AWS seems to allow us to have the AWS Cloud HSM as a provider, See here and here
Security.addProvider(new com.cavium.provider.CaviumProvider())
In the samples from GKE however we seem to only have bouncy castle as a provider. See here
Security.addProvider(new BouncyCastleProvider());
Maybe i am missing something fundamental.
Would like to do a initsign as below JCA API
I've implemented a JCA provider for Google Cloud HSM (as well as Azure Key Vault and AWS KMS) as part of the Jsign project. It performs direct API calls and doesn't rely on the gcloud CLI or the Google Cloud SDK. Usage looks like this:
String keyring = "projects/first-rain-123/locations/global/keyRings/mykeyring";
SigningService service = new GoogleCloudSigningService(keyring, token, null);
Provider provider = new SigningServiceJcaProvider(service);
KeyStore keystore = KeyStore.getInstance("GOOGLECLOUD", provider);
keystore.load(null, "".toCharArray());
PrivateKey key = (PrivateKey) keystore.getKey(alias, null);
Signature sig = Signature.getInstance("SHA256withRSA", provider);
sig.initSign(key);
sig.update(data);
byte[] signature = sig.sign();