Skip to content

Key Vault keys API: Add OKP key type and EdDSA digital signature #15943

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
docschmidt wants to merge 2 commits into from
Closed

Key Vault keys API: Add OKP key type and EdDSA digital signature #15943

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8eaf332
Add OKP key type and EdDSA digital signature
docschmidt Sep 7, 2021
d29fcc0
Merge branch 'Azure:main' into feature/mhsm-eddsa
docschmidt Sep 9, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 37 additions & 10 deletions specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.3-preview/keys.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1323,7 +1323,9 @@
"RSA",
"RSA-HSM",
"oct",
"oct-HSM"
"oct-HSM",
"OKP",
"OKP-HSM"
Comment on lines +1327 to +1328
Copy link
Copy Markdown
Member

@heaths heaths Sep 7, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is news to the Azure SDK team for 7.3-preview. Should this be in 7.4-preview?

/cc @jlichwa @maorleger

Copy link
Copy Markdown
Member

@heaths heaths Sep 7, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If it is intended for 7.3-preview, is it supported in Key Vault and or Managed HSM? Do RPs in the public clouds already support it? If not, when? We need time to add support, write up tests, and record new sessions.

Copy link
Copy Markdown
Contributor

@jlichwa jlichwa Sep 8, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes I was not aware of this either, and I agree that it is likely 7.4....

Copy link
Copy Markdown
Contributor Author

@docschmidt docschmidt Sep 8, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed this offline with Jack. I will cancel this PR, wait for 7.4-preview availability, and resubmit.

Copy link
Copy Markdown
Contributor Author

@docschmidt docschmidt Sep 8, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Regarding 7.4-preview, what is the ETA for the branch/folder?

Copy link
Copy Markdown
Member

@heaths heaths Sep 8, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's already created but needs a PR to fully prep it. @jhendrixMSFT or @lmazuel can you merge PR #15900 ?

],
"x-ms-enum": {
"name": "JsonWebKeyType",
Expand Down Expand Up @@ -1352,6 +1354,14 @@
{
"value": "oct-HSM",
"description": "Octet sequence (used to represent symmetric keys) which is stored the HSM."
},
{
"value": "OKP",
"description": "Octet key pair (https://tools.ietf.org/html/rfc8037)"
},
{
"value": "OKP-HSM",
"description": "Octet key pair (https://tools.ietf.org/html/rfc8037) with a private key which is stored in the HSM."
}
]
}
Expand All @@ -1376,7 +1386,7 @@
"d": {
"type": "string",
"format": "base64url",
"description": "RSA private exponent, or the D component of an EC private key."
"description": "RSA private exponent, or the D component of an EC or OKP private key."
},
"dp": {
"x-ms-client-name": "DP",
Expand Down Expand Up @@ -1424,7 +1434,8 @@
"P-256",
"P-384",
"P-521",
"P-256K"
"P-256K",
"Ed25519"
],
"x-ms-enum": {
"name": "JsonWebKeyCurveName",
Expand All @@ -1445,14 +1456,18 @@
{
"value": "P-256K",
"description": "The SECG SECP256K1 elliptic curve."
},
{
"value": "Ed25519",
"description": "The Ed25519 Edwards-curve."
}
]
}
},
"x": {
"type": "string",
"format": "base64url",
"description": "X component of an EC public key."
"description": "X component of an EC or OKP public key."
},
"y": {
"type": "string",
Expand Down Expand Up @@ -1654,7 +1669,9 @@
"RSA",
"RSA-HSM",
"oct",
"oct-HSM"
"oct-HSM",
"OKP",
"OKP-HSM"
],
"x-ms-enum": {
"name": "JsonWebKeyType",
Expand All @@ -1678,7 +1695,8 @@
"P-256",
"P-384",
"P-521",
"P-256K"
"P-256K",
"Ed25519"
],
"x-ms-enum": {
"name": "JsonWebKeyCurveName",
Expand All @@ -1700,7 +1718,9 @@
"RSA",
"RSA-HSM",
"oct",
"oct-HSM"
"oct-HSM",
"OKP",
"OKP-HSM"
],
"x-ms-enum": {
"name": "JsonWebKeyType",
Expand Down Expand Up @@ -1757,7 +1777,8 @@
"P-256",
"P-384",
"P-521",
"P-256K"
"P-256K",
"Ed25519"
],
"x-ms-enum": {
"name": "JsonWebKeyCurveName",
Expand Down Expand Up @@ -1939,7 +1960,8 @@
"ES256",
"ES384",
"ES512",
"ES256K"
"ES256K",
"EdDSA"
],
"x-ms-enum": {
"name": "JsonWebKeySignatureAlgorithm",
Expand Down Expand Up @@ -1988,6 +2010,10 @@
{
"value": "ES256K",
"description": "ECDSA using P-256K and SHA-256, as described in https://tools.ietf.org/html/rfc7518"
},
{
"value": "EdDSA",
"description": "Edwards-curve digital signature, as described in https://tools.ietf.org/html/rfc8032."
}
]
}
Expand Down Expand Up @@ -2021,7 +2047,8 @@
"ES256",
"ES384",
"ES512",
"ES256K"
"ES256K",
"EdDSA"
],
"x-ms-enum": {
"name": "JsonWebKeySignatureAlgorithm",
Expand Down