﷽
[String] Path to RSA public key file for associated client ID. This key must be present and readable at the time of starting the server.
You can use $RESIDUE_HOME
environment variable in this file path.
All the initial key exchange is done securely using this public key.
You can generate the key using OpenSSL for either previously created private key or generate new keypair altogether. We recommend 2048-bit or 3072-bit key. Any less may fail to encrypt the server information because of it's size and any more may be slow. 2048-bit key is secure enough until 2030 and beyond that we will need 3072-bit keys ref1
openssl genrsa -out private.pem 3072
If you wish to generated an encrypted key, we recommend AES-256
openssl genrsa -aes256 -out private.pem 3072
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
You must upload this public.pem
to residue server and provide path to readable uploaded file as public_key