How to Generate a Secure Private Key
The security and privacy of your SAML deployment depends on the security of the private keys used for message-level signing and encryption, as well as the keys used to create secure back channels for transporting SAML messages over TLS. The corresponding public keys are bound to X.509 Certificates in Metadata, as discussed in the Key Usage topic. See the TLS Server Certificates topic regarding keys and certificates used for browser-facing TLS.
Prepare to Generate a New Private Key!
Develop a strategy for securing a private key before you generate it. For instance, the following strategy is highly recommended:
- Start with a secure system for your IdP or SP…and keep it that way!
- Generate the private key directly on the secure system
- Prevent the private key from ever leaving the secure system
- Ensure ongoing access to the private key is strictly controlled
If you generate the private key on any other system, then that system must also be secure. Indeed, every system the private key comes in contact with must be secure—at least as secure as the target system—or the private key must be encrypted at rest. Moreover, the private key must be encrypted while in transit to the secure system. All in all, that is much more work (and error-prone), so the best advice is don't do it. Generate your private keys on the target system (IdP or SP) in the first place.
It is easy to generate a private key and a corresponding long-lived, self-signed certificate with OpenSSL. On a linux system, type:
The above command will store the private key in file key.pem and the corresponding public key certificate in file cert.pem. The latter is ultimately added to SAML metadata.
Test your OpenSSL software installation
OpenSSL is a subtly complicated tool having many versions with various capabilities (and bugs). It is recommended that all OpenSSL commands be tested in advance to ensure that the tool is functioning as expected.
When you issue the above OpenSSL command, you will be prompted to enter a pass phrase for the purpose of decrypting an encrypted private key. If you're generating the private key directly on the target system, it is not necessary to encrypt the private key since it is assumed your host system is secure. Simply press return when prompted to enter a pass phrase or use the
-nodes option in the command above to issue an unencrypted private key straightaway.
If, however, you're generating the private key on any other host, you must encrypt the private key as stipulated earlier. Once the private key has been secured on the target system (IdP or SP), it may be decrypted in situ with the following OpenSSL command:
Simply press return when prompted to enter a new pass phrase.