Skip to main content
This section uses Java keytool to generate a new key pair on the CryptoHub, which you can use later to sign a JAR file with the Java jarsigner utility.
The JDK installation includes the keytool application that enables you to run the keytool commands in this section with no additional configuration.

Generate a key pair

Perform the following steps to generate a key pair on the CryptoHub:
1
Execute the following command:
Text
keytool -genkeypair -keyalg RSA -keysize 2048 -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerName SunPKCS11-Futurex -ext extendedKeyUsage=codeSigning -ext KeyUsage=digitalSignature
After execution, the keytool application prompts for information about the key pair you are generating.
2
When prompted for the KeyStore password in the preceding command, enter the CryptoHub identity password configured inside the <CRYPTO-OPR-PASS> tag in the fxpkcs11.cfg file.
Text
1. What is your first and last name?
<br>
[Unknown]:  www.example.com

2. What is the name of your organizational unit?
<br>
[Unknown]: Engineering

3. What is the name of your organization?
<br>
[Unknown]:  Futurex

4. What is the name of your City or Locality?
<br>
[Unknown]:  Bulverde

5. What is the name of your State or Province?
<br>
[Unknown]:  TX

6. What is the two-letter country code for this unit?
<br>
[Unknown]:  US

7. Is CN=www.example.com, OU=Engineering, O=Futurex, L=Bulverde, ST=TX, C=US correct?
<br>
[no]:  yes