/// <summary>
/// Initializes a new instance of the KeyBundle class.
/// </summary>
/// <param name="key">The Json web key.</param>
/// <param name="attributes">The key management attributes.</param>
/// <param name="tags">Application specific metadata in the form of
/// key-value pairs.</param>
/// <param name="managed">True if the key's lifetime is managed by key
/// vault. If this is a key backing a certificate, then managed will be
/// true.</param>
public KeyBundle(Microsoft.Azure.KeyVault.WebKey.JsonWebKey key = default(Microsoft.Azure.KeyVault.WebKey.JsonWebKey), KeyAttributes attributes = default(KeyAttributes), IDictionary <string, string> tags = default(IDictionary <string, string>), bool?managed = default(bool?))
{
Key = key;
Attributes = attributes;
Tags = tags;
Managed = managed;
CustomInit();
}
/// <summary>
/// Initializes a new instance of the KeyImportParameters class.
/// </summary>
/// <param name="key">The Json web key</param>
/// <param name="hsm">Whether to import as a hardware key (HSM) or
/// software key.</param>
/// <param name="keyAttributes">The key management attributes.</param>
/// <param name="tags">Application specific metadata in the form of
/// key-value pairs.</param>
public KeyImportParameters(Microsoft.Azure.KeyVault.WebKey.JsonWebKey key, bool?hsm = default(bool?), KeyAttributes keyAttributes = default(KeyAttributes), IDictionary <string, string> tags = default(IDictionary <string, string>))
{
Hsm = hsm;
Key = key;
KeyAttributes = keyAttributes;
Tags = tags;
CustomInit();
}
/// <summary>
/// Initializes a new instance of the DeletedKeyBundle class.
/// </summary>
/// <param name="key">The Json web key.</param>
/// <param name="attributes">The key management attributes.</param>
/// <param name="tags">Application specific metadata in the form of
/// key-value pairs.</param>
/// <param name="managed">True if the key's lifetime is managed by key
/// vault. If this is a key backing a certificate, then managed will be
/// true.</param>
/// <param name="recoveryId">The url of the recovery object, used to
/// identify and recover the deleted key.</param>
/// <param name="scheduledPurgeDate">The time when the key is scheduled
/// to be purged, in UTC</param>
/// <param name="deletedDate">The time when the key was deleted, in
/// UTC</param>
public DeletedKeyBundle(Microsoft.Azure.KeyVault.WebKey.JsonWebKey key = default(Microsoft.Azure.KeyVault.WebKey.JsonWebKey), KeyAttributes attributes = default(KeyAttributes), IDictionary <string, string> tags = default(IDictionary <string, string>), bool?managed = default(bool?), string recoveryId = default(string), System.DateTime?scheduledPurgeDate = default(System.DateTime?), System.DateTime?deletedDate = default(System.DateTime?))
: base(key, attributes, tags, managed)
{
RecoveryId = recoveryId;
ScheduledPurgeDate = scheduledPurgeDate;
DeletedDate = deletedDate;
CustomInit();
}
///GENMHASH:3D1F4F9B31A1E4FAB317EE4E0C5C9528:5CADE1B284DC5DE1B854039B12712163
public KeyImpl WithLocalKeyToImport(Microsoft.Azure.KeyVault.WebKey.JsonWebKey key)
{
importKeyRequest = new ImportKeyRequest
{
VaultBaseUrl = vault.VaultUri,
KeyName = Name,
Key = key
};
return(this);
}
public static RSA GetKeysFromVault(KeyVaultClient keyVaultClient, string vaultBaseUrl, string keyName)
{
SecretBundle getKeyResult = keyVaultClient.GetSecretAsync(vaultBaseUrl, $"key-{keyName}").Result;
Microsoft.Azure.KeyVault.WebKey.JsonWebKey jsonWebKey =
JsonConvert.DeserializeObject <Microsoft.Azure.KeyVault.WebKey.JsonWebKey>(getKeyResult.Value);
RSA rsaKeys = jsonWebKey.ToRSA(true);
return(rsaKeys);
}
public static RSA CreateRSAKeysAndSaveInVault(KeyVaultClient keyVaultClient, string vaultBaseUrl, string keyName)
{
//Generate teh RSA Key
RSA rsaKeys = RSA.Create(2048);
Microsoft.Azure.KeyVault.WebKey.JsonWebKey rsaKeysJson = new Microsoft.Azure.KeyVault.WebKey.JsonWebKey(rsaKeys, true);
//save as KV Secret both public / private part of the Keys
SecretBundle keySetResult = keyVaultClient.SetSecretAsync(vaultBaseUrl, $"key-{keyName}", rsaKeysJson.ToString()).Result;
return(rsaKeys);
}
public static async Task Main()
{
var parametersPublic = default(RSAParameters);
var parametersPrivate = default(RSAParameters);
Console.WriteLine("Generating RSA key...");
using (var rsa = new RSACryptoServiceProvider(2048))
{
parametersPrivate = rsa.ExportParameters(true);
parametersPublic = rsa.ExportParameters(false);
}
var keyId = $"{Guid.NewGuid()}";
var key = new Microsoft.Azure.KeyVault.WebKey.JsonWebKey(parametersPrivate);
var keyPublic = new Microsoft.Azure.KeyVault.WebKey.JsonWebKey(parametersPublic);
key.Kid = keyId;
keyPublic.Kid = keyId;
var jsonPrivate = JObject.Parse(key.ToString());
jsonPrivate.Add("use", "sig");
jsonPrivate.Add("alg", "RS512");
var jsonPublic = JObject.Parse(keyPublic.ToString());
jsonPublic.Add("use", "sig");
jsonPublic.Add("alg", "RS512");
Console.WriteLine("Public Key");
Console.WriteLine(jsonPublic.ToString());
Console.WriteLine(Environment.NewLine);
Console.WriteLine("Private key");
Console.WriteLine(jsonPrivate.ToString());
Console.WriteLine(Environment.NewLine);
Console.WriteLine($"Writing public key to file {publicKeyFileName}.");
await File.WriteAllTextAsync(publicKeyFileName, jsonPublic.ToString());
Console.WriteLine(Environment.NewLine);
Console.WriteLine($"Writing private key to file {privateKeyFileName}.");
await File.WriteAllTextAsync(privateKeyFileName, jsonPrivate.ToString());
Console.Read();
}
/// <summary>
/// Get public key as a PEM formatted base64 encoded string.
/// </summary>
/// <param name="key">Key object to be formatted.</param>
/// <returns>PEM formatted string.</returns>
public static string GetPublicKey(Microsoft.Azure.KeyVault.WebKey.JsonWebKey key)
{
TextWriter outputStream = new StringWriter();
outputStream.WriteLine("-----BEGIN PUBLIC KEY-----");
var pkcs8Key = IsmUtils.ConvertJwkToPkcs8(key);
for (Int32 i = 0; i < pkcs8Key.Length; i += 64)
{
outputStream.WriteLine(pkcs8Key.ToCharArray(), i, (Int32)Math.Min(64, pkcs8Key.Length - i));
}
outputStream.WriteLine("-----END PUBLIC KEY-----");
return(outputStream.ToString());
}
public MockKeyVaultClient()
{
_rsa = new RSACryptoServiceProvider();
_rsa.ImportParameters(KeyingMaterial.RsaParameters_2048);
_key = new Microsoft.Azure.KeyVault.WebKey.JsonWebKey(_rsa, includePrivateParameters: false);
}
/// <summary>
/// Specifies an existing key to import.
/// </summary>
/// <param name="key">The existing JWK to import.</param>
/// <return>The next stage of the definition.</return>
Microsoft.Azure.Management.KeyVault.Fluent.Key.Definition.IWithImport Microsoft.Azure.Management.KeyVault.Fluent.Key.Definition.IWithKey.WithLocalKeyToImport(Microsoft.Azure.KeyVault.WebKey.JsonWebKey key)
{
return(this.WithLocalKeyToImport(key) as Microsoft.Azure.Management.KeyVault.Fluent.Key.Definition.IWithImport);
}
public PSKeyVaultKey ImportKey(string vaultName, string keyName, PSKeyVaultKeyAttributes keyAttributes, Microsoft.Azure.KeyVault.WebKey.JsonWebKey webKey, bool?importToHsm)
{
throw new NotImplementedException();
}
/// <summary>
/// Accepts a JSON Web Key public RSA key and converts it to a PKCS8 compatible DER encoded base64 encoded string.
/// </summary>
/// <param name="key">Key to convert</param>
/// <returns>Return string.</returns>
public static string ConvertJwkToPkcs8(Microsoft.Azure.KeyVault.WebKey.JsonWebKey key)
{
/*
* ASN.1 syntax using DER structure
*
* Public key file in PKCS#8:
* -----BEGIN PUBLIC KEY-----
* BASE64 ENCODED DATA
* -----END PUBLIC KEY-----
*
* Encoded data in DER structure:
*
* PublicKeyData = SEQUENCE {
* algorithmId AlgorithmID,
* publicKey PublicKey
* }
*
* AlgorithmID = SEQUENCE {
* algorithm OBJECT IDENTIFIER
* parameters [Optional Data]
* }
*
* PublicKey = BIT STRING {
* keyValues KeyValues
* }
*
* KeyValues = SEQUENCE {
* MODULUS INTEGER
* EXPONENT INTEGER
* }
*
*/
//
// Public key file PKCS8#8:
// -----BEGIN PUBLIC KEY-----
//
//
using (var s = new MemoryStream())
{
var DERWriter = new BinaryWriter(s);
// Begin
// PublicKeyData : SEQUENCE
DERWriter.Write((byte)0x30);
#region Write PublicKeyData SEQUENCE into writer
// Build inner sequence before we write length
using (var publicKeyDataStream = new MemoryStream())
{
var publicKeyDataWriter = new BinaryWriter(publicKeyDataStream);
// Begin
// AlgorithmId: SEQUENCE
// Start of sequence
publicKeyDataWriter.Write((byte)0x30);
#region Write AlgorithmID SEQUENCE into PublicKeyData SEQUENCE
{
// Write length of 13 bytes (this sequence is always the same in our case)
publicKeyDataWriter.Write((byte)0x0d);
// Begin
// algorithm: OBJECT IDENTIFIER
publicKeyDataWriter.Write((byte)0x06);
// Length of OID is 9 bytes
publicKeyDataWriter.Write((byte)0x09);
// Write RSA key OID:
// OID is 1.2.840.113549.1.1.1
publicKeyDataWriter.Write(new byte[] {
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01
});
// Begin
// parameters: [Optional Value]
// We don't have any parameters, so we write NULL
// Null identifier
publicKeyDataWriter.Write((byte)0x05);
// Null byte
publicKeyDataWriter.Write((byte)0x00);
}
#endregion
// Begin
// PublicKey: BIT STRING
// Identifier of bit string
publicKeyDataWriter.Write((byte)0x03);
#region Write PublicKey BIT STRING into PublicKeyData SEQUENCE
// Bit String Stream
using (var publicKeyStream = new MemoryStream())
{
var publicKeyWriter = new BinaryWriter(publicKeyStream);
// Number of unused bits: 0
publicKeyWriter.Write((byte)0x00);
// Begin
// KeyValues: SEQUENCE
publicKeyWriter.Write((byte)0x30);
#region Write keyValues SEQUENCE into PublicKey BIT STRING
using (var keyValuesStream = new MemoryStream())
{
var keyValuesWriter = new BinaryWriter(keyValuesStream);
#region MODULUS
// Begin
// Modulus: INTEGER
WriteIntegerDer(keyValuesWriter, key.N);
#endregion
#region EXPONENT
// Begin
// Exponent: INTEGER
WriteIntegerDer(keyValuesWriter, key.E);
#endregion
// Integerwriter (keyValues) is done.
// Write length of keyValues
WriteLengthDer(publicKeyWriter, (ulong)keyValuesStream.Length);
// Write keyValues SEQUENCE
publicKeyWriter.Write(keyValuesStream.GetBuffer(), 0, (int)keyValuesStream.Length);
}
#endregion
// keyValues SEQUENCE is done
// Finishing PublicKey BIT STRING
// Length of keyValues SEQUENCE into PublicKey BIT STRING
WriteLengthDer(publicKeyDataWriter, (ulong)publicKeyStream.Length);
// Write content keyValues SEQUENCE into PublicKey BIT STRING
publicKeyDataWriter.Write(publicKeyStream.GetBuffer(), 0, (int)publicKeyStream.Length);
}
#endregion
WriteLengthDer(DERWriter, (ulong)publicKeyDataStream.Length);
DERWriter.Write(publicKeyDataStream.GetBuffer(), 0, (int)publicKeyDataStream.Length);
}
#endregion
var base64String = Convert.ToBase64String(s.GetBuffer(), 0, (int)s.Length);
return(base64String);
}
}
