Generate RSA Key Pair

When you register the public key with Auth0, you must provide the public key encoded in PEM format. You may provide this as an X.509 certificate encoded in PEM format. Auth0 enforces a minimum RSA key size of 2048 bits and a maximum key size of 4096 bits. We recommend using OpenSSL to generate a 2048-bit RSA key pair.

1. Generate a private key and a public key in PEM. You should safeguard the private key and never share it, not even with Auth0:

openssl genrsa -out test_key.pem 2048

2. Extract the public key in PEM format using the following command. This command extracts the public key details so it can be safely shared without revealing the details of the private key:

openssl rsa -in test_key.pem -outform PEM -pubout -out

The example below shows the contents of the PEM file:

----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA53VzmIVVZZWyNm266l82 mnoDc9g/snXklax5kChEhqK/WnTUvuXP4Gd4THj8rchxgUGKXd4PF3SUcKyn/qPm Tet0idVHk2PwP//FOVgYo5Lb04js0pgZkbyB/WjuMp1w+yMuSn0NYAP7Q9U7DfTb jmox8OQt4tCB4m7UrJghGqT8jkPyZO/Ka6/XsyjTYPOUL3t3PD7JShVAgo1mAY6g Sr4SORywIiuHsg+59ad7MXGy78LirhtqAcDECKF7VZpxMuEjMLg3o2yzNUeWI2Mg IF+t0HbO1E387fvLcuSyai1yWbSr1PXyiB2aXyDpbD4u7d3ux4ahU2opH11lBqvx +wIDAQAB -----END PUBLIC KEY-----

Was this helpful?


3. Save the PEM file. You will need the key contents in other application configuration steps.

Learn more