Best place to generate a key pair

Hi folks,

For one of my new nodes, the user needs to generate a key pair (i.e. private key and corresponding public key). To make the whole thing a bit user-friendly, I would like the user to be able to generate a new key pair by a simple button in the node's config screen:

  1. User clicks the 'Generate new key pair' button.
  2. On the server side the httpAdmin endpoint generates a new key pair, and returns the key pair as json.
  3. Both config screen fields will be filled (from the json).
  4. Under the cover I would of course store both fields into the credentials of my node.

But not sure whether this is a secure way to generate a key pair. Would be nice if anybody can let me know if this is a decent solution, or should I do it somehow else?


If you want it secure then don't return them to the browser, just keep them on the server side, and return dummy values for the ui. However you are still then keeping both keys together which is still not the best.

Morning Dave,
that is indeed true ...

Now a stupid question...
Can I store them in my flow when they don't arrive from the client part? Thought that if I did node.privateKey="xxx" on the server, that the value was lost after a deploy ...

Yes, you need to write to a file.

Also, how are you generating the keys? Generally, to be of use, they have to be cryptographically created which requires a specialist tool.

You can use a keystore if you want to use them but keep them safe. The private key needs, of course, to be kept private otherwise, you will need to regenerate the keys regularly.

Julian (@TotallyInformation),
I indeed use a third-party tool that generates the key pair.

I will rewrite my code - based on Dave's advise - to make sure the keys are never passed to the frontend web application.

But I had hoped the Node-RED credentials was safe enough to store both private and public key (together). But for user friendliness, it would be very handy if both keys were available in my custom node...

You could embed the keys in a configuration node. I believe that the data will be encrypted using Node-RED's key that you set in settings.js?

This should, at least, prevent it from being exported easily.

As always, a lot depends on the level of risk and the value of the system and its data.

1 Like

Ok, was already redesigning to use config nodes, since I needed the keys in multiple nodes. Thanks!!!