Private and Public Key in Salesforce From Apex

I am using the function Crypto.sign(algorithmName, input, privateKey) from the Crypto class as follows:

String algorithmName = 'RSA';
String key = '';
Blob privateKey = EncodingUtil.base64Decode(key);
Blob input = Blob.valueOf('12345qwerty');
Crypto.sign(algorithmName, input, privateKey);

What I want to do is generate a private key and public key from the Salesforce environement. That is to say dynamically and not from my command prompt (using openSSL). Is it possible ?

Answer

Under Setup -> Certificate and Key Management you will find two options for doing so:

  1. Create Self Signed Certificate: creates/signs a private & public certificate. Will not be recognized by trust stores, but can be useful for internal applications

  2. Create CA-Signed Certificate: Will create a private key and a CSR which you can then have signed by a Root CA, and upload back into salesforce.

You can then use the crypto signWithCertificate & verify methods which accept a certDevName as a parameter.

NOTE: The private key is NOT accessible directly from apex.

Attribution
Source : Link , Question Author : Raphym , Answer Author : Adrian Larson

Leave a Comment