Create Approver (OpenSSL)
- OpenSSL
- Approver Management - API
- HSM
To generate a secure key pair for an "approver" using OpenSSL, follow these steps. Note that it's important to ensure a high-quality entropy source to generate truly random keys, which is crucial for cryptographic security.
openssl req -new -x509 -nodes -sha256 -newkey ec -days 3650 -subj '/CN=FinanceOfficer1' -keyout finance-officer-1.key -out finance-officer-1.crt
The OpenSSL command above generated two files:
- finance-officer-1.key
- finance-officer-1.crt
Use this command to extract the public key and then add it to SKA-Key's policy:
openssl x509 -pubkey -noout -in finance-officer-1.crt
Use the Approver Management API Endpoints to create Key's within the HSM.
When considering using the Securosys Authorization App (Available on Google Playstore) this option is the easiest for you. Tutorial on how to setup the App is shown here.
Create and persist the approval key's within the HSM.
POST: /v1/key
{
"label": "finance-officer-1",
"password": null,
"algorithm": "EC",
"curveOid": "1.2.840.10045.3.1.7",
"attributes": {
"decrypt": false,
"sign": true,
"unwrap": false,
"extractable": false,
"modifiable": true,
"destroyable": true,
"copyable": false
},
"policy": null
}
Response: Extract the public-key
from the create key response and then add it to SKA-Key's policy:
"json": {
"label": "finance-officer-1",
...
"publicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBSBisLXR8Lsdpsc9JFeFYzMegPqufyNjk6ncWOFbb9bPMuM3I6SSDzwFNX+XvVO1EkfavxaXQcH43sEuKeYGKw==",
"addressTruncated": null,
"attributes": {
...
}