RSAKeyVaultProvider

Release 2.1.1

Enables Key Vault keys and certificates to be used anywhere RSA or ECDsa is within .NET's crypto ecosystem

Homepage NuGet C# Download

Keywords
.NET, ECDSA, Key, RSA, Vault, cryptography, key-vault, x509
License
MIT
Install
Install-Package RSAKeyVaultProvider -Version 2.1.1

Documentation

About

The RSAKeyVaultProvider enables you to use secrets and certificates stored in an Azure Key Vault for performing signing and decryption operations. (Encrypt and verify can be done locally with the public key material.) The type derives from RSA so can be used anywhere an AsymmetricAlgorithm can be, including with SignedXml types.

Package

NuGet: RSAKeyVaultProvider
RSAKeyVaultProvider

CI feed is on Azure Artifacts: https://pkgs.dev.azure.com/clairernovotny/GitBuilds/_packaging/RSAKeyVaultProvider/nuget/v3/index.json
RSAKeyVaultProvider package in RSAKeyVaultProvider feed in Azure Artifacts

Setup

To run these tests, you'll need to import a code signing certificate into an Azure Key Vault. You can do this by importing the PFX for certs you already have, or, the harder way, by generating a CSR in the HSM and using that for an EV Code Signing certificate. You will also need to create a new RSA key using Add-AzureKeyVaultKey or the UI mentioned below. Use the key name as the azureKeyVaultKeyName in the config and the certificate name as the azureKeyVaultCertificateName.

You can also use the Azure Portal to generate a new key and certificate. In the cetificate make sure to go to the advanced policies and select "Data Encipherment" so that it can do the decrypt tests.

Create a service principal / application and grant it access to the Key Vault with the following permissions:

Category Permission
Key Get, Sign, Decrypt
Certificate Get

You'll need to drop a json file called azure-creds.json in the tests private directory with the following values:

{
  "clientId": "",
  "clientSecret": "",
  "tenantId": "",
  "azureKeyVaultUrl": "",
  "azureKeyVaultCertificateName": "",
  "azureKeyVaultKeyName": "" 
}

Azure Key Vault Explorer

There's a handy GUI for accessing Key Vault and includes support for importing certificates: https://github.com/elize1979/AzureKeyVaultExplorer

The app defaults to logging into an @microsoft.com account, so if you want to connect to a different directory, you need to change the settings first. Change the Authority to https://login.windows.net/common and edit the DomainHints value to have your AAD domain(s) in it.

Stats

Dependencies
1
Dependent packages
4
Dependent repositories
4
Total releases
8
Latest release
First release
Stars
24
Forks
8
Watchers
3
Contributors
5
Repository size
195 KB
SourceRank
13

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

2.1.1
2.0.16
2.0.15
1.1.57
1.1.22
1.0.1
1.0.0
1.0.0-preview.1.build.10

Contributors

dependabot-preview[bot] Claire Novotny Kévin Chalet arhandres Kevin Jones


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2023-12-02 00:03:22 UTC

Login to resync this project