How do I create a public/private key pair?
Purpose
Use this procedure to create a public/private key pair, save the public key to a secret YAML file, and load the secret file to Kubernetes.
This procedure uses the openssl tool, version 3.0.3 or later. The tool should be available by default in a Linux environment.
Author names containing potentially confusing keywords, such as “NSP”, or “N0k1a” are blocked. If a secret file is created with a blocked author name, the signature is invalid and the bundle cannot be installed using the NSP Artifacts function.
Note: Only RSA format is currently supported, using the PCKS standard. The use of any other format will result in a key that is not accepted by the NSP Artifacts function.
Steps
1 |
Log in as the root or NSP admin user on a Linux system where openssl is available. |
2 |
Open a console window. |
3 |
Enter the following to generate a private key: # openssl genrsa -out private.pem 2048 ↵ |
4 |
Enter the following to create a public key: # openssl rsa -in private.pem -pubout -out publickey.pem ↵ |
5 |
Enter the following to encode the public key in base64 format: # cat public.pem | openssl base64 -e -A ↵ |
6 |
Designate a name to appear in the NSP UI as the name of the bundle author. Enter the following to encode the author name in base64: # echo -n author name | openssl base64 ↵ Note: The -n after the echo command is mandatory: without it the author name contains a new line character and the verification of the signed bundles fails. |
7 |
Enter the following to retrieve the Kubernetes name space of the artifact management application: # kubectl get pods -A | grep -i -e 'cam-server' -e 'NAMESPACE' ↵ The namespace value is output below the NAMESPACE heading. |
8 |
Create a YAML file as shown in the sample below. Configure the parameters:
Sample YAML: apiVersion: v1 data: author: public key: kind: Secret metadata: labels: type: public-key name: namespace: type: public-key |
9 |
Enter the following to load the YAML file into the Kubernetes system: # kubectl -n namespace apply -f filename.yaml ↵ |
10 |
If applicable, transfer the YAML file to all standby sites and repeat Step 9 on each site. |
11 |
Close the console window. End of steps |