When importing an elliptic curve key of the type SECP256K1 (it might also be the case for other types, but I have only tested this type) into a Key Vault through the Azure CLI, the Elliptic curve name is set to a value which is incompatible with the Azure.Security.KeyVault.Cryptography and Azure.Security.KeyVault.Keys libraries.
Importing the key through Azure.Security.KeyVault.Keys using a KeyClient or creating a P-256K key directly through the Key Vault, the Elliptic curve name will be set as P-256K, but when using the Azure CLI, the type will be set as SECP256K1.
Both P-256K and SECP256K1 refer to the same curve.
When using the Key Vault to perform operations with the ES256K algorithm through Azure.Security.KeyVault.Keys.Cryptography using the key, an exception will be thrown with the following error message:
Key and signing algorithm are incompatible. Key uses curve 'SECP256K1', and algorithm 'ES256K' can only be used with curve 'P-256K'.
Describe the bug
When importing an elliptic curve key of the type SECP256K1 (it might also be the case for other types, but I have only tested this type) into a Key Vault through the Azure CLI, the
Elliptic curve name
is set to a value which is incompatible with theAzure.Security.KeyVault.Cryptography
andAzure.Security.KeyVault.Keys
libraries.Importing the key through
Azure.Security.KeyVault.Keys
using aKeyClient
or creating a P-256K key directly through the Key Vault, theElliptic curve name
will be set as P-256K, but when using the Azure CLI, the type will be set as SECP256K1.Both P-256K and SECP256K1 refer to the same curve.
When using the Key Vault to perform operations with the ES256K algorithm through
Azure.Security.KeyVault.Keys.Cryptography
using the key, an exception will be thrown with the following error message:To Reproduce
Generating a key:
Importing the key through Azure CLI:
Importing the key through
Azure.Security.KeyVault.Keys
:The following code will throw an exception on the second line if the key was imported using Azure CLI:
Expected behavior
A valid
SignResult
without any exceptions thrown as when the key is imported throughAzure.Security.KeyVault.Keys
.Environment summary
All .NET runs with:
.NET 5.0 SDK @ 5.0.301 Azure.Identity @ 1.4.0 Azure.Security.KeyVault.Keys @ 4.1.0
Ubuntu 20.04 Desktop:
Windows 10 20H2:
Ubuntu 20.04 on Windows 10 20H2 using WSL1:
Additional context