Generate RSA keys

This procedure explains how to generate a pair of RSA keys that you can use to sign and verify JWTs.

  1. Create a private RSA keys that are between 1024 and 4096 bits long. You have a jwtRSA256-private.pem private key in PEM format.

    openssl genrsa -out jwtRSA256-private.pem 2048
    

📘

Don't add a passphrase.

  1. Extract a public key from the private key.

    openssl rsa -in jwtRSA256-private.pem -pubout -outform PEM -out jwtRSA256-public.pem
    

    Sample contents of the jwtRSA256-public.pem public key in PEM format:

    -----BEGIN PUBLIC KEY-----
    MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2vOMbfP11bZDIrTRVH4f
    k6VOfvSx3XnDSfqgwcvX1f0fxyOp7xHhA6ZOv9cN726RuNB/g1nE3G5ugOS3f28N
    rAPeADetuk6ZzeEWy/WHBQCW8k2O9uMWxmMSZiMLwwWXMUCBXe0L2qKAoVJIS9Nh
    0ihEdIf6XDZvQPbnNrX3wW9gcPHQwuBjD6r0jO59tPQEwVfScE1qqwLJzqDq/xR3
    JIxPnZf1H4JiOHDYxIePmrsL+lq/F1CK1U1Ei8tDGpBJ9Dvg+ra7MfWksROTJct0
    n0Te3gjG98EaSsld9vCFe5sebb3zJ6tWaZyYaP8UQlgk4MfNC5bmIdodx15oHOzO
    lJPeP7U25+x2T2QiFKWPQSNYdCwDCMV6kUuRKgHbEitTnURtHA4Kl0LbdQgLkXe/
    nF3tanLC9Y2dFOD18hHlpu87hY45hY6TnOENEqOlTvXiKsmEbB2ICXpAGIU4cw8u
    AAd5r9EzmjMrnzsM2z3dwFJqOhas2TUbMR/JGJOYQhWiXW574gPcGX7ejCYj9DG2
    spIYwcSPv9pQnUObfjmJDyKr/y1g++D5mMyJ5myNlg+ixSSGWIsVb7mZFSjg5Wnq
    11XVNfTY6lt6jfq7ZIc6vDQFw3ZwBQKYbdn+UmyxelkiScYaZPU8wXi0ZCgNVZR/
    9zWuZV+w4v3j7EfuemACqukCAwEAAQ==
    -----END PUBLIC KEY-----