Open snehasish967 opened 1 week ago
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @jlichwa @RandalliLama @schaabs.
Hi @snehasish967, thank you for opening this issue. To help my understanding, would you be able to explain in a little more detail how you are calling the wrapKey
API when not using the SDK? The wrapped key value comes back from the service base64url-encoded. The SDK handles converting to and from raw bytes and the Base64 representation for you, but you won't get this functionality if you are calling the API directly. If you pass the Base64 encoded string you get from the REST API to the SDK without decoding it, things won't work as you would expect. Base64 encoded data take up more bytes than the number of bytes in the underlying data which would explain the discrepancy you are seeing.
Can you try using Buffer.from(wrappedDEK, "base64")
when creating the buffer from the value you get from the REST API? This would decode the Base64 string properly into the underlying bytes.
Hi @snehasish967. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue.
Hi @snehasish967, we're sending this friendly reminder because we haven't heard back from you in 7 days. We need more information about this issue to help address it. Please be sure to give us your input. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!
Describe the bug
CryptographyClient.unwrapKey
from@azure/keyvault-keys
is not able to unwrap a key which was wrapped using Azure API. It throws the errorUnable to decrypt specified value with this key
. However, if I usecryptographyClient.wrapKey
to wrap the key (say it giveswrappedDEKLib
), the unwrapping works fine.To Reproduce Steps to reproduce the behavior:
1a4cc8e6699527506...
), let's call itorgDEK
.orgDEK
with a master key (saymasterKey
of type RSA, 2048-bit) and RSA1_5 algorithm, using wrapKey API of Azure Key-vault, let's say the result iswrappedDEK
(342 characters).Try to unwrap
wrappedDEK
withCryptographyClient.unwrapKey
, like the following:Expected behavior
wrappedDEK
should be unwrapped (unwrappedDEK
) to provideorgDEK
.Additional context Note:
Buffer.from(wrappedDEK)
gives a buffer of 342 bytes, however,wrappedDEKLib.result
is a buffer of 256 bytes. This is the StackOverflow question which corresponds to this issue.