This repository has been archived by the owner on Oct 12, 2023. It is now read-only.
Local ECKey signatures are not compatible with Key Vault service signatures #58
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The Azure Key Vault service returns ECDSA signatures in "raw" format (the same used by Windows bcrypt and ncrypt APIs). The Java Crypto provider (SunEC) which the local ECKey implementation uses ASN.1 DER format. Because of this signatures created by the service cannot be verified using the local ECKey and vice versa. The ECKey implementation must be updated to issue and accept signatures in "raw" format.
The text was updated successfully, but these errors were encountered: