Skip to main content

Generate a key pair

You’ll need to provide a public key when registering your service.

You can generate a key pair (a public key and a corresponding private key) using OpenSSL.

You’ll need your private key when:

  • you’re registering your service to use GOV.UK One Login environments, such as integration or production
  • you request the token using the private key authentication mechanism on the /token endpoint
Warning Once you’ve generated your private key, you must store the key in a secure location, such as a file vault, and you must not share the private key.

Run the following on your command line to generate your key pair:

openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048

openssl rsa -pubout -in private_key.pem -out public_key.pem

You have now generated your key pair, which will appear on your machine as 2 files:

  • public_key.pem - this is your public key, which you should share with GOV.UK One Login
  • private_key.pem - this is your private key, which you should store securely and not share

Once you have generated your key pair, you can choose which user attributes your service can request.

This page was last reviewed on 14 October 2021.