novotnyllc / rsakeyvaultprovider Goto Github PK
View Code? Open in Web Editor NEWEnables Azure Key Vault secrets and certificates to be used by .NET Crypto
License: MIT License
Enables Azure Key Vault secrets and certificates to be used by .NET Crypto
License: MIT License
I'm using v1.1.57 of the package. Is there instruction or docs on how to upgrade to the latest one?
Before I could:
CertificateBundle certificateBundle = await _keyVaultClient.GetCertificateAsync(_options.KeyVaultUrl, _options.RootCertificateId);
using var issuerCertificate = new X509Certificate2(certificateBundle.Cer);
using var rsaKeyVault = _keyVaultClient.ToRSA(certificateBundle.KeyIdentifier, issuerCertificate);
with 2.1.1 it says
'KeyVaultClient' does not contain a definition for 'ToRSA' and no accessible extension method 'ToRSA' accepting a first argument of type 'KeyVaultClient' could be found (are you missing a using directive or an assembly reference?)
Could you please suggest how to do the same with the new version?
Hi,
I have a question regarding to the disposability of KeyVaultClient:
The KeyVaultContext struct keeps a KeyVaultClient for its internally SignDigestAsync and DecryptDataAsync, then the RSAKeyVault keeps a KeyVaultContext inside.
All the "ToRSA" extension method constructs an RSAKeyVault with a KeyVaultContext, which means the KeyVaultClient should live along with the RSAKeyVault.
if the RSAKeyVault is used in a "singleton" manner, then it is impossible to dispose the KeyVaultClient?
Is it safe to keep the KeyVaultClient for long? a whole lifetime of the w3wp process for example.
Hi Novotny,
I have a piece of code that use SigningCredentials which in turn uses X509AsymmetricSecurityKey
new SigningCredentials(new X509AsymmetricSecurityKey(cert), securityAlgorithmSuite.DefaultAsymmetricSignatureAlgorithm, securityAlgorithmSuite.DefaultDigestAlgorithm, ski);
.NET's implementation of X509AsymmetricSecurityKey needs a full certificate. However, I'd like to perform the signing and decrypt operations on the Azure Key Vault to avoid fetching private keys into application's memory. Do you happen to know if there is any sample code, or is there a good approach? One approach I think of atm is to write an AzureKeyVaultX509AsymmetricSecurityKey and use your RSAKeyVault internally, i.e. to return it from
public override AsymmetricAlgorithm GetAsymmetricAlgorithm(string algorithm, bool privateKey)
Thanks for reading ๐
Most relevant to dotnet/sign is netstandard2.0
for RSAKeyVaultProvider and its dependency on Azure.Security.KeyVault.Keys.
E:\git\RSAKeyVaultProvider>dotnet list package --outdated
The following sources were used:
https://api.nuget.org/v3/index.json
C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\
https://dnceng.pkgs.visualstudio.com/public/_packaging/dotnet7/nuget/v3/index.json
https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json
Project `RSAKeyVaultProvider` has the following updates to its packages
[netstandard2.0]:
Top-level Package Requested Resolved Latest
> Azure.Security.KeyVault.Keys 4.2.0 4.2.0 4.4.0
> Microsoft.SourceLink.GitHub 1.0.0 1.0.0 1.1.1
> Nerdbank.GitVersioning 3.4.231 3.4.231 3.5.119
Project `RSAKeyVaultProvider.Tests` has the following updates to its packages
[netcoreapp2.1]:
Top-level Package Requested Resolved Latest
> Azure.Identity 1.4.0 1.4.0 1.8.0
> Azure.Security.KeyVault.Certificates 4.2.0 4.2.0 4.4.0
> Microsoft.IdentityModel.Clients.ActiveDirectory 5.2.9 5.2.9 5.3.0
> Microsoft.NET.Test.Sdk 16.10.0 16.10.0 17.4.1
> Microsoft.SourceLink.GitHub 1.0.0 1.0.0 1.1.1
> Nerdbank.GitVersioning 3.4.231 3.4.231 3.5.119
> Newtonsoft.Json 13.0.1 13.0.1 13.0.2
> xunit 2.4.1 2.4.1 2.4.2
> xunit.runner.visualstudio 2.4.3 2.4.3 2.4.5
[net47]:
Top-level Package Requested Resolved Latest
> Azure.Identity 1.4.0 1.4.0 1.8.0
> Azure.Security.KeyVault.Certificates 4.2.0 4.2.0 4.4.0
> Microsoft.IdentityModel.Clients.ActiveDirectory 5.2.9 5.2.9 5.3.0
> Microsoft.NET.Test.Sdk 16.10.0 16.10.0 17.4.1
> Microsoft.SourceLink.GitHub 1.0.0 1.0.0 1.1.1
> Nerdbank.GitVersioning 3.4.231 3.4.231 3.5.119
> Newtonsoft.Json 13.0.1 13.0.1 13.0.2
> xunit 2.4.1 2.4.1 2.4.2
> xunit.runner.visualstudio 2.4.3 2.4.3 2.4.5
Since it is EC and Key length is 256 bit the SignatureAlgorithmToJwsAlgId returns the SignatureAlgorithm.ES256 algorithm to be used in KeyVault while the correct would be to return SignatureAlgorithm.ES256K.
Not sure how to do that identification in a neat way to be honest. Maybe you guys know how to do it?
Hi,
I'm trying to find a code example (ECDSA) that will help me create and sign a new certificate by an existing ca certificate (already uploaded to KV).
I don't fully get the flow, if I'm correct it should be:
Can anyone post a basic code sample for that scenario?
Also, I'm not sure if this library is supported by the new "Azure.Security.KeyVault.Certificates" libraries instead of the older "Microsoft.Azure.KeyVault".
Thanks a lot for your help
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.