Generate a key pair
You’ll need to provide a public key when registering your service.
You can generate a key pair (a public key and a corresponding private key) using OpenSSL.
You’ll need your private key when:
- you’re registering your service to use GOV.UK One Login environments, such as integration or production
- you request the token using the private key authentication mechanism on the
/tokenendpoint
Warning
Once you’ve generated your private key, you must store the key in a secure location, such as a file vault, and you must not share the private key.
Run the following on your command line to generate your key pair:
openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
openssl rsa -pubout -in private_key.pem -out public_key.pem
You have now generated your key pair, which will appear on your machine as 2 files:
public_key.pem- this is your public key, which you should share with GOV.UK One Loginprivate_key.pem- this is your private key, which you should store securely and not share
Once you have generated your key pair, you can choose which user attributes your service can request.
This page was last reviewed on 14 October 2021.