Reputation: 13
Generate certificate/private key pair from azure cli
I created a certificate in Azure keyvault. The csr was signed by a CA and I merged the response from the CA back into the keyvault.
I can download the crt using az keyvault download certificate, but how do I now extract the private key so that I can use this certificate for an httpd server.
Using az keyvault secret show gives the value in a base64 string. How can this be used to get the private key?
Upvotes: 1
Views: 167
Answers (1)
Reputation: 1262
You cannot export the private key: Is it possible to get the private key out of Azure Key Vault Keys?
However, you can perhaps generate the private key from your base64:
Java: How can I generate PrivateKey from a string?
+
Create PrivateKey and PublicKey from a String base64 encoding with DER format
Untested code, but a mix between this and from the above link might be the solution.
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
public class Main {
public static void main(String[] args) throws Exception {
String privateKeyString = "**your_base64_string_here**";
byte[] privateKeyBytes = Base64.getDecoder().decode(privateKeyString);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyBytes);
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey privateKey = kf.generatePrivate(keySpec);
System.out.println(privateKey);
}
}
Upvotes: 0
Related Questions
- How to create .pfx file from certificate and private key?
- Convert .pem to .crt and .key
- Azure key vault - downloaded certificate not same as imported certificate
- KeyVault certificate renew RSA key pair
- Azure key vault: Merge certificate
- Separating private key and certificate from azure key vault certificate
- How to give ASP.NET access to a private key in a certificate in the certificate store?
- azure login with service principal using certificate from keyvault
- Azure KeyVault - Use certificate and certificate private key