Store keys in files
You can generate a private and public key pair and store it in files.
The following command generates a key pair in the new.pub and new.key files. Provide the passwords at the interactive prompt that displays. Alternatively, leave the password empty to create an unencrypted (unlocked) private key file.
Don't use unlocked private key files in production environments, as the private keys are exposed.
tessera -keygen -filename new
Generate multiple key pairs by providing a comma-separated list of values:
tessera -keygen -filename /path/to/key1,/path/to/key2
You can use the following command to automatically generate an unlocked private key file.
tessera -keygen -filename new < /dev/null
You can configure Tessera to use file-based keys.
Update password protected private keys
You can update the password of a file-based private key using the --keys.keyData.privateKeyPath command line option.
Run any of the following commands to set a new password:
- Add a password to an unlocked key:
tessera -updatepassword --keys.keyData.privateKeyPath /path/to/.key
- Change the password of a locked key. This requires providing the current password for the key (either inline or as a file):
- Inline
- File
tessera -updatepassword --keys.keyData.privateKeyPath /path/to/.key --keys.passwords <password>
tessera -updatepassword --keys.keyData.privateKeyPath /path/to/.key --keys.passwordFile /path/to/pwds
- Use different Argon2 options from the defaults when updating the password. You only need to provide options if you wish to override their defaults:
tessera --keys.keyData.privateKeyPath <path to keyfile> --keys.keyData.config.data.aopts.algorithm <algorithm> --keys.keyData.config.data.aopts.iterations <iterations> --keys.keyData.config.data.aopts.memory <memory> --keys.keyData.config.data.aopts.parallelism <parallelism>