From f8218aa898555614268a3fb1411ab6f02ea94cd0 Mon Sep 17 00:00:00 2001
From: Peter Havekes <peter@havekes.eu>
Date: Tue, 9 Jan 2024 09:02:11 +0100
Subject: [PATCH] Add information on keypairs

---
 README.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/README.md b/README.md
index b3556c24..47c38107 100644
--- a/README.md
+++ b/README.md
@@ -106,3 +106,16 @@ To become an institution admin in invite, add the following values as `eduPerson
 ### [Technical documentation](#technical-documentation)
 
 <https://openconext.github.io/OpenConext-Invite/>
+
+### Provisioning Secrets 
+The secrets (passwords / API-keys) used in provisionings are encrypted in OpenConext-Manage using keypairs.
+
+#### Create private / public keypair
+```
+openssl genrsa -traditional -out private_key.pem 2048
+openssl rsa -pubout -in private_key.pem -out public_key.pem
+```
+#### Convert private key to pkcs8 format in order to import it from Java
+```
+openssl pkcs8 -topk8 -in private_key.pem -inform pem -out private_key_pkcs8.pem -outform pem -nocrypt
+```