Azure Key Vault:将证书与EC或HSM密钥类型一起使用 [英] Azure Key Vault: Using certificate with EC or HSM key types
问题描述
我的应用程序主要处理针对SAML消息的加密操作,这意味着它需要证书来进行签名,加密以及通过元数据交换公钥。该应用程序仅使用普通证书查找,例如
由makecert生成或从证书供应商处购买。既然我想添加对Azure Key Vault的支持,我发现那里的生活更有趣。
首先它还有证书,我几乎可以使用它 - 使用Novotny的优秀图书馆 https://github.com/onovotny/RSAKeyVaultProvider 。但是,证书仅支持
RSA和Azure Key Vault。 has Key支持另外3种关键类型:EC,RSA-HSM和EC-HSM(加上Elliptic Curse Name选项)。
由于我的应用程序的性质,我似乎有使用证书,而不是密钥。有没有办法创建使用EC / RSA-HSM / EC-HSM的证书?
Azure Key Vault专用HSM提供怎么样?
感谢您阅读,
Thuan。
Azure Key Vault支持使用EC / RSA-HSM / EC-HSM签名的证书创建。但是,这不能通过Portal UI或PowerShell获得。 请在下面找到REST API和.NET SDK详细信息 -
请参阅 文档 决定在Azure Key
Vault上使用Azure专用HSM。
My application mainly deals with cryptographic operations against SAML messages, which means it needs a certificate to do signing, encryption, and to exchange public key via metadata. The application works just find with normal certificates, e.g. ones that are generated by makecert or buy from a cert vendors. Now that I want to add support for Azure Key Vault and I've found out that life is a bit more interesting there.
First of all it also has certificate which I can use almost as-is using Novotny's excellent library https://github.com/onovotny/RSAKeyVaultProvider. However, the certificate only supports RSA and Azure Key Vault also has Key that supports 3 more key types: EC, RSA-HSM, and EC-HSM (plus Elliptic Curse Name options).
Because of the nature of my application, it seems I have to use certificates, not keys. Is there a way to create certificates that use either EC/RSA-HSM/EC-HSM?
And how about Azure Key Vault Dedicated HSM offer?
Thank you for reading,
Thuan.
Azure Key Vault supports certificate creation that uses EC/RSA-HSM/EC-HSM signing. This is however, not available via the Portal UI or PowerShell. Please find the REST API and .NET SDK details below -
Please refer to the documentation on deciding to use Azure Dedicated HSM over Azure Key Vault.
这篇关于Azure Key Vault:将证书与EC或HSM密钥类型一起使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!