none
Is it possible to just import a public P256K EC key? RRS feed

  • Question

  • Hi all,

    I've been trying to import (KeyVaultClient.ImportAsync) a P-256K EC public key but always get the response of:

    {"error":{"code":"BadParameter","message":"EC key is not valid - cannot instantiate crypto service."}}

     For example:

    var jsonWebKey = new JsonWebKey(); jsonWebKey.CurveName = JsonWebKeyCurveName.P256K; jsonWebKey.Kty = "EC"; jsonWebKey.X = publicKey.XCoord.ToBigInteger().ToByteArray(); jsonWebKey.Y = publicKey.YCoord.ToBigInteger().ToByteArray(); jsonWebKey.KeyOps = new List<string> { "verify" };
    await client.ImportKeyAsync("https://xxxxx.vault.azure.net/", "key name", new KeyBundle { Key = jsonWebKey });

    However, when I specify jsonWebKey.D (the private key) the import is successful. In my case I'll only have the public key in production and just want to use the Verify functionality.

    Has anyone successfully done this?


    • Edited by Le Scriv Wednesday, June 19, 2019 8:48 AM
    Wednesday, June 19, 2019 8:48 AM

All replies

  • Hello,

    AFAIK, It is not possible to import just the public key to the key vault. Import always requires a private key.

    Ref: https://docs.microsoft.com/en-us/azure/key-vault/certificate-scenarios#import-a-certificate

    https://docs.microsoft.com/en-us/azure/key-vault/about-keys-secrets-and-certificates#key-vault-certificates

    Thursday, June 20, 2019 5:46 AM
    Moderator
  • I'm following up on this, please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions.

    Thanks!

    Wednesday, July 17, 2019 10:27 PM
    Moderator
  • I'm following up on this, please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions. Thanks
    Tuesday, July 30, 2019 11:22 PM
    Moderator