Child pages
  • Key Generation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


titlePrepare to Generate a New Private Signing Key!

Read the IdP Key Handling topic (or the SP Key Handling topic) before generating a new private keyBefore generating a new private signing key for your IdP, read the IdP Key Handling topic.

A private key used for message-level signing and encryption is necessarily an online key, that is, it must be available to the SAML software at runtime. An online key may be encrypted, but the password or passphrase used to decrypt the key generally has to be available in an unencrypted file so that the SAML software can be restarted in unattended fashion. Therefore an online key is considerably more vulnerable than an offline key, and must be protected accordingly. In particular, a private key stored in the file system as an ordinary file should have strict permissions to prevent unauthorized copying.