I generated a keypair in Cloud HSM by giving a keystore file. I downloaded the keystore file and opened it in keystore explorer and I see symmetric and asymmetric key entries. As per AWS documentation, only the certificate corresponding to keypair is stored in the local keystore file.
I exported the private key but it is not complete. As the expected public is exportable and complete.
I assume, Cloud HSM maintains a reference to all the entries with partial key info. Is it correct?
Generate keypair with a certificate with store file
keytool -genkeypair -alias alias1 -keystore /home/user/my_cloudhsm/my-cloudhsm.store "CN=alias1.example.com, OU=Research, O=Acme, L=XYZ, ST=CA, C=US" -storetype CLOUDHSM -storepass password -keyalg rsa -keysize 2048 -sigalg sha512withrsa -validity 360 -dname -J-classpath '-J/opt/cloudhsm/java/*' -J-Djava.library.path=/opt/cloudhsm/lib
