Open aqshah20 opened 1 year ago
You have to get it from SingPass (basically the government entity managing this)
where do I get the application private signing key and application private encryption keys?
You need to generate these keys yourself. You will get a public and private pair for the signing key, and the encryption key. The public pair needs to be hosted in your .well-known/keys.json
and you configure on the MyInfo Portal the location of this well-known keys file. This is a very similar setup to what MyInfo does for their well known key files eg. https://test.authorise.singpass.gov.sg/.well-known/keys.json
The private keys should be passed into the MyInfo connector by providing their location on the filesystem so they can be securely read at run-time. Make sure they are not part of the code repo, but injected at runtime via a secure mechanism to maintain them as 'secret'.
There is an article here (not mine, thanks to Zaw Htut Win) on how to generate the key pairs https://dev.to/zawhtutwin/myinfo-cert-and-jkws-2mb5
where do I get the application private signing key and application private encryption keys?