Create Approver (OpenSSL)

OpenSSL

To generate a secure key pair for an "approver" using OpenSSL, follow these steps. Note that it's important to ensure a high-quality entropy source to generate truly random keys, which is crucial for cryptographic security.

    openssl req -new -x509 -nodes -sha256 -newkey ec -days 3650 -subj '/CN=FinanceOfficer1' -keyout finance-officer-1.key -out finance-officer-1.crt

The OpenSSL command above generated two files:

• finance-officer-1.key
• finance-officer-1.crt

Use this command to extract the public key and then add it to SKA-Key's policy:

openssl x509 -pubkey -noout -in finance-officer-1.crt

Approver Management - API

Use the Approver Management API Endpoints to create Key's within the HSM.

When considering using the Securosys Authorization App (Available on Google Playstore) this option is the easiest for you. Tutorial on how to setup the App is shown here.

HSM

Create and persist the approval key's within the HSM.

POST: /v1/key

{
    "label": "finance-officer-1",
    "password": null,
    "algorithm": "EC",
    "curveOid": "1.2.840.10045.3.1.7",
    "attributes": {
        "decrypt": false,
        "sign": true,
        "unwrap": false,
        "extractable": false,
        "modifiable": true,
        "destroyable": true,
        "copyable": false
    },
    "policy": null
}

Response: Extract the public-key from the create key response and then add it to SKA-Key's policy:

"json": {
    "label": "finance-officer-1",
    ...
    "publicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBSBisLXR8Lsdpsc9JFeFYzMegPqufyNjk6ncWOFbb9bPMuM3I6SSDzwFNX+XvVO1EkfavxaXQcH43sEuKeYGKw==",
    "addressTruncated": null,
    "attributes": {
    ...
}