ICR Program
HomeProjectsCreditsTransactionsInsights
  • Welcome to the ICR program documentation
    • About ICR
      • ICR Team
        • Gudmundur Sigbergsson
        • Olafur "Oli" Torfason
        • Bjorn H. Helgason
        • Thordur "Thor" Agustsson
        • Alondra Silva Munoz
        • Dr. Rannveig Anna Guicharnaud
        • Robert Huldarsson
        • Ria Antil
        • Alvaro Vallejo Rendón
      • ICR's Mission Statement
      • ICR's Context
      • Leadership
        • Leadership and Commitment
        • Policies
          • Quality policy
          • KYC/KYB Compliance Policy
          • Grievance policy
          • Anti-Corruption Compliance Policy
          • Impartiality policy
          • ICR Privacy and Cybersecurity Policy
          • Diversity, Equality, and Inclusion policy
        • Organizational Roles, Responsibilities, and Authorities
          • Leadership
            • Chief Executive Officer (CEO)
            • Chief Operating Officer (COO)
            • Chief Technology Officer (CTO)
            • Chief Product Officer (CPO)
            • Chief Science Officer (CSO)
            • Chief Marketing Officer (CMO)
            • ICR Board
              • Members
                • Daníel F. Jónsson
                • Kristján I. Mikaelsson
              • ICR Board Procedures v3.0
            • ICR Program Advisory Panel
              • Members
              • ICR Program Advisory Panel 3.0
          • ICR Program Advisory Panel
            • Amit Sharma
            • Geetha Gopal
            • Javier Castro
          • Forums
            • ICR Project Proponent and Developer forum
              • ICR Project Proponent and Developer Forum Terms of Reference
            • ICR Stakeholder forum
              • ICR Stakeholder Forum - Terms of Reference
            • ICR VVB forum
              • ICR VVB Forum Terms of Reference
            • ICR Forum Guidelines
            • Forum Application
          • Committees
            • Appeals Committee
              • ICR Appeals Committee Terms of Reference
      • Articles of Association for International Carbon Registry ehf.
  • Fundamentals
    • Climate change
    • Kyoto protocol
    • Paris Agreement
      • Nationally Determined Contributions
      • Carbon Markets Under the Paris Agreement
    • Voluntary Carbon Markets
    • Compensation
      • ÍST 92
      • ISO 14068-1:2023
  • ICR Program
    • Overview
    • Fundamentals
      • ISO
        • ISO 14064
          • ISO 14064-1
          • ISO 14064-2
          • ISO 14064-3
          • ISO 14068-1
      • Project Origination
      • Additionality
      • ICR Registration Process
      • Validation and verification
        • Accreditation
    • Definitions
      • ICR Definitions v3.1
        • Version history
          • ICR Definitions v3.0
          • ICR Definitions v2.0
          • ICR Definitions v1.0
    • Methodology Development
      • Criteria
        • ICR Methodology Requirements v3.0
        • Version history
          • ICR Methodology Requirements 2.0
          • ICR Methodology Requirements 1.0
      • Procedural
        • ICR Methodology Approval Process v3.0
        • Version history
          • ICR Methodology Approval Process v2.0
          • ICR Methodology Approval Process v1.0
      • ICR Methodologies
        • Under development
          • M-ICR001
          • M-ICR002
          • M-ICR003
          • M-ICR004
          • M-ICR005:
          • M-ICR006
          • M-ICR007
          • M-ICR009
          • M-ICR011
        • Approved ICR Methodologies
      • Templates
        • Concept note
          • Older versions
        • Methodology description
          • Older versions
        • Methodology summary
          • Older versions
    • Project development
      • Criteria
        • ICR Requirement Document v6.0
          • Version history
            • ICR Requirement Document v5.0
            • ICR Requirement Document v4.0
      • Procedural
        • ICR Process Requirements v6.1
          • Version history
            • ICR Process Requirements v6.0
            • ICR Process Requirements v5.0
            • ICR Process Requirements v4.0 Final
            • ICR Process Requirements v3.0
        • ICR Article 6 2 procedures v1.0
      • Templates
        • Project concept description (PCD)
          • Older versions
        • Project design description (PDD)
          • Older versions
        • Monitoring report (MR)
          • Older versions
        • Project design description and monitoring report
          • Older versions
        • Letter of attestation
        • Non-performance report
          • Older versions
        • Non-permanence event report
          • Older versions
        • Non-permanence risk assessment
        • Non-performance risk assessment
      • Tools
        • ICR Tool for Environmental and Socio-economic Safeguards and Sustainable Development
      • Approved methodologies, modules and tools
        • ICR approved methodologies, modules and tools v4.0
    • Validation and verification
      • Validation and Verification Bodies
      • Criteria
        • ICR validation and verification specifications v2.0
          • Version history
            • ICR validation and verification specifications v1.0
      • Templates
        • Methodology validation report (MValR)
          • Older versions
        • Validation report (ValR)
          • Older versions
        • Verification report (VerR)
          • Older versions
        • Validation and verification report (ValVerR)
          • Older versions
    • Terms and conditions
      • Terms and Conditions - Users
      • Terms and Conditions - Project
      • ICR Terms and Conditions Market Participants
      • Fee Schedule 2024-2025
      • 🔦ICR KYC/KYB Complience Policy
      • ICR Terms and Conditions - Organizations
        • Older versions
          • ICR Terms and Conditions - Organizations
    • Public consultation
      • Methodologies
        • 2023
          • M-ICR0001
          • M-ICR0002
          • M-ICR0003
          • M-ICR0004
          • M-ICR0005
        • 2024
          • M-ICR0006
        • 2025
          • M-ICR009
          • M-ICR007
          • M-ICR011
      • ICR Program
        • 2023
          • Specifications to guide validation and verification
          • Program revision August 2023
        • 2024
          • Program Revision - July 2024
    • Grievance
      • ICR Grievance process
        • Submit a Complaint
    • Document Library
      • Documents
  • Biodiversity Program
    • Overview
    • Fundamentals
    • Definitions
    • Requirements
      • Templates
        • Concept note
    • Public consultation
    • Document Library
    • Fee Schedule - Biodiversity Pilot Phase 2024-2025
  • Carbonregistry.com
    • Marketplaces
      • Terms and Conditions - Trading Hub
    • On Chain
      • How it works
      • Credit data
      • Contracts
      • Retiring Credits Onchain
    • Registry user guide
      • Introduction
      • Get started
        • Create a user account
          • User profile
            • Authentication
            • Documents
            • API
          • KYC
        • Create an organizational account
          • KYB
      • Account management
        • User account management
        • Organizational account management
          • Projects
          • Users
          • Documentation
          • Settings
          • API
      • Project proponents and developers
        • Registering a project
          • Create a New Project
            • New Project Home Screen
            • Project mitigations
            • Project location
            • Benefits
            • Documents and files
            • People and Organizations
              • People
              • Organizations
            • Home screen tabs
              • Overview
              • Mitigations
              • Benefits
              • Documents
              • People
              • Media
              • VVB
            • Submit for ICR Review
          • Manage a project
          • Transition
          • Page
          • Transition
          • Validation/verification
          • Authorized representatives
          • Finish
        • Credits
          • Ex-ante issuance
          • Ex-post issuance
          • Transferring credits
          • Retiring credits
          • Cancelling credits
        • Side Panel
        • Page 1
      • Organizations
        • Account management
        • Credits
        • Retiring credits
      • Insights
    • API
      • Apps
        • Using ICR apps
          • Approve new permissions
          • Review installations
        • Creating ICR apps
          • About creating ICR apps
            • Best practices
          • Registering an ICR app
            • Permissions
            • Webhooks
              • Webhook actions and payloads
              • Handle deliveries
              • Validate deliveries
              • Handle failed deliveries
            • Callback URLs
        • Authentication
          • Authenticate as an app
          • Generate a JWT
          • Authenticate as an installation
          • App private keys
          • Authenticate as an organization
        • Examples
          • Setting up an ICR app
          • Requesting credit action for organization
          • Interacting with the organization warehouse
      • Endpoints
        • V0.5
          • Apps
          • Organizations
          • Inventory
          • Projects
          • Retirements
          • Warehouse
          • Credits
          • Documents
          • Utility
        • V1 - Beta
          • Organizations
          • Projects
          • Transactions
          • Retirements
          • Credit actions
          • Subaccounts
          • Utility
      • Environments
      • Versions
      • Authentication
    • The Credit Bundler
      • Purchasing Credits
      • Post Purchase: Accepting Credits
  • Quality management system
    • ICR QMS
Powered by GitBook
LogoLogo
On this page
  • About private keys for ICR apps
  • Generating private keys
  • Verifying private keys
  • Deleting private keys
  • Storing private keys
  1. Carbonregistry.com
  2. API
  3. Apps
  4. Authentication

App private keys

Each ICR app needs at least on RSA keypair. The keypair identifies an app and is the way your app authenticates app specific requests to ICR servers

PreviousAuthenticate as an installationNextAuthenticate as an organization

Last updated 1 year ago

About private keys for ICR apps

After you create an ICR App, you'll need to generate a private key in order to make requests to the ICR API as the application itself. For example, you need a private key to sign a JSON Web Token (JWT) in order to request an installation access token. For more information, see ""

You can create multiple private keys and rotate them to prevent downtime if a key is compromised or lost. To verify that a private key matches a public key, see "".

Private keys do not expire and instead need to be manually revoked. For more information about how to revoke a private key, see "."

You must keep private keys for ICR apps secure. For more information, see "".

Generating private keys

To generate a private key:

  1. Go to the "Credentials" tab of your app's dashboard.

  2. Click the button "Generate a private key"

  3. You will see a private key in PEM format downloaded to your computer. Make sure to store this file because ICR only stores the public portion of the key. For more information about securely storing your key, see "."

Verifying private keys

ICR generates a fingerprint for each private and public key pair using the SHA-256 hash function. You can verify that your private key matches the public key stored on ICR by generating the fingerprint of your private key and comparing it to the fingerprint shown on ICR.

To verify a private key:

  1. Find the fingerprint for the private and public key pair you want to verify in the "Private keys" section of the "Credentials" tab on your ICR app dashboard. For more information, see "".

  2. Generate the fingerprint of your private key (PEM) locally by using the following command:

    openssl rsa -in PATH_TO_PEM_FILE -pubout | openssl sha256 -binary | openssl base64
  3. Compare the results of the locally generated fingerprint to the fingerprint you see on your app's dashboard on Carbonregistry.com.

Deleting private keys

You can remove a lost or compromised private key by deleting it, but you must regenerate a new key before you can delete the existing key.

Storing private keys

The private key is the single most valuable secret for an ICR App. So make sure it is securely stored. You can store the key as an environment variable but just make sure you know the security implications of doing that. If an attacker gains access to the environment, they can read the private key and gain persistent authentication as the ICR App.

You should not hard-code your private key in your app, even if your code is stored in a private repository.

For more information, see "."

Best practices for creating an ICR App
Generating a JSON Web Token (JWT) for an ICR App
Verifying private keys
Deleting private keys
Storing private keys
Storing private keys
Generating private keys