Azure Key Vault API 的有效 WebKeyTypes 列表是什么
What are the valid list of WebKeyTypes for Azure Key Vault API
我正在尝试在 Azure Key Vault via the API KeyVaultClient.CreateKeyAsync 中创建一个新密钥:
public Task<KeyBundle> CreateKeyAsync (
string vaultAddress,
string keyType,
KeyAttributes keyAttributes)
keyType 的文档是:
The type of key to create (one of the valid WebKeyTypes)
什么是有效的 WebKeyType??
我搜索了 MSDN 文档,但没有找到任何内容。 Powershell调用好像不需要这个参数??:
Parameter Set: Create
Add-AzureKeyVaultKey
[-VaultName] <String>
[-Name] <String>
-Destination <String> {HSM | Software}
[-Disable]
[-Expires <DateTime]> ]
[-KeyOps <String[]> ]
[-NotBefore <DateTime]> ]
[-Tags <System.Collections.Hashtable> ]
[ <CommonParameters>]
拆解 Microsoft.Azure.KeyVault.dll 后,CreateKeyAsync 想要的 KeyType 看起来像这样:
/// <summary>Supported JsonWebKey key types (kty)</summary>
public static class JsonWebKeyType
{
public const string EllipticCurve = "EC";
public const string Rsa = "RSA";
public const string RsaHsm = "RSA-HSM";
public const string Octet = "oct";
}
我尝试使用 JsonWebKeyType.Octet,但现在我收到一个新错误,但这是一个新问题。
正在查看 Azure KeyVault SDK on Github, only thing I was able to find was JsonWebKeyTypes 的源代码。根据源代码,以下是可能的值:
public const string EllipticCurve = "EC";
public const string Rsa = "RSA";
public const string RsaHsm = "RSA-HSM";
public const string Octet = "oct";
但是看着 REST API documentation,我相信目前只支持 RSA 和 RSA-HSM。
它实际上记录在 Key Vault MSDN page:
The initial Azure Key Vault release supports RSA keys only; future
releases may support other key types such as symmetric and elliptic
curve.
- RSA: A 2048bit RSA key. This is a "soft" key, which is processed in software by Key Vault but is stored encrypted at rest using a system
key that is in an HSM. Clients may import an existing RSA key or
request that Azure Key Vault generate one.
- RSA-HSM: An RSA key that is processed in an HSM. RSA-HSM keys are protected in one of the Azure Key Vault HSM Security Worlds (there is
a Security World per geography to maintain isolation). Clients may
import a RSA key, either in soft form or by exporting from a
compatible HSM device, or request that Azure Key Vault generate one.
This key type adds the T attribute to the JWK obtain to carry the HSM
key material.
截至撰写本文时,Key Vault 不支持 EC 和 oct 密钥。
我正在尝试在 Azure Key Vault via the API KeyVaultClient.CreateKeyAsync 中创建一个新密钥:
public Task<KeyBundle> CreateKeyAsync (
string vaultAddress,
string keyType,
KeyAttributes keyAttributes)
keyType 的文档是:
The type of key to create (one of the valid WebKeyTypes)
什么是有效的 WebKeyType??
我搜索了 MSDN 文档,但没有找到任何内容。 Powershell调用好像不需要这个参数??:
Parameter Set: Create
Add-AzureKeyVaultKey
[-VaultName] <String>
[-Name] <String>
-Destination <String> {HSM | Software}
[-Disable]
[-Expires <DateTime]> ]
[-KeyOps <String[]> ]
[-NotBefore <DateTime]> ]
[-Tags <System.Collections.Hashtable> ]
[ <CommonParameters>]
拆解 Microsoft.Azure.KeyVault.dll 后,CreateKeyAsync 想要的 KeyType 看起来像这样:
/// <summary>Supported JsonWebKey key types (kty)</summary>
public static class JsonWebKeyType
{
public const string EllipticCurve = "EC";
public const string Rsa = "RSA";
public const string RsaHsm = "RSA-HSM";
public const string Octet = "oct";
}
我尝试使用 JsonWebKeyType.Octet,但现在我收到一个新错误,但这是一个新问题。
正在查看 Azure KeyVault SDK on Github, only thing I was able to find was JsonWebKeyTypes 的源代码。根据源代码,以下是可能的值:
public const string EllipticCurve = "EC";
public const string Rsa = "RSA";
public const string RsaHsm = "RSA-HSM";
public const string Octet = "oct";
但是看着 REST API documentation,我相信目前只支持 RSA 和 RSA-HSM。
它实际上记录在 Key Vault MSDN page:
The initial Azure Key Vault release supports RSA keys only; future releases may support other key types such as symmetric and elliptic curve.
- RSA: A 2048bit RSA key. This is a "soft" key, which is processed in software by Key Vault but is stored encrypted at rest using a system key that is in an HSM. Clients may import an existing RSA key or request that Azure Key Vault generate one.
- RSA-HSM: An RSA key that is processed in an HSM. RSA-HSM keys are protected in one of the Azure Key Vault HSM Security Worlds (there is a Security World per geography to maintain isolation). Clients may import a RSA key, either in soft form or by exporting from a compatible HSM device, or request that Azure Key Vault generate one. This key type adds the T attribute to the JWK obtain to carry the HSM key material.
截至撰写本文时,Key Vault 不支持 EC 和 oct 密钥。