Azure Key Vault RSA encryption with 2048 key - not supported?

Question

I created an RSA encrypt/decrypt service in .NET Core 2.0 and I currently use Key Vault Secrets for keeping RSA keys. But as far as I understand I could do this with Key Vault Keys, except it can't be done for now because KV Keys does not support encrypt/decrypt with 2048 long RSA keys... This is really confusing to me.

So, can I implement RSA encrypt/decrypt using 2048 keys with Azure Key Vault Keys or not?

Answer 1

Yes you can implement it using Azure Key Vault Keys.

Azure Key Vault release supports 2048-bit RSA key. This is a "soft" key, which is processed in software by Key Vault but is stored encrypted at rest using a system key that is in an HSM. Clients may import an existing RSA key or request that Azure Key Vault generate one.

Azure Key Vault supports the following operations on key objects:
Create: Allows a client to create a key in Azure Key Vault.
Import: Allows a client to import an existing key to Azure Key Vault.

Once a key has been created in Azure Key Vault, the following cryptographic operations may be performed using the key:

Sign and Verify: Strictly, this operation is "sign hash" or “verify hash” as Azure Key Vault does not support hashing of content as part of signature creation

Key Encryption / Wrapping: A key stored in Azure Key Vault may be used to protect another key, typically a symmetric content encryption key (CEK).

Encrypt and Decrypt: A key stored in Azure Key Vault may be used to encrypt or decrypt a single block of data, the size of which is determined by the key type and selected encryption algorithm.

Reference: Key Vault keys