5.2.2 Locally generate the DApp access key pair
If the DApp service you participate in adopts Public Key Upload Mode for its application access key, you will need to generate the pair of public and private keys on the local client then save the private key locally and upload the public key to BSN via the portal.
It is recommended to use the latest version of OpenSSL to generate the keys. Please use the prime256v1 cryptographic algorithm for Hyperledger Fabric andsecp256k1 for FISCO BCOS. The steps are as follows:
Preparation: Download the latest version of OpenSSL from https://www.openssl.org/source/ and create a data.txt file in which some test phrases are entered, such as - Hello world.
Input "OpenSSL" in the terminal to show the open SSL command line.
- Input the command - "ecparam -name prime256v1 -genkey -out key.pem" to generate a private key file key.pem.
OpenSSL> ecparam -name prime256v1 -genkey -out key.pem
- Input the command - "ec -in key.pem -pubout -out pub.pem" to generate a public key file pub.pem with the private key in the key.pem file.
OpenSSL> ec -in key.pem -pubout -out pub.pem read EC key writing EC key
- Input the command - "dgst -sha256 -sign key.pem -out signature.bin data.txt" to sign the data.txt file with the private key in the key.pem file to generate the signature file: signature.bin.
OpenSSL> dgst -sha256 -sign key.pem -out signature.bin data.txt
- Input the command - "dgst -verify pub.pem -sha256 -signature signature.bin data.txt". Use the public key in the pub.pem file to sign and verify the data.txt and signature.bin files.
OpenSSL> dgst -verify pub.pem -sha256 -signature signature.bin data.txt Verified OK
- If "Verified OK" is displayed, input the command - "base64 -in signature.bin -out signature64.txt" to convert the signature file signature.bin to base64 encoded signature64.txt.
OpenSSL> base64 -in signature.bin -out signature64.txt
- Input the command - "pkcs8 -topk8 -inform PEM -in key.pem -outform PEM -nocrypt -out keypkcs8.pem" to convert the private key in the key.pem file to pkcs8 format.
OpenSSL> pkcs8 -topk8 -inform PEM -in key.pem -outform PEM -nocrypt -out keypkcs8.pem
- Save the keypkcs8.pem file locally and copy all the contents of pub.pem, data.txt, and signature64.txt to the public key, test data, and signature data text boxes respectively on the Public Key Upload Mode page to verify the public key and submit it to BSN.