You should generate a separate key pair for each type of credential usage. For example, do not reuse the same key pairs for both JAR and Private Key JWT Authentication.
When you register the public key with Auth0, you must provide the public key encoded in PEM format. You may provide this as an X.509 certificate encoded in PEM format. Auth0 enforces a minimum RSA key size of 2048 bits and a maximum key size of 4096 bits. We recommend using OpenSSL to generate a 2048-bit RSA key pair.
  1. Generate a private key and a public key in PEM. You should safeguard the private key and never share it, not even with Auth0:
openssl genrsa -out test_key.pem 2048
  1. Extract the public key in PEM format using the following command. This command extracts the public key details so it can be safely shared without revealing the details of the private key:
openssl rsa -in test_key.pem -outform PEM -pubout -out test_key.pem.pub The example below shows the contents of the test_key.pem.pub PEM file: 
----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA53VzmIVVZZWyNm266l82 mnoDc9g/snXklax5kChEhqK/WnTUvuXP4Gd4THj8rchxgUGKXd4PF3SUcKyn/qPm Tet0idVHk2PwP//FOVgYo5Lb04js0pgZkbyB/WjuMp1w+yMuSn0NYAP7Q9U7DfTb jmox8OQt4tCB4m7UrJghGqT8jkPyZO/Ka6/XsyjTYPOUL3t3PD7JShVAgo1mAY6g Sr4SORywIiuHsg+59ad7MXGy78LirhtqAcDECKF7VZpxMuEjMLg3o2yzNUeWI2Mg IF+t0HbO1E387fvLcuSyai1yWbSr1PXyiB2aXyDpbD4u7d3ux4ahU2opH11lBqvx +wIDAQAB -----END PUBLIC KEY-----
  1. Save the PEM file. You will need the key contents in other application configuration steps.

Learn more