Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PublicExponent does not work when using key vault to create an RSA/RSA-HSM key #19624

Closed
flyce opened this issue Nov 26, 2022 · 3 comments
Closed
Assignees
Labels
customer-reported Issues that are reported by GitHub users external to the Azure organization. Docs issue-addressed Workflow: The Azure SDK team believes it to be addressed and ready to close. KeyVault question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@flyce
Copy link

flyce commented Nov 26, 2022

Bug Report

imports:

github.com/Azure/azure-sdk-for-go/sdk/azcore v1.2.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.0
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.9.0

go version:

go1.18.2 darwin/arm64
  • What happened?
    PublicExponent does not work when using key vault to create an RSA/RSA-HSM key. When I created the key, I set PublicExponent to 3, but the E in the returned result is 65537
  • What did you expect or want to happen?
    The returned RSA exponent parameter is 3
  • How can we reproduce it?
    here is the sample code:
        var c int32 = 3
	var keySize int32 = 3072
	signResponse, err := client.KeyClient.CreateKey(context.TODO(), "test333", azkeys.CreateKeyParameters{
		Kty:            to.Ptr(azkeys.JSONWebKeyTypeRSA),
		KeySize:        &keySize,
		PublicExponent: &c,
	}, nil)
	if err != nil {
		log.Fatalf("failed to create the key due to %s", err.Error())
	}
  • Anything we should know about your environment.
    I used the rest api to create the key, but the set public exponent still doesn't work
#### Get token
POST https://login.microsoftonline.com/{{tenantId}}/oauth2/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id={{clientId}}&client_secret={{clientSecret}}&resource=https://vault.azure.net


### Create RSA-HSM key
POST {{vaultBaseUrl}}/keys/{{keyName}}/create?api-version=7.3
Content-Type: application/json
Authorization: {{token}}

{
    "kty": "RSA",
    "key_size": 3072,
    "key_ops": [
        "encrypt",
        "decrypt",
        "sign",
        "verify",
        "wrapKey",
        "unwrapKey"
    ],
    "public_exponent": 3
}
@ghost ghost added needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Nov 26, 2022
@ghost
Copy link

ghost commented Nov 26, 2022

Hi @flyce. Thank you for your feedback and we will look into it soon. Meanwhile, feel free to share your experience using the Azure SDK in this survey.

@jhendrixMSFT jhendrixMSFT added KeyVault and removed needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. labels Nov 28, 2022
@ghost ghost added the needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team label Nov 28, 2022
@chlowell
Copy link
Member

chlowell commented Dec 5, 2022

Thanks for opening this issue. This behavior is due to the service implementation. Key Vault keys always use 65537 for their exponent, ignoring any value for PublicExponent, which is observed only by the Managed HSM service. The SDK generates its documentation from the Key Vault REST API spec, which generally applies to both Key Vault and Managed HSM. I've opened a PR to update that spec to point out that this property applies only to Managed HSM.

@chlowell chlowell added Docs issue-addressed Workflow: The Azure SDK team believes it to be addressed and ready to close. and removed needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team labels Dec 5, 2022
@ghost
Copy link

ghost commented Dec 5, 2022

Hi @flyce. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text “/unresolve” to remove the “issue-addressed” label and continue the conversation.

@flyce flyce closed this as completed Dec 9, 2022
@github-actions github-actions bot locked and limited conversation to collaborators Apr 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
customer-reported Issues that are reported by GitHub users external to the Azure organization. Docs issue-addressed Workflow: The Azure SDK team believes it to be addressed and ready to close. KeyVault question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
None yet
Development

No branches or pull requests

3 participants