommandDescription
GetKeyStoreStatisticsGet number of objects (type, number) and show used/free size
ListKeyStoreList partition information (as visible to JCE API)
ClearKeyStoreClear the partition (delete all objects/keys)

Smart Key Attributes

Commands used for Smart Key Attribute key management.

CommandDescription
CreateAttestationKeyCreate attestation key (for signed attestations and timestamps, needs RKS)
ListEkaAccessList smart key (SKA/eka) access information
CreateEkaKeyCreate smart (EKA/SKA) key
CreateIntegrityKeyCreate integrity key (for SKA use)
GetAttestationGet key attributes (attested/signed)
ModifyEkaModify smart key (SKA/EKA) attributes
SetKeyFlagEkaSet key flag on SKA/EKA key
SignEkaSign test with SKA/EKA

KeytoolX & JarsignerX

Commands used for subcommands of KeytoolX and JarsignerX.

CommandDescription
KeytoolXAdapter to keytoolX
JarsignerXAdapter to jarsignerX

Bring Your Own Key

Commands used for different BYOK procedures.

CommandDescription
AzureByokExportWrap-export RSA, EC, or AES key, for Azure BYOK
AwsKmsByokExportWrap-export a AES key for AWS KMS BYOK
SalesforceByokExportWrap-export a AES/HMAC key derivation for Salesforce BYOK (currently in testing)

Elliptic Curve Integrated Encryption Scheme

Commands used for ECIES procedures.

CommandDescription
IesChunkingEncryptECIES chunking file encryption
IesChunkingDecryptECIES chunking file decryption
IesEncryptECIES file encryption
IesDecryptECIES file decryption

EMV

Commands used for EMV procedures.

CommandDescription
ImportKeySplitImport of plain key split into 3 parts (EMV)
ImportKeyWrappedZmkImport of key encrypted (wrapped)
ExportKeyWrappedZmkExport of key encrypted (wrapped)
ExportKeySplitExport of plain key split into 3 parts (EMV)

Signing

Commands used for signing and signature verification.

CommandDescription
SignSign test
JarSignatureCheckCheck Primus JCE provider (primusX.jar) code signature
Get started withCloudHSM for free.
Other questions?Ask Sales.
Feedback
Need help?