Skip to main content

Key Pairs Required

Two sets of RSA/ECC key pairs are needed before making any API calls.

1. Company Key Pair (RSA)

Used to authenticate all API requests. Generated once per company. Keys must be RSA, base64-encoded, minimum 2048 bits. 
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
import os

def generate_rsa_keypair(company):
    rsa_private_key = rsa.generate_private_key(
        public_exponent=65537, key_size=2048, backend=default_backend()
    )
    private_key_pem = rsa_private_key.private_bytes(
        serialization.Encoding.PEM,
        serialization.PrivateFormat.PKCS8,
        serialization.NoEncryption()
    )
    with open(os.path.join("keys", company + ".private.pem"), "wb") as f:
        f.write(private_key_pem)

    public_key_pem = rsa_private_key.public_key().public_bytes(
        serialization.Encoding.PEM,
        serialization.PublicFormat.SubjectPublicKeyInfo
    )
    with open(os.path.join("keys", company + ".public.pem"), "wb") as f:
        f.write(public_key_pem)

generate_rsa_keypair("ZTEST")

2. User Key Pair (ECC)

Each API user (maker and checker) needs an Elliptic Curve key pair using SECP256R1. 
openssl ecparam -name prime256v1 -genkey -noout -out ./private-key.pem
openssl ec -in ./private-key.pem -pubout -out ./public-key.pem
Share with Zodia: the user’s email, ECC public key, and assigned roles (Viewer, Maker, Checker).

Onboarding Checklist

  1. Generate company RSA key pair
  2. Send company_pub_key to customerservice@zodia.io
  3. Generate ECC key pairs for at least one maker and one checker user
  4. Send user emails, public keys, and roles to customerservice@zodia.io