Skip to main content

Private Key Generation

Generating an API Signing Key (Linux and Mac OS X)

Use the following OpenSSL commands to generate the key pair in the required PEM format.

  1. If you haven't already, create an .colortokens directory to store the credentials:

    mkdir ~/.colortokens

  2. Generate the private key with one of the following commands.

    • To generate the key, encrypted with a passphrase you provide when prompted:

      We recommend that you use a passphrase for your key.

      openssl genrsa -out ~/.colortokens/colortokens_api_key.pem -aes128 4096

    • To generate the key with no passphrase:

      openssl genrsa -out ~/.colortokens/colortokens_api_key.pem 4096

  3. Change the file permission to ensure that only you can read the private key file:

    chmod go-rwx ~/.colortokens/colortokens_api_key.pem

  4. Generate the public key from your new private key:

    openssl rsa -pubout -in ~/.colortokens/colortokens_api_key.pem -out ~/.colortokens/colortokens_api_key_public.pem

  5. Copy the contents of the public key to the clipboard using pbcopy, xclip or a similar tool (you'll need to paste the value into the Console later). For example:

    cat ~/.colortokens/colortokens_api_key_public.pem | pbcopy

Your API requests will be signed with your private key, and ColorTokens will use the public key to verify the authenticity of the request. You must upload the public key to IAM (instructions below).

Generating an API Signing Key (Windows)

If you're using Windows, you'll need to install Git Bash for Windows before running the following commands.

Be sure to include the openssl binary in your Windows path. On default installations, the openssl.exe file can be found in C:\Program Files\Git\mingw64\bin.

Use the following OpenSSL commands to generate the key pair in the required PEM format.

  1. If you haven't already, create a .colortokens directory to store the credentials. For example:

    mkdir %HOMEDRIVE%%HOMEPATH%\.colortokens

  2. Generate the private key with one of the following commands:

    • To generate the key that is encrypted with a passphrase you provide when prompted: Note - We recommend that you use a passphrase for your key.

      openssl genrsa -out %HOMEDRIVE%%HOMEPATH%\.colortokens\colortokens_api_key.pem -aes128 -passout stdin 4096

    • To generate the key with no passphrase:

      openssl genrsa -out %HOMEDRIVE%%HOMEPATH%\.colortokens\colortokens_api_key.pem 4096

  3. Generate the public key from your new private key:

    openssl rsa -pubout -in %HOMEDRIVE%%HOMEPATH%\.colortokens\colortokens_api_key.pem -out %HOMEDRIVE%%HOMEPATH%\.colortokens\colortokens_api_key_public.pem

  4. Copy the contents of the public key to the clipboard (you'll need to paste the value into the Console later). For example:

    type \.colortokens\colortokens_api_key_public.pem

Your API requests will be signed with your private key, and ColorTokens will use the public key to verify the authenticity of the request. You must upload the public key to IAM (instructions below).

How to Get the Key's Fingerprint

You can get the key's fingerprint with the following OpenSSL command.

For Linux and Mac OS X:

openssl rsa -pubout -outform DER -in ~/.colortokens/colortokens_api_key.pem | openssl md5 -c

For Windows:

If you're using Windows, you'll need to install Git Bash for Windows and run the command with that tool.

openssl rsa -pubout -outform DER -in \.colortokens\colortokens_api_key.pem | openssl md5 -c

When you upload the public key in the Console, the fingerprint is also automatically displayed there. It looks something like this:

12:34:56:78:90:ab:cd:ef:12:34:56:78:90:ab:cd:ef