Generate RSA keys
This procedure explains how to generate a pair of RSA keys that you can use to sign and verify JWTs.
-
Create a private RSA keys that are between 1024 and 4096 bits long. You have a
jwtRSA256-private.pem
private key in PEM format.openssl genrsa -out jwtRSA256-private.pem 2048
Don't add a passphrase.
-
Extract a public key from the private key.
openssl rsa -in jwtRSA256-private.pem -pubout -outform PEM -out jwtRSA256-public.pem
Sample contents of the
jwtRSA256-public.pem
public key in PEM format:-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2vOMbfP11bZDIrTRVH4f k6VOfvSx3XnDSfqgwcvX1f0fxyOp7xHhA6ZOv9cN726RuNB/g1nE3G5ugOS3f28N rAPeADetuk6ZzeEWy/WHBQCW8k2O9uMWxmMSZiMLwwWXMUCBXe0L2qKAoVJIS9Nh 0ihEdIf6XDZvQPbnNrX3wW9gcPHQwuBjD6r0jO59tPQEwVfScE1qqwLJzqDq/xR3 JIxPnZf1H4JiOHDYxIePmrsL+lq/F1CK1U1Ei8tDGpBJ9Dvg+ra7MfWksROTJct0 n0Te3gjG98EaSsld9vCFe5sebb3zJ6tWaZyYaP8UQlgk4MfNC5bmIdodx15oHOzO lJPeP7U25+x2T2QiFKWPQSNYdCwDCMV6kUuRKgHbEitTnURtHA4Kl0LbdQgLkXe/ nF3tanLC9Y2dFOD18hHlpu87hY45hY6TnOENEqOlTvXiKsmEbB2ICXpAGIU4cw8u AAd5r9EzmjMrnzsM2z3dwFJqOhas2TUbMR/JGJOYQhWiXW574gPcGX7ejCYj9DG2 spIYwcSPv9pQnUObfjmJDyKr/y1g++D5mMyJ5myNlg+ixSSGWIsVb7mZFSjg5Wnq 11XVNfTY6lt6jfq7ZIc6vDQFw3ZwBQKYbdn+UmyxelkiScYaZPU8wXi0ZCgNVZR/ 9zWuZV+w4v3j7EfuemACqukCAwEAAQ== -----END PUBLIC KEY-----
Updated almost 2 years ago