CODEWITHSUNDEEP
azureelliptic-curveazure-keyvault
ThanhPT
ThanhPT

Reputation: 31

Does Azure Key Vault support ECC(Elliptic Curve Cryptography)?

Does Azure Key Vault support ECC(Elliptic Curve Cryptography)?

Upvotes: 1

Views: 2097

Answers (3)

fafrd
fafrd

Reputation: 1136

Yes. Here's how I imported an EC key using Microsoft.Azure.KeyVault.WebKey in .NET.

Construct JSON web key and azure KeyBundle:

JsonWebKey jwk = new JsonWebKey();
jwk.CurveName = JsonWebKeyCurveName.P256;
jwk.Kty = "EC";
jwk.D = ec_d; // ec_d is a 32-byte byte array representing the private key
jwk.X = ec_x; // ec_x is a 32-byte byte array representing the x coordinate
jwk.Y = ec_y; // ec_x is a 32-byte byte array representing the y coordinate

KeyBundle keyBundle = new KeyBundle
{
    Key = jwk
};

Construct request:

string keyName = "testECkey1";
await kvClient.ImportKeyAsync(vault.Properties.VaultUri, keyName, keyBundle);

You'll need to have authenticated to Azure first. I used a lot of the example code here: https://github.com/Azure-Samples/key-vault-dotnet-authentication/blob/master/KeyVaultAuthSample.cs

Once I figured out the right jwk parameters I got the error "EC key is not valid - bad crypto service output". Turns out I was pushing my bytes up little endian when they needed to be big endian, so I just used Array.Reverse.

Also, I had to extract the X and Y coords from the EC public key manually. This was helpful: https://davidederosa.com/basic-blockchain-programming/elliptic-curve-keys/

Upvotes: 1

Dylan
Dylan

Reputation: 1144

It looks like Elliptic Curve is now supported in Azure.

There is a tutorial online in F# with someone using it https://tomislav.tech/2018-01-31-ethereum-keyvault-generating-keys/

Or there is also some information in the documentation now.

It is not marked as complete here https://feedback.azure.com/forums/216840-security-and-compliance/suggestions/10877748-ecc-support-for-azure-key-vault but the latest comment says it is now supported.

Upvotes: 1

scott_lotus
scott_lotus

Reputation: 3275

Good question. I dont believe EEC is supported yet, Christos Matskas (MS Azure Dev) blog from March 17th 2017 states:

"The service currently supports symmetric RSA keys but there is already scope for adding asymmetric and elliptic curve key support in future releases. The keys can be generated either by using the service or you can choose to import existing keys. For keys generated using the service, there are 2 types of supported algorithms:

  • Simple RSA
  • RSA-HSM

In addition USER VOICE has at least two user requests asking for this feature to be implemented, you can add your feedback request here too.

Ref:

https://blogs.technet.microsoft.com/uktechnet/2017/03/17/application-security-with-azure-key-vault/

https://feedback.azure.com/forums/216840-security-and-compliance/suggestions/10877748-ecc-support-for-azure-key-vault

https://feedback.azure.com/forums/586780-blockchain/suggestions/17940250-support-ecc-signing-within-key-vault

Upvotes: 0

Related Questions