Pem Public Key

 admin

Private key contains: modulus, private exponent, public exponent, prime 1, prime 2, exponent 1, exponent 2 and coefficient. Public key contains only modulus and public exponent. Once you can read these numbers from one format and put them to another, you can covert keys. You can also export public keys for private ones this way. Browse other questions tagged ssl-certificate openssl certificate public-key or ask your own question. The Overflow Blog Podcast 335: Open source contributors helped a helicopter fly on Mars.

Whether you're using an Oracle client (see Software Development Kits and Command Line Interface) or a client you built yourself, you need to do the following:

Key
  1. Create a user in IAM for the person or system who will be calling the API, and put that user in at least one IAM group with any desired permissions. See Adding Users. You can skip this if the user exists already.
  2. Get these items:

    • RSA key pair in PEM format (minimum 2048 bits). See How to Generate an API Signing Key.
    • Fingerprint of the public key. See How to Get the Key's Fingerprint.
    • Tenancy's OCID and user's OCID. See Where to Get the Tenancy's OCID and User's OCID.
  3. Upload the public key from the key pair in the Console. See How to Upload the Public Key.
  4. If you're using one of the Oracle SDKs or tools, supply the required credentials listed above in either a configuration file or a config object in the code. See SDK and CLI Configuration File. If you're instead building your own client, see Request Signatures.
Important

This key pair is not the SSH key that you use to access compute instances. See Security Credentials.

Both the private key and public key must be in PEM format (not SSH-RSA format). The public key in PEM format looks something like this:

How to Generate an API Signing Key

Note
You can use the Console or command line tools available for Linux, Mac OS or Windows to generate an API signing key.

Generating an API Signing Key (Console)

You can use the Console to generate the private/public key pair for you. If you already have a key pair, you can choose to upload the public key. When you use the Console to add the key pair, the Console also generates a configuration file preview snippet for you.

The following procedures work for a regular user or an administrator. Administrators can manage API keys for either another user or themselves.

About the Config File Snippet

When you use the Console to add the API signing key pair, a configuration file preview snippet is generated with the following information:

  • user - the OCID of the user for whom the key pair is being added.
  • fingerprint - the fingerprint of the key that was just added.
  • tenancy - your tenancy's OCID.
  • region - the currently selected region in the Console.
  • key_file- the path to your downloaded private key file. You must update this value to the path on your file system where you saved the private key file.

If your config file already has a DEFAULT profile, you'll need to do one of the following:

  • Replace the existing profile and its contents.
  • Rename the existing profile.
  • Rename this profile to a different name after pasting it into the config file.

You can copy this snippet into your config file, to help you get started. If you don't already have a config file, see SDK and CLI Configuration File for details on how to create one. You can also retrieve the config file snippet later for an API signing key whenever you need it. See: To get the config file snippet for an API signing key.

To generate an API signing key pair

Prerequisite: Before you generate a key pair, create the .oci directory in your home directory to store the credentials. See SDK and CLI Configuration File for more details.

  1. View the user's details:
    • If you're adding an API key for yourself:
    • If you're an administrator adding an API key for another user: Open the navigation menu and click Identity & Security. Under Identity, click Users. Locate the user in the list, and then click the user's name to view the details.
  2. Click Add API Key.
  3. In the dialog, select Generate API Key Pair.
  4. Click Download Private Key and save the key to your .oci directory. In most cases, you do not need to download the public key.

    Note: If your browser downloads the private key to a different directory, be sure to move it to your .oci directory.

  5. Click Add.

    The key is added and the Configuration File Preview is displayed. The file snippet includes required parameters and values you'll need to create your configuration file. Copy and paste the configuration file snippet from the text box into your ~/.oci/config file. (If you have not yet created this file, see SDK and CLI Configuration File for details on how to create one.)

    After you paste the file contents, you'll need to update the key_file parameter to the location where you saved your private key file.

    If your config file already has a DEFAULT profile, you'll need to do one of the following:
    • Replace the existing profile and its contents.
    • Rename the existing profile.
    • Rename this profile to a different name after pasting it into the config file.
  6. Update the permissions on your downloaded private key file so that only you can view it:
    1. Go to the .oci directory where you placed the private key file.
    2. Use the command chmod go-rwx ~/.oci/<oci_api_keyfile>.pem to set the permissions on the file.
To upload or paste an API key

Prerequisite: You have generated a public RSA key in PEM format (minimum 2048 bits). The PEM format looks something like this:

  1. View the user's details:
    • If you're adding an API key for yourself:
    • If you're an administrator adding an API key for another user: Open the navigation menu and click Identity & Security. Under Identity, click Users. Locate the user in the list, and then click the user's name to view the details.
  2. Click Add API Key.
  3. In the dialog, select Choose Public Key File to upload your file, or Paste Public Key, if you prefer to paste it into a text box
  4. Click Add.

    The key is added and the Configuration File Preview is displayed. The file snippet includes required parameters and values you'll need to create your configuration file. Copy and paste the configuration file snippet from the text box into your ~/.oci/config file. (If you have not yet created this file, see SDK and CLI Configuration File for details on how to create one.)

    After you paste the file contents, you'll need to update the key_file parameter to the location where you saved your private key file.

    If your config file already has a DEFAULT profile, you'll need to do one of the following:

    • Replace the existing profile and its contents.
    • Rename the existing profile.
    • Rename this profile to a different name after pasting it into the config file.
To get the config file snippet for an API signing keyThe following procedure works for a regular user or an administrator.
  1. View the user's details:
    • If you're getting an API key config file snippet for yourself:
    • If you're an administrator getting an API key config file snippet for another user: Open the navigation menu and click Identity & Security. Under Identity, click Users. Locate the user in the list, and then click the user's name to view the details.
  2. On the left side of the page, click API Keys. The list of API key fingerprints is displayed.
  3. Click the the Actions icon (three dots) for the fingerprint, and select View configuration file.

    The Configuration File Preview is displayed. The file snippet includes required parameters and values you'll need to create your configuration file. Copy and paste the configuration file snippet from the text box into your ~/.oci/config file. (If you have not yet created this file, see SDK and CLI Configuration File for details on how to create one.) After you paste the file contents, you'll need to update the key_file parameter to the location where you saved your private key file.

    If your config file already has a DEFAULT profile, you'll need to do one of the following:
    • Replace the existing profile and its contents.
    • Rename the existing profile.
    • Rename this profile to a different name after pasting it into the config file.

Key.pem can contain anything - a certificate with a public key, an SSH public key, public key + private key, certificate with a public key + private key while key.pub contains public key in Open SSH format.

Below are the steps to extract the public key from .pem file to access ec2 servers.

Private Key

Note: Download “Git” to extract public key(.pub) from .pem file.

Link: https://git-scm.com/downloads

Pem Public Key Format

  1. Access the location where the .pem file is saved.
  2. Right click on the location and click on select Git Bash Here as shown in the screenshot.
  3. Execute the below command in the console to extract public key.

    ssh-keygen -y -f private_key1.pem > public_key1.pub

    Eg. ssh-keygen -y -f jamcracker.pem > jamcracker.pub

  4. The public key will be extracted in the same location as pem file & the format of the key is ‘.pub’. Open the file with Notepad ++ or Editplus.