search

google / certificate-transparency

Auditing for TLS certificates.
https://certificate.transparency.dev
Apache License 2.0
869 stars 283 forks source link

Document how to generate a key for a log #1079

Open philandstuff opened 8 years ago

philandstuff commented 8 years ago

To start a new log you need to generate a key for it.

What kind of key is acceptable? How should it be generated? Is there an example openssl (or other) command invocation to generate a key? I can't find any documentation around this.

benlaurie commented 8 years ago

Here's an example test that generates keys:

https://github.com/google/certificate-transparency/blob/master/cpp/server/ct-dns-server-test.py#L105

Feel free to send a PR with better documentation!

AlCutter commented 8 years ago

So, in openssl command line terms, Ben's example would be:

openssl ecparam -out key.pem -name secp256r1 -genkey
openssl ec -in key.pem -pubout -out pubkey.pem

which results in two files:

File Contents
key.pem PEM encoded private key
pubkey.pem PEM encoded public key

key.pem is then the file whose path you'd pass to the --key flag when starting the log server.