Appendix C: Private Keys

The access tokens used in the ProfileSync-to-Salesforce workflow are signed by using PEM private keys. PEM (Privately-Enhanced Mail) is a base64-encoded file format commonly used for transmitting data, including cryptographic keys and certificates. A PEM private key looks similar to this:

-----BEGIN RSA PRIVATE KEY-----
BNzc1MUjAT2+R0OIDQVNlT7C+lTBmkgO1jsMiglg681BiHQ4iW1yrwp6EaMefScQ
GXnNg0JskqrecZvz7UH8dreXN5xXQsSQ8qwoogHVhTpOuQd2q6CVDQJyKz/WUUVV
tJDf/4NtQx7l1M5IqcHbdl2kQP3eKwiHOVIYF4TLfJLBAAbiyetYB4i8cdKMtqWz
TCoqfRmfjMBJpyQZRtpEmH1AP2flC/9uh7DoGdc4WX/L92j4bpP6/2Jsv0xhxGgc
GA1RFjJfxtTHdoYGf8Q9oywRMN4yZ6BNA/ZGinufjpKlDGt7vR+raJmJpydUIbBU
jrN0GuJ07p3c3nLb2bjKgyRTTsiKa3FxpowfoibmfFLYiqDN2o6tBBCFn1VV0HrB
hT0QSXnEbPpiivw60i1h3VbCxul5vIGiJGkJYzt2eWxrfXypk+9F2vK2LWnShaal
q44lfLyxJJHtB/bAMmF3+yzYWPIVoqbyuxzD6mau8sl+ffhN+FwkXKoFYEdP0ErJ
NJNTc+0YffbbHniiC7k9Y89ESpnRIqyk6AypMw4du4ERO+GkS9Pn7a8h+vcR2WRY
YdQKAyYQ1+Oo34TTZbAJajYT5CWLsRWYEuDmkeRcEiK26r+eKCq7DgP51xHIvQCD
erMyTvMkfcnmvt1XzzF6TU7bySeHBnate2B0wIBV9eFGxLFhCDXf9kwh47Y/dTLL
tmRLDTsWene+7D+N+tTePZbhA5c4VXN+aH0zTEusAeToeczVeOliv7RYz92qRicT
NxmoWEBOXxXTKOFyq6XxXukNo/sYf0c9Wj3ESssHsOSnAHXh447kyHDB/LLFKyMx
mYZlOPDU8wqB0UwecRnWyP85g10E6kuX2DqOsHZI30NJzQlodIgugO2coW/u068k
k/RXGQ7akpD2H94+0lQlpXN5ZtuCNFAxU3Ee38KfkzROJ9EtVJP3MhA1rOlWppRY
NOyyaB5t1WYGBl0U5+JaL6o1AifanAkdZz1D/tayk159Hf9yhUAMBceGHqejmBZz
eNeOjkitOtgeRibG7KWTbT2GLQxK+2eoeTPNGhSaTW+Wo1wsQTZjj/3M+YMsLyWw
fAmvCU56frsmUcfro75X9KWq8qEIHSvmV8H/52Z0JaX6BgFe9kZj/hv5rXE2EcMP
e3HSzSOwtee7Ud77/GeIgKyKGnfeQ+8Dd2y5PvnHSocmlDMCcW95Zt5Q3y5xpTzM
Qh/Wm7ASE79mAvgC80ZDqtD7mtfZEc/D9j1T5mbF8BxO5nomJgSdPjbjrSiFbFx4
sUKTEGAABG0ZBr1Abm7V5HY90PFGiaTsNcnwzoFz1Uztu0vZgqzlbPDfE/ocAbMI
7wFTw6JrsRPARjtWt/L+rT0LVi/kHJ2RFI7JZHvJfpuGWXR09L+uP2lxuxLq0W1B
j9EINeQ3xb50F+z+R1FHzGwY4Zl4jJbwXGu04Kn7Wp5OT+A7u8QhKNlpoCgP9HW3
xvQtv9vNmLu0XPsoZkc/fCMhb4PAan/GGDCNPNTLEPN21G4cA60OqYFeFPmlGvKG
R27awCAcu2xyUMWdlS3iDPmXRdp320r4wobYq4LApMJqABhzqFttIDwqMw/bDEY3
-----END RSA PRIVATE KEY-----

Although it might not look like it, the preceding private key consists of three lines:

  • The line -----BEGIN RSA PRIVATE KEY-----.
  • The key itself (BNzc1MUjA … qMw/bDEY3).
  • The line -----END RSA PRIVATE KEY-----.

That's important to know, because this three-line key must be converted to a single line before it can be used in your JSON file; this is done by replacing the newline characters at the end of the first two lines with \n. In other words, the private key must be formatted like this:

-----BEGIN RSA PRIVATE KEY-----\nBNzc1MUjA … qMw/bDEY3\n-----END RSA PRIVATE KEY-----