是否可以从Azure Key Vault密钥中获取私钥? [英] Is it possible to get the private key out of Azure Key Vault Keys?

问题描述

我在Azure密钥保管库中看到的所有数据加密/解密示例都使用keyVaultClient.DecryptAsync()方法在本地进行加密和在Azure自身内部进行解密.

All of the data encryption/decryption examples I have seen with Azure key Vault do the encryption locally and decryption within Azure itself by using the keyVaultClient.DecryptAsync() method.

我知道这是更安全的，因为私钥永远不会离开Azure并泄漏到您的应用程序代码中，但是，如果我也想在本地进行解密，我该如何取出私钥呢?

I understand that this is more secure as the private key never leaves Azure and leaks into your application code, but what if I want to do the decryption locally as well, how do i get the private key out?

我正在使用keyVaultClient.GetKeyAsync()，但是它似乎只包含公共密钥.

I am using keyVaultClient.GetKeyAsync() but it only seems to contain the public key.

Azure解密中的一个问题是，如果开发人员没有访问Azure的权限，就无法在开发环境中复制它.似乎没有Azure Key Vault的模拟器.

One of the issues I have with the in Azure decryption is that I can't replicate it in development environment without the developer having access to Azure. There does not seem to be an emulator for Azure Key Vault.

看来，实现我想要的唯一方法是使用Azure Key Vault Secret并在其中存储包含公钥/私钥的PFX证书?

It looks like the only way to achieve what I want is by using Azure Key Vault Secret and storing a PFX certificate containing public/private keys in it?

推荐答案

对不起，不.

Azure Key Vault不会支持EXPORT操作:一旦在系统中配置了密钥，就无法提取或修改其密钥材料.

Azure Key Vault does not support EXPORT operations: once a key is provisioned in the system it cannot be extracted or its key material modified.

您可以执行BACKUP，但唯一的好处就是还原到Azure.您无法在其他任何地方使用它.

You can do BACKUP, but all that's good for is a restore to Azure. You can't use it anywhere else.

这篇关于是否可以从Azure Key Vault密钥中获取私钥?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！