C3 AI Documentation Home

Generate a Cryptographic Key

If you need to use a public or private key and your authentication provider only provides a JSON Web Key (JWK), generate a private or public key using the CryptoPublicKey or CryptoPrivateKey Types. Then, store the key and call the CryptoKey API to use the generated key.

Requirements

Complete the following requirements before you generate a cryptographic key:

  • Have access to an authentication provider.
  • Have a JWK from your authentication provider.
  • Have the ClusterAdmin role to generate a private key. You do not need a particular role to generate a public key.

Generate a private or public key

Complete the following steps to generate a private or public key:

  1. In the C3 AI Console for the application you want to configure, use the CryptoPrivateKey.fromJwk or CryptoPublicKey.fromJwk methods and the JWK value from your authentication provider to generate a private or public key.

    Here is an example command that uses the CryptoPrivateKey Type to create an instance of a private key:

    JavaScript
    privateKey = CryptoPrivateKey.fromJwk(`{
    "kty": "RSA",
    "kid": "b9c971d7-fbca-43d2-ba7b-bd2d78f4c982",
    "d": "qZjC_oh5-5PWw81L2gDZC3JjT9Zwc-G0iPTBKm9usQ9DXJCdfDeS4FykauezAPmoKYXpEprub3PdYcuf1t9qShHMgQHlHuExsLeydszaGCwBpcgNy1PZRnvPab9jM_KsxgqKsG1C3_r42t7380gvh97eOtsZEgKSUaqhauSNiL2wZaQMEidp9Ww5OnN2GE1oatMaa3U2ILBbz3eLOHL7S96BLbmR2iNhMZesfy7lJD6lZvKwoX3AMguFVM2c0DmX5CL_oxvibE5BensnyO-f8q317NoUnFTIH_sB8Qjgvi6O-37kYRCYx6TzCXpcvXSlu9lr6TiO5FnQt_sj8o4UAQ",
    "n": "xJrZxPMBmm46aavmWUzbsZ9cjvSnTVfb5Q2_kYNxKcSzMOn-MUWq4wIKjs2p4DJSs0FtRNtH1n7Uuf0gn65HiPGVq9ue4bLJcXmiVLYcshQPL9Ejx4f3yYoFQoO41L7gxHNPhTra4g77tN3TEmT02gl26RolUVpXDVgyc5smFqUCx_Ba2mOCvXYiusxV2MiMf8-RpUWx4Eh0wfz37fWSqzZ11X1GRlDJQLmmO-FFjR0H3LTZPBWQImelsQbQKkTHBob4evNyLJ-onQZQLCpHTcCE_lmzyTcDjD2X_3rDcyyOM1IyEMj8hPSm5dp-wrYzfzja6jON47GLrEeHHfgxTQ",
    "e": "AQAB",
    "p": "2pBja5nsoYt5S5htBb2-IHT4oO8z-WTr32YL8Y1OhWrDFVbS2jekGrLfnCus1DmgVEkipHXHjw_59mS_IWD4qYs9d8fDp87A6xcTV9ExhSvS2ZIyTNSMD-gU_kWzM2Sp-5zgH1PE9cyiOG1DTjK-SAwaYtrnvN3UWyh50X2bGoE",
    "q": "5keYvIsn19YLlyf3UuDDsAKi9-076F0xN_p4J17SfOV6pQGS8MXF8YXCpV6JiTroo244wc00Oxa9miP5bWPc2wa3h_jJvCWpkhNtRJMNXe4ZNeSDxZXQEn5HeXULy53QbRD9WDX_PsBf2_ZQyuUcgKmLF_xLIwHbm9zIxiWX-M0",
    "dp": "rQuEq7zCzWRQNLoKF3GTBr-V2lWJIPv2hHmXGzh14swUiOClMIC9PSZCRLOPsretaQ4-j1dxGKPdlGdPrG3KcvH7SMqw7juUIo2ykuTeAEIiPoCxsoLWIgHuHSOyLg6VRtF94U_BsZrDFUns8Azc-s4aVgpbT_2SFFqHmIWKOAE",
    "dq": "2jsnyCaoT6eNvGYnwOc5DGizQPoWOBN5PW-kxsrZ93sSS6W-N2d2O3lkCYwaE288YQVnzGJICWd3r8g_7Scien9XFwjzRdb7aG_4sXAaztWCFszFBE8BrUT3P2dpEkIw7-uV7C7gAfwV3EMGNgICjPwf0U9LdZWhJYiKzR17dFE",
    "qi": "fMk5kxTuFfz1En2J7eQaLIJU55lv5HRL8tQbNpNsLGJfR-FFFe0FFsabzwMWv3WQDBf8HYJicMZBhesOqC1uN1sjmVi7QYrz55PWIu8bGckBdBoFPCz9USjuI1DdsHUQrYmWvZrRc6ZeqgI_CNPy6aLGgjIJ3h-VgUD0nnbdi54"
    }`, true)

    This command creates an instance of the private key.

    Replace the JWK value with a JWK from your authentication provider. To generate a public key, use the CryptoPublicKey Type.

    Here is an example response:

    JSON
    {
    "type": "CryptoPrivateKey",
    "id": "b1884b24-016c-4644-8e15-ffca926f5e5a",
    "algorithm": "RSA",
    "pkcs": "PKCS8",
    "jwtAlgorithm": "RS512",
    "content": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCfG9EiSxcrft3W\nRSSnpBQ4aKQFZPbZW5BO094ovUkLOLdr/wRYUpAgft6R9zh/MchNEnoymtZGn69b\njHAZ13dgnr6VFkOSN8hUKGlBxUkqDYefdRGr7weA/q8bJTGs41kWiv6mnmYOOqvi\nfUFu91uc1UhDNMsXTa4+8ft46yz1ftapBihEyE67baVL5AYJ8VkTEb6+oOmpbhNJ\n65PFVPGyh0Ccz+36+ZnasmRUYidzZdO6o8jfHdHAdxv2ZLPpcjHsidTDex4DJkU2\nYrF2tEmbiuCv2tlaBPA7oiK4zK/1msfHzzMuZY0jBwXUFPhT4SaDSBUvHXPjHkjT\nU2FiyGHNAgMBAAECggEAdaKVXutxuADWdwMr9J4FLSeAjVR2hYGDEiTmzewUwy0t\nv7UOO1bfpIboe7bymGfwFbuhiSSdZB3QArm0cAa0BkWX1pZdYw/HFyHBoJUCYQsb\nyLM/W4UgYSjrwgAf2BlG1rnxSLM39TE/v/anmCleHHg8MyQnO5V9TKCQMnh+BwqT\nsBVUtEu0puSfb8h4qlwJRUDIcS52sUEf4gEkXlvGxP3LcTI71dLeuRp+bjvKSsNC\nFNTdXTqrQVxdlypqBj4J133gsLX1ejBp8KBu610YEw03CIfJb6CdDchrgv9VllXg\nnSNuiFsTMf/Q1EBIiKI3ez9HnTIMLKWrbsrAfzRkAQKBgQDJ92ZQfHGROwEwBvNc\ndY+hJ65dYk6P3Z3Xdgln/SxDHHVCvb4sd7aIF/yvgMsjqN5phlM9fAhHz3nxSsrn\ncS2wSL/XOUIbz74X2l9fg0svsO6pk1PvZjj9WPZhcWs/c5JQ8iKne67FZyGoMTFO\nf57N99MTaBy8ozrzYWeiZPs7TQKBgQDJrRtlOw9AWKIahSeQkwk5XZfTFyherfE3\njYDx03bsL6eVHkKUTCRplKy6I0MHGHizlvtP8Cu8qVaGQSw3K0nn0o8PDnOD+wNO\newju9nxC/RA/fgAtgiwlBb6hgf1hTd4z7m59M6FM6UkG10M+7mscl41LmA5/hw5E\nFNkkTi2AgQKBgFo9IgfgMlXziSpOULoFBPG6axvqarO5D2dPpBBEfFxYAMSbRrdT\nncjc/tfjsd/y+b0oeVTFcGW1fASlqFcUqJdVSfH98V2/ym2Z8ncYkKV0Zo5590zF\n3bzE3QDYzlSBbOSh633tsz8cP1uI70DloKzih/rpz70xKYvI/6b9e4sZAoGBAIFT\nep/d0ZfnvnvXK1nwkBezRuocjMy6Klb/bNKmUjp/DK35K6TBdxAlgOYUOqVQMgao\nKRxH3SQsSwnovRvbrJb2VTrIf5cA3kvzZfUnJuQmN8cfW6nTMc/D8UzMeNlu/7C5\nkyzCcQtLBcNXQw4ZAaXiIX96UMHCr4lE/UHkyBUBAoGBALtYUt4+TzqkFgalK2H3\n9ZEtIEmUCLklIfU+9mouG0K91u/i6ii42TgM+eeNEaokb/RRvcyfjAcndtzJjI3o\nvj+t4jmCwkv4D6dkEsIwn05/eCq3uY3aYVjtGvX06QC08NejO+u4PKFg0U4mP903\nmquTLTHxBgvjqBHRrfcVCsud\n-----END PRIVATE KEY-----\n",
    "signAlgorithm": "SHA512withRSA",
    "keyLength": 2048,
    "daysValid": 180
}

    This response contains a private key and information about the private key.

  2. Call the CryptoPrivateKey#setSecret or CryptoPublicKey#setConfig APIs to store the key in the CryptoKey API.

    Here's an example command that uses the instance of the private key and the CryptoPrivateKey#setSecret API:

    JavaScript
    privateKey.setSecret()

    This command stores the private key in the CryptoKey API. To store a public key, use an instance of the public key and the CryptoPublicKey#setConfig API instead.

Use the public or private key

Use the CryptoPrivateKey or CryptoPublicKey Types to pass the key you generated in the previous section.

For example, to allow calls to REST API endpoints with OAuth 2.0, you must pass a private key. Use CryptoKey where the configuration calls for a private key.

See Allow calls to REST APIs with OAuth 2.0 to learn more about allowing calls to REST API endpoints with OAuth 2.0.

See also

Was this page helpful?