Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Keytool usage with existing keys

0

Hi, My question is about keytool usage (https://docs.aws.amazon.com/cloudhsm/latest/userguide/keystore-third-party-tools_5.html) If we have keys that were already created into CloudHSM (created with previous keytool -genkeypair commands for example), can we create a new keystore and use those previously created keys (by re-importing the cert on the keystore?)

Use cases:

  • If you lost your keystore, (you are still able to see our keys into cloudhsm) so you are able to regenerate a new keystore and then re-import the signed certificate on it to use it properly.
  • if you want to use keytool with existing keys created by another tool

Thanks a for the feedback,

Adrien

Themen
Sicherheit, Identität & Konformität
Tags
AWS CloudHSM
Sprache
English
apailhes
gefragt vor 3 Monaten147 Aufrufe
1 Antwort
1

if keys were already created in CloudHSM using keytool or other methods, they can be imported into a new CloudHSM keystore.

To do this:

  • Create a new empty CloudHSM keystore and load it.

  • Use the key_mgmt_util importPrivateKey command to import each existing private key file into the HSM, specifying the new keystore alias.

  • The public key certificate corresponding to each private key can then be imported into the new keystore using keytool -importcert

  • Save the keystore to persist the imported keys. The keystore can then be reloaded as needed to access the imported keys.

https://docs.aws.amazon.com/cloudhsm/latest/userguide/alternative-keystore.html

https://docs.aws.amazon.com/cloudhsm/latest/userguide/manage-keys.html

AWS
AWS-CSingh
beantwortet vor 3 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt