我正在尝试将椭圆曲线的公共部分导入 Azure Key Vault。当我包含私有和公共部分(即 D、X 和 Y 字段)时,请求成功,但是如果我仅提交公共部分(即 X 和 Y 字段),我会收到错误“EC 密钥不是有效 - 无法实例化加密服务。”
下面是使用两个不同标识符向 Azure Key Vault 提交相同密钥的两个请求;第一个请求包含私钥信息(并且成功),第二个请求仅包含公钥信息并返回所描述的错误。
带有私人信息的第一个示例:
PUT https://XXX.vault.azure.net/keys/f851dad4-3a02-4039-90fa-6aed47fa06f0?api-version=7.4 HTTP/1.1
Host: XXX.vault.azure.net
Authorization: Bearer XXX
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 274
{"kid":"f851dad4-3a02-4039-90fa-6aed47fa06f0","key":{"kid":"f851dad4-3a02-4039-90fa-6aed47fa06f0","kty":"EC","crv":"P-256","d":"Wjdwwdd2dnf9QT6KqXsexBSs0DEbnKsfj0vW3fNkvJo","x":"U4h1986Oy6ARYQxIBU3JRGIuHA_GhWcPT1zwYAaG9Rg","y":"8_-7MQY-fiY2UvBcgnNtSqrs1AeoNxXvo-21mn8dKJs"}}
第二个示例,不含私人信息:
PUT https://XXX.vault.azure.net/keys/f851dad4-3a02-4039-90fa-6aed47fa06f9?api-version=7.4 HTTP/1.1
Host: XXX.vault.azure.net
Authorization: Bearer XXX
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 224
{"kid":"f851dad4-3a02-4039-90fa-6aed47fa06f9","key":{"kid":"f851dad4-3a02-4039-90fa-6aed47fa06f9","kty":"EC","crv":"P-256","x":"U4h1986Oy6ARYQxIBU3JRGIuHA_GhWcPT1zwYAaG9Rg","y":"8_-7MQY-fiY2UvBcgnNtSqrs1AeoNxXvo-21mn8dKJs"}}
第二个请求的响应:
HTTP/1.1 400 Bad Request
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 102
Content-Type: application/json; charset=utf-8
Expires: -1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Date: Thu, 27 Jul 2023 13:34:44 GMT
{"error":{"code":"BadParameter","message":"EC key is not valid - cannot instantiate crypto service."}}