ByronKweh
commented
6 months ago You have to get it from SingPass (basically the government entity managing this)
Open aqshah20 opened 1 year ago
ByronKweh
commented
6 months ago You have to get it from SingPass (basically the government entity managing this)
benjamin-richardson-circular
commented
3 weeks ago where do I get the application private signing key and application private encryption keys?
You need to generate these keys yourself. You will get a public and private pair for the signing key, and the encryption key. The public pair needs to be hosted in your .well-known/keys.json and you configure on the MyInfo Portal the location of this well-known keys file. This is a very similar setup to what MyInfo does for their well known key files eg. https://test.authorise.singpass.gov.sg/.well-known/keys.json
The private keys should be passed into the MyInfo connector by providing their location on the filesystem so they can be securely read at run-time. Make sure they are not part of the code repo, but injected at runtime via a secure mechanism to maintain them as 'secret'.
There is an article here (not mine, thanks to Zaw Htut Win) on how to generate the key pairs https://dev.to/zawhtutwin/myinfo-cert-and-jkws-2mb5
where do I get the application private signing key and application private encryption keys?