Generate a keyfile locally
To generate issuer keyfiles, you can either use our generate page or on your own computer. This page explains how to generate keyfiles on your own computer.
Step 1: Install GnuPG
Keyfiles are nothing more than a OpenPGP public/private keypair in a text file, so all you need to generate a keyfile locally is GnuPG .
- Windows: Install Gpg4win
-
Mac:
brew install gnupg
-
Debian/Ubuntu:
sudo apt-get install gnupg
(should already be installed)
Step 2: Generate a keypair
Once you have GnuPG installed, you need to generate an elliptic curve keypair.
gpg --expert --full-gen-key # select "ECC (sign only)" # select "Curve 25519" or "NIST P-256" # select 0 (key does not expire) # select y (for "is this correct?") # for Real Name, type your issuer name # for Email address, leave blank (just press Enter) # for Comment, leave blank (just press Enter) # select O (for Okay) # set an encryption password for your new keypair # done!
Step 3: Find your keypair fingerprint
Once you have generated your keypair, find the fingerprint for it by listing your secret keys.
gpg --list-secret-keys
Will print something like:
/path/to/pubring.kbx -------------------------------------- sec ed25519 2021-04-12 [SC] 68632A32FFDB8EB9ED589CDEF246AA78FD1EFDB1 <--- this is your fingerprint uid [ultimate] Test Issuer <--- make sure this matches your issuer name
Step 4: Print out your keypair
You now need to print out the public and private keys.
gpg --export --armor YOUR_FINGERPRINT_HERE
Will print something like:
-----BEGIN PGP PUBLIC KEY BLOCK----- mDMEYFimDh... (long string of base 64 characters) -----END PGP PUBLIC KEY BLOCK-----
Also print out your private key:
gpg --export-secret-key --armor YOUR_FINGERPRINT_HERE
Will print something like:
-----BEGIN PGP PRIVATE KEY BLOCK----- lFgEYHO9oh... (long string of base 64 characters) -----END PGP PRIVATE KEY BLOCK-----
Step 5: Copy your public and private keys to a single text file
Open a text editor and copy/paste the public and private keys you printed out in Step 4 into that text file.
Your text file should look something like this:
-----BEGIN PGP PUBLIC KEY BLOCK----- mDMEYFimDh... (long string of base 64 characters) -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PRIVATE KEY BLOCK----- lFgEYHO9oh... (long string of base 64 characters) -----END PGP PRIVATE KEY BLOCK-----
Save your text file as keyfile.asc
.
Step 6: Done!
Congratulations! You've just created a keyfile on your local computer.
Remember: KEEP YOUR KEYFILE SAFE
Anyone with your keyfile can issue QR codes as you, and if it gets compromised
your only option is to revoke all your previously issued QR codes to
prevent someone from issuing fake QR codes in your name.
Next: Issue a QR code on your local computer
You can also issue QR codes using your keyfile in our online interface.
You can also register as an issuer with your keyfile.
Have questions? Email support@vax.codes for assistance.