Key Pair Authentication for Snowflake Database
Generating a Pair of Key Based Authentication
Key-based authentication involves generating a pair of cryptographic key files. These files consist of a private key and a public key, which uniquely identifies the user. Key pair authentication provides an enhanced level of security for authentication when compared to basic methods such as using a username and password. This authentication method requires a minimum 2048-bit RSA key pair. The private-public key pair for Privacy Enhanced Mail (PEM) can be generated using OpenSSL.
Note:
Key pair authentication is currently supported in Adapter for JDBC for Snowflake database only.
Follow the steps given below to setup the key pair authentication between the Adapter for JDBC and the Snowflake database. To set up key pair authentication:
1. Install Open SSL on your system.
2. Open a terminal or command prompt to use OpenSSL commands to generate the key pair.
3. Generate a private key and certificate using the following command:
openssl req -x509 -newkey rsa:2048 -keyout {privatekey.pem} -out {cert.pem}
-sha256 -days 730 -nodes -subj
"/C={country}/ST={state}/L={city}/O={organisation}/OU={organisation_unit}/CN={common_name}"
For example:
openssl req -x509 -newkey rsa:2048 -keyout privatekey.pem -out my_cert.pem
-sha256 -days 730 -nodes -subj
"/C=US/ST=Ohio/L=Columbus/O=Software Co/OU=Adapters/CN=soco"
This command will generate a 2048-bit RSA private key in PEM format, for example:
—–BEGIN PRIVATE KEY—–
MIIE6TjjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/3pg9veETm
—–END PRIVATE KEY—–
4. Using the private key, you can generate the corresponding public key using the following command:
openssl rsa -in {privatekey.pem} -pubout -out {publickey.pub}
For example:
openssl rsa -in privatekey.pem -pubout -out pubkey.pub
This command will extract the public key from the private key in PEM format. For example:
—–BEGIN PUBLIC KEY—
MIIBIjjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/3pg9veETm
—–END PUBLIC KEY—–
Securely store both the private and public keys in a local directory and record the path to the files. Encrypt the private key using the passphrase.
5. Using the private key generated in step 3, generate a keystore file in either PKCS#12 or JKS format using the following command:
openssl pkcs12 -export -name {alias} -in {cert.pem} -inkey {privatekey.pem}
-out {key.p12}
For example:
openssl pkcs12 -export -name privatekey -in my_cert.pem -inkey privatekey.pem
-out mykeystore.p12
Note:
Use the keystore file generated in this step to create a keystore alias and use it for key pair authentication. For more information on keystore and creating keystore alias, see the webMethods Integration Server Administrator’s Guide.