Reputation: 1961
How to determine the Encryption Algorithm for Azure.Security.KeyVault.Keys.Cryptography.CryptographyClient.Decrypt on Keys
The CryptographyClient requires EncryptionAlgorithm for the Decrypt operation. How can I determine what to use for a Self-Signed Key I created in OpenSSL or whatever for whatever key?
The EncryptionAlgorithm offers enum values of
Rsa15RsaOaepRsaOaep256
How do I choose out of the above if I already created Self-Signed RSA Key using OpenSSL?
Upvotes: 0
Views: 772
Answers (1)
Reputation: 3292
Those algorithms are encryption algorithms, not key types. Which you should use depends on your application. Rsa15 (algorithm "RSA1_5") is old and not recommended for secure applications. RsaOaep (algorithm "RSA-OAEP") is probably more prolific but uses SHA-1 to hash, so RsaOaep256 (algorithm (RSA-OAEP-256) is more secure since it uses SHA-256.
You can read about these algorithms from various sources including Wikipedia.
In the Key Vault SDK for C#, we also support those algorithms locally if you have the key material (like public key for encryption) locally, since those same algorithms are supported locally. Some algorithms may not always be supported, like EC keys on .NET Framework 4.6.1 which will throw a NotSupportedException.
Upvotes: 1
Related Questions
- Encryption with Azure Key Vault CryptographyClient - where is encrypt/decrypt happenning? my backend or Azure server side
- Retrieve AES key bytes
- CryptographyClient Decrypt throws 'Key does not exist' exception
- Which Encryption algorithm is used by EncryptByKey and EncryptByPass in Azure SQL database?
- Asp.net Core Data Protection decrypt Azure KeyVault keys
- Accessing AzureKeyVault
- CryptDeriveKey algorithm names
- Azure Key Vault Default Encryption?
- Azure Storage Client Side Encryption
- Fetching secrets from keyVault from Azure in c#