3.4.8.2 Create a Key Pair for Transaction Token

The application supports including a MicroTx signed transaction token which is unique to each MicroTx transaction.

When you set transactionTokenEnabled to true, MicroTx creates a new token called tmm-tx-token, which is a signed transaction token. When transaction initiator begins a request, the MicroTx responds with the tmm-tx-token. To secure calls from the participant services to MicroTx, the MicroTx library passes tmm-tx-token in the request header. You don't have to create the tmm-tx-token transaction token or pass it in the request header. The MicroTx library creates this token based on the private-public key pair that you provide.

The transaction token that you generate must have the following attributes:

• Asymmetric algorithm: RSA 3072
• Key length: 3072 bits
• Hash algorithm: SHA256

Before you begin, ensure that you have installed OpenSSL.

1. Create RSA private key with key length as 3072 bits by using the following command:

   openssl genrsa -aes256 -out private.pem 3072

2. Enter a pass phrase at the command prompt, and then press enter. Remember the pass phrase as you will have to provide it later.

   A new file called private.pem is created in the current working folder. This file contains the RSA private key value.

3. Create a RSA public key for the private key that you have generated. Use the following command:

   The following command creates a new file called public.pem in the current working folder. This file contains the RSA public key value.

   openssl rsa -in private.pem -outform PEM -pubout -out public.pem

4. Run the following command to base64 encode the private.pem file.

   Example command

   base64 private.pem

   The base64-encoded value of the private.pem file is returned.

   Example response

   LS0tLS...LS0tLQo=

   The example response has been truncated with ellipses (...) for readability.

   Note down the base64-encoded value of the private.pem file.

5. Create a Kubernetes secret with the base64-encoded value of the private.pem file.

   The following command creates a Kubernetes secret with the name TMMPRIVKEY1 in the otmm namespace, where you want to install MicroTx.

   kubectl create secret generic TMMPRIVKEY1 \ --from-literal=secret='LS0tLS...LS0tLQo=' -n otmm

   Note down the name of the Kubernetes secret. You will need to provide this value later in the values.yaml file.

6. Run the following command to base64 encode the public.pem file.

   Example command

   base64 public.pem

   The base64-encoded value of the public.pem file is returned.

   Example response

   LS0tLS...LS0tCg==

   The example response has been truncated with ellipses (...) for readability.

   Note down the base64-encoded value of the public.pem file.

7. Create a Kubernetes secret with the base64-encoded value of the public.pem file.

   The following command creates a Kubernetes secret with the name TMMPUBKEY1 in the otmm namespace.

   kubectl create secret generic TMMPUBKEY1 \ --from-literal=secret='LS0tLS...LS0tCg==' -n otmm

   Note down the name of the Kubernetes secret. You will need to provide this value later in the values.yaml file.

8. Create Kubernetes secret with the value as private key pass phrase that you had provided in step 2.

   The following command creates a Kubernetes secret with the name TMMPRIVKEYPASSWD1 and key pass phrase as <pph...> in the otmm namespace.

   kubectl create secret generic TMMPRIVKEYPASSWD1 \ --from-literal=secret='<pph...>' -n otmm

   Where, <pph...> is the private key pass phrase. Replace this with a value specific to your environment.

   Note:

   Do not base64-encode the key pass phrase, as you must enter the key pass phrase in plain-text format.

   Note down the name of the Kubernetes secret. You will need to provide this value later in the values.yaml file.