KeyVault signing using RS256 RRS feed

  • Question

  • Hello,

    I am trying to use keyvault to sign a simple string. 

    My request looks like this:

      "alg": "RS256",
      "value": "aGVsbG93b3JsZA=="

    The error I am getting is this:

        "error": {
            "code": "BadParameter",
            "message": "Invalid length of 'value': 10 bytes. RS256 requires 32 bytes, encoded with base64url."

    Does anyone have any insight as to what I am doing wrong? I using postman to submit my API requests.


    Wednesday, September 18, 2019 11:31 AM

All replies

  • You may be getting this error because the digest value of the Cryptographic key in Key Vault you are trying to sign is not computed using SHA-256. The application supplied digest value must be computed using SHA-256 and must be 32 bytes in length.  Please create the key with required bytes and digest value and trying using the POST operation.  Please refer to the documentation.
    Wednesday, September 18, 2019 6:46 PM
  • Hi,

    Thanks for the answer.

    I'm not 100% sure if that is the case. When I tried providing a base64 value that was 32 bytes in length it returned back the digital signature. However surely KeyVault should be able to sign content of various lengths?

    Essentially, what I'd like to do to is pass it a string and get back the signed digital signature.

    Thursday, September 19, 2019 1:00 PM
  • Sorry but this is not supported as for signing of RS256 it is required to have 32 bytes in length.  Please post this as a feedback UserVoice which will allow the community to upvote and for the product team to include into their plans.

    Please let me know if you find above reply useful. If yes, do click on 'Mark as answer' link in above reply. This will help other community members facing similar query to refer to this solution. Thanks.

    Friday, September 20, 2019 9:04 PM