-
Notifications
You must be signed in to change notification settings - Fork 0
Keys
The master key is the key that is used to decrypt archived files. It's the most important part of the instance. If the master key is lost, then all the access to the data is lost as well.
The master key can be generated using the pre-installed Crypt4GH tool (check previous steps): crypt4gh generate -n <NAME>. You will be prompted for a passphrase. This will produce a key-pair. The public key will be listed publicly on the NFEGA portal and will be used by the users to encrypt data. The private key will be stored inside TSD and used by microservices to decrypt the data. This should be generated only inside in order to enforce security and reduce the risks of key leakage. The passphrase should be stored in a separate file (note that this file should not end with a newline).
Normally, JWT access tokens for DOA will be signed by OpenID provider (like ELIXIR AAI). However, temporarily, we use self-signed tokens, because ELIXIR AAI is not technically capable (yet) to provide us with the tokens that would bear all required information. For this purpose there should be generated an RSA key pair:
-
openssl genrsa -des3 -out private.pem 2048(Comment: probably without -des3 [encryption/password protection of key] when we use it together with ./utils.py script ) openssl rsa -in private.pem -outform PEM -pubout -out public.pem
Then the private part will be used to self-sign the tokens and the public part will be used to validate them (see the further configuration of the microservices).