For one of my new nodes, the user needs to generate a key pair (i.e. private key and corresponding public key). To make the whole thing a bit user-friendly, I would like the user to be able to generate a new key pair by a simple button in the node's config screen:
On the server side the httpAdmin endpoint generates a new key pair, and returns the key pair as json.
Both config screen fields will be filled (from the json).
Under the cover I would of course store both fields into the credentials of my node.
But not sure whether this is a secure way to generate a key pair. Would be nice if anybody can let me know if this is a decent solution, or should I do it somehow else?
If you want it secure then don't return them to the browser, just keep them on the server side, and return dummy values for the ui. However you are still then keeping both keys together which is still not the best.
Now a stupid question...
Can I store them in my flow when they don't arrive from the client part? Thought that if I did node.privateKey="xxx" on the server, that the value was lost after a deploy ...
You can use a keystore if you want to use them but keep them safe. The private key needs, of course, to be kept private otherwise, you will need to regenerate the keys regularly.
Julian (@TotallyInformation),
I indeed use a third-party tool that generates the key pair.
I will rewrite my code - based on Dave's advise - to make sure the keys are never passed to the frontend web application.
But I had hoped the Node-RED credentials was safe enough to store both private and public key (together). But for user friendliness, it would be very handy if both keys were available in my custom node...