如何从Azure Key Vault KeyBundle创建X509Certificate2对象 [英] How can I create an X509Certificate2 object from an Azure Key Vault KeyBundle
问题描述
我正在使用Azure Key Vault保护我们的密钥和机密,但是我不确定如何使用通过.net SDK检索到的KeyBundle.如何创建X509Certificate2对象?
I am using Azure Key Vault to protect our keys and secrets, but I am unsure how I can use the KeyBundle I retrieve using the .net SDK. How can I create an X509Certificate2 object?
推荐答案
在KeyVault中导入/创建证书时,将创建3个实体:
When you import / create a certificate in KeyVault, 3 entities are created:
-
证书-包含有关证书的所有相关详细信息,包括其公开部分(即公钥,有效期,指纹等)
Certificate - contains all the relevant details about the certificate, including its public part (i.e. public key, validity period, thumbprint etc.)
秘密-在base64中包含私有密钥(这是证书的私有部分)
Secret - contains the private key (which is the private part of the certificate) in base64
键-我不知道,但是与该线程无关.
Key - I don't know, but irrelevant for this thread.
您可以使用证书对象或秘密对象创建 X509Certificate2
对象.
You could create X509Certificate2
object with either the Certificate object or the Secret object.
如果您希望 X509Certificate2
包含私钥,那么您当然需要获取Secret实体的值并执行以下操作:
In case you want the X509Certificate2
to contain the private key, then of course you would need to fetch the Secret entity's value and do the following:
SecretBundle certificatePrivateKeySecretBundle =
await keyVaultClient.GetSecretAsync(certificateIdentifierSecretPart);
byte[] privateKeyBytes = Convert.FromBase64String(certificatePrivateKeySecretBundle.Value);
X509Certificate2 certificateWithPrivateKey = new X509Certificate2(privateKeyBytes, (string) null, X509KeyStorageFlags.MachineKeySet);
certificateIdentifierSecretPart
等于证书的秘密部分路径: https://< vault名称> .vaults.azure.net/secrets/<证书名称>
The certificateIdentifierSecretPart
equals the certificate's secret part path:
https://<vault name>.vaults.azure.net/secrets/<certificate name>
请注意/secrets/路径.
这篇关于如何从Azure Key Vault KeyBundle创建X509Certificate2对象的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!