I have 2 servers with pair of RSA public and private keys.
I need to establish a trust between 2 servers: I need to copy a public key form the first server to the second server and the public key from the second server to the first server.
Note that it is not Diffie–Hellman key exchange (that explained very well here "Diffie-Hellman Key Exchange" in plain English).
The simplest way is just manually copy the public keys from one server to another. Additional option is to use the following homegrown flow:
- Generate a one-time token on the first server
- Copy the token manually to the second server
- The first servers accesses the second server via API. Ase the token for the API authentication. The API implementation exchanges public keys between servers
Any suggestions to improve the flow?
Do we have some best practices flow since homegrown flows usually bad for security?