Create RSA key pair and retrieve public key in Azure key vault

4
votes

We have a requirement to create RSA key pair using Azure key vault and copy the RSA public key to external system. The requirement is the external system will encrypt the data using public key and internal system will talk to azure key vault and de-crypt the data. I don't have access to Azure key vault yet, so going through the documentation. I have two basic questions:

  1. Is there a way to export the RSA public key in a text format using Azure portal without using API (https://docs.microsoft.com/en-us/rest/api/keyvault/getkey/getkey).

  2. If I don't select 'set activation' or 'set expiration' date while creating the keys, will the key expire? Do they have a default expiration value?

Thanks in advance.

1
azureazure-keyvault

1 Answers

3
votes

Is there a way to export the RSA public key in a text format using Azure portal without using API

The only way to export the key in the portal is Download Backup, you will get a file like xxxxvault1-testkey-20181227.keybackup, but the key will be encrypted, it could not be used outside the Azure Key Vault system.

If you want to export the key that will not be encrypted, you could use Azure CLI:

 az keyvault key show --vault-name 'keyvaultname' --name 'testkey' --version 'e8dfb0f7b7a045b5a1e80442af833270' > C:\Users\joyw\Desktop\output.txt

It will export the key as a file output.txt.

If I don't select 'set activation' or 'set expiration' date while creating the keys, will the key expire? Do they have a default expiration value?

AFAIK, if you don't set expiration date, it will never expire.