31 lines
1.1 KiB
PowerShell
31 lines
1.1 KiB
PowerShell
|
# generate-keys.ps1
|
||
|
|
# Generates RSA 2048 key pair for JWT RS256 signing
|
||
|
|
# Requires: PowerShell 7+ (pwsh)
|
||
|
|
# Usage: pwsh -File scripts/generate-keys.ps1
|
||
|
|
# Keys are written to src/api/SIGCM2.Api/keys/ (gitignored)
|
||
|
|
|
||
|
|
$keysDir = Join-Path $PSScriptRoot "..\src\api\SIGCM2.Api\keys"
|
||
|
|
$keysDir = [System.IO.Path]::GetFullPath($keysDir)
|
||
|
|
|
||
|
|
if (-not (Test-Path $keysDir)) {
|
||
|
|
New-Item -ItemType Directory -Path $keysDir | Out-Null
|
||
|
|
}
|
||
|
|
|
||
|
|
$privatePath = Join-Path $keysDir "private.pem"
|
||
|
|
$publicPath = Join-Path $keysDir "public.pem"
|
||
|
|
|
||
|
|
$rsa = [System.Security.Cryptography.RSA]::Create(2048)
|
||
|
|
$priv = $rsa.ExportRSAPrivateKeyPem()
|
||
|
|
$pub = $rsa.ExportRSAPublicKeyPem()
|
||
|
|
$rsa.Dispose()
|
||
|
|
|
||
|
|
Set-Content -Path $privatePath -Value $priv -Encoding UTF8 -NoNewline
|
||
|
|
Set-Content -Path $publicPath -Value $pub -Encoding UTF8 -NoNewline
|
||
|
|
|
||
|
|
Write-Host "RSA 2048 key pair generated:"
|
||
|
|
Write-Host " Private: $privatePath"
|
||
|
|
Write-Host " Public: $publicPath"
|
||
|
|
Write-Host ""
|
||
|
|
Write-Host "IMPORTANT: These files are gitignored. Regenerate on each dev machine."
|
||
|
|
Write-Host "For production: set env vars JWT__PrivateKey and JWT__PublicKey (PEM content)."
|