#!/bin/bash

# Generate 2048-bit RSA private key (suppress all output)
openssl genpkey -algorithm RSA -out rsa-private.pem -pkeyopt rsa_keygen_bits:2048 >/dev/null 2>&1

# Extract the public key from the private key (suppress all output)
openssl rsa -in rsa-private.pem -pubout -out rsa-public.pem >/dev/null 2>&1

echo ""

# Base64 encode private key (for JWT_PRIVATE_KEY)
echo -n 'JWT_PRIVATE_KEY="'
openssl pkcs8 -topk8 -nocrypt -in rsa-private.pem -outform DER 2>/dev/null | base64 -w 0
echo '"'

# Base64 encode public key (for JWT_PUBLIC_KEY)
echo -n 'JWT_PUBLIC_KEY="'
openssl rsa -in rsa-private.pem -pubout -outform DER 2>/dev/null | base64 -w 0
echo '"'