Keytool usage with existing keys

Question

Hi, 
My question is about keytool usage (https://docs.aws.amazon.com/cloudhsm/latest/userguide/keystore-third-party-tools_5.html)
If we have keys that were already created into CloudHSM (created with previous keytool -genkeypair commands for example), can we create a new keystore and use those previously created keys (by re-importing the cert on the keystore?)

Use cases: 
* If you lost your keystore, (you are still able to see our keys into cloudhsm) so you are able to regenerate a new keystore and then re-import the signed certificate on it to use it properly.
* if you want to use keytool with existing keys created by another tool

Thanks a for the feedback,

Adrien

Answer

if keys were already created in CloudHSM using keytool or other methods, they can be imported into a new CloudHSM keystore.

To do this:
 -   Create a new empty CloudHSM keystore and load it.

- Use the key_mgmt_util importPrivateKey
    command to import each existing private key file into the HSM, specifying the new keystore alias.

- The public key certificate corresponding to each private key can then be imported into the new keystore using
    keytool -importcert
 - Save the keystore to persist the imported keys. The keystore can then be reloaded as needed to access the imported keys.

https://docs.aws.amazon.com/cloudhsm/latest/userguide/alternative-keystore.html

https://docs.aws.amazon.com/cloudhsm/latest/userguide/manage-keys.html

Keytool usage with existing keys

Relevant content