# Generate a Key Pair

Run the following commands at a Linux or macOS command line to generate a key pair consisting of a private key and a public key.

```sh
openssl genrsa -out private.key 4096
```

This command generates a private key in the specified location (in this case, because no file path was provided, the private key is generated in the current directory, in a file named `private.key`). Next you need to extract the public key, which is shared with StrongDM to encrypt logs and other data.

```sh
openssl rsa -pubout -in private.key -out public.pem
```

If you look at `public.pem` you see text similar to the following:

```
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyfST3A2ayVY9NVEoYk88
wA73JQEieNML0yS4gGXuTnvoPwijXh2Ez/eDbtg2u9+R1iz9kxE2LOfQB9OH2qzo
omlt7ua1IHGRQS+tGWeoA5Im4tRZOcS3w28uOnepy2ofoc+MtwpXyuY7ch4s+fUD
slcUY+BLhCWJpqp2cIgqivcVjcwNaF+nonqKzPpfqquke3u4bno3Urcq9qIHEb+H
ebomt96nFqwXqOyZrr8kvhckuKHZzBAdQiTocAhjvAxmzl+NzDanE3VAnLIZgapH
NawjUiiSBo6Ox2d65qtv+lg7dh3zq7iSgmm4ljeYjlXdASz6OW8EfCyltX3Vuc4W
GGUMtjEVxD6jKmheKHvbIig9NiewpgxFXQUznM70PguByWw5GPkt/jj5WWPx2X1Z
ab3J2JKqoWoOEvtR9aje1MKasZVD47CQKRE+MYN3J2I3mhsXNt/9dZTz/VLtRTUa
pMexP7N/i7wPhbsIgFyqqCqWgEZ+qgWJ+Yl13aI20GfFrUwTdh34o4t6LboCWs9e
Pn9ntRIxbaC448DDBylxnxyZUCE5eK8QBQfY72yLwnLHLztjJeLy4l7wv5fZwDlz
9HasFk0H8cZkNU3UZMjezYv0tYcaN8ko31TD2uLcquc/lylIWGlE0W4oXbOFcIvt
FRpBqdDfjdHwUVhJIfy8DkECAwEAAQ==
-----END PUBLIC KEY-----
```

This data is what you copy and paste into the StrongDM Admin UI when you turn on encryption at the StrongDM gateway and/or relay level and choose to use your own public key. Remember to copy and paste the **entire** contents of the key into the text box, including the lines:\
\
`-----BEGIN PUBLIC KEY-----`\
and\
`-----END PUBLIC KEY-----`

Store your private key (`private.key` by default) in a safe place. If you lose this key you cannot decrypt your logs, queries, and sessions.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.strongdm.com/admin/audit/logs/key-generation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.