Authorized Key

There are two ways to generate a dxflow key:

Method 1: Using dxflow CLI

To generate a dxflow key using the built-in CLI command, this creates a new RSA key pair for authenticating with the dxflow engine.

Command

dxflow key generate [NAME]

Parameters

• [NAME] - Optional parameter to specify the key name. If omitted, defaults to rsa.

Steps

1. Execute the command with your desired key name (or use default)
2. The system will generate an RSA key pair for dxflow authentication

Output Files

The command generates two files in your current directory:

Method 2: Using ssh-keygen

Generate a dxflow key using the standard SSH key generation utility. This method creates an RSA key pair compatible with the dxflow engine.

Command

ssh-keygen -t rsa -b 2048 -C "<your_email@example.com>"

Parameters

• -t rsa - Specifies RSA key type
• -b 2048 - Sets key length to 2048 bits
• -C - Adds a comment (typically your email)

Steps

1. Execute the command above, replacing <your_email@example.com> with your actual email
2. When prompted for file location:
   • Press Enter to use default location (~/.ssh/id_rsa)
   • Or specify a custom path and filename
3. Optionally set a passphrase when prompted

Output Files

The command generates two files:

Key Management

After generating your key pair, you can register it with the dxflow engine:

Register a Key

dxflow key register <public-key-path>

List Registered Keys

dxflow key list

Remove a Key

dxflow key unregister <key-id>

Authentication Process

The dxflow engine uses RSA challenge-response authentication:

1. Challenge Request: Client requests authentication challenge
2. Nonce Generation: Server generates random nonce with identity
3. Signature Creation: Client signs nonce with private key (RSA-PKCS1v15 + SHA256)
4. Verification: Server verifies signature and issues JWT token
5. Token Storage: Token automatically stored in profile configuration

Security Notice