Key Generation

Introduction

Keys are used in the System ECDSA for signature of JWTs authentication. Keys ECDSA are used for their safety and lightness in relation to traditional keys RSA. Incomparação, a 256-bit ECDSAkey is as safe as a 3084-bitRSA* key.

An ECDSA key consists of two parts: the Private Key and the Public Key. Each has a defined function:

• Private key: The private key will be used for the signature of yourJWTsbefore sending them to the authentication server. -Public key: The public key will be used by the authentication server to verify the origin of the token as legitimate.

Under no circumstances expose your private key. By exposing it, you will be allowing an attacker to impersonate you and perform actions on your server name.

To generate a pair of keys, some encryption toolkit should be installed on your machine. During this tutorial, we will useOpenSSL, an alternative Open Source for generating cryptographic keys.

I'll be right there # Installing OpenSSL

Linux**:

OpenSSL is a native tool in most Linux distributions. There's no need to install it. Use OpenSSL via theopensslcommand in the terminal. [Scoffs] In most cases, OpenSSL will be installed. If theopensslcommand does not exist, install it through Homebrew as follows:

1. WithHomebrewinstalled in a terminal, enter the command below

brew install openssl@1.1

2. After installation, use OpenSSL via theopensslcommand in the terminal. I don't know The OpenSSL package is one of the facilities of git para Windows. After installing, use OpenSSL via theopensslcommand in the git terminal.

Generating keys ECDSA

To generate a private ECDSA key, run the following command in OpenSSL:

openssl ecparam -name secp256k1 -genkey -noout -out priv-key.pem

Understanding the command:

• ecparam: Key generation by elliptical curve with parameters
• name secp256k1: Key Generation algorithm name
• genkey: Parameter used to generate a key
• noout: Parameter used for OpenSSL not to add a coded version of key generation parameters in .pem file
• priv-key out. pem: Parameter used to set the file name where the key will be saved

You can check your newly created key using thecatcommand in thepriv-key.pemfile. The key should look like the key below:``` -----BEGIN EC PRIVATE KEY----- MHQCAQEEID+WM4WfWmD9ORXXRz5jUjQerHro6CTpeG9M0fDTEAT3oAcGBSuBBAAK oUQDQgAEalizNT3hu7qU56JQ4L1goFrRL11/c7gvTVBWYvXY52UQgFPUDgIrBtAl iaRmnJZFmJim7FTzqG8ZZ5eQdEzu2Q== -----END EC PRIVATE KEY-----

To derive the public key from the private key using OpenSSL, run:
```shell
openssl ec -in priv-key.pem -pubout > pub-key.pem

Understanding the command:

• ec: Elliptical curve analysis
• -in priva-key. pem: Parameter used to indicate the source of the key to be analyzed
• -pubout: Parameter used to indicate that output should be a public key
• pub-key.pem: Direction of output to filepub-key.pemYou can check your newly created key using thecatcommand in thepub-key.pemfile. The generated public key should look like:``` -----BEGIN PUBLIC KEY----- MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEalizNT3hu7qU56JQ4L1goFrRL11/c7gv TVBWYvXY52UQgFPUDgIrBtAliaRmnJZFmJim7FTzqG8ZZ5eQdEzu2Q== -----END PUBLIC KEY-----

# Final considerations
Proper generation and management of ECDSA keys are key to system security. Keep your private keys secure and use only the public key for system configuration.
# Read it too
- [Comunicação entre Servidor ACS e CPE](./comunicacao%20entre%20servidor%20acs%20e%20cpe)