I want to aquire a token from an Azure app registration with a certificate.
I followed the instructions here and generated a self signed certificate with Powershell. I also imported the public key into the portal.
But if I want to access the app via .NET, I need to provide the following MSAL configuration:
The CertificateFileContents is just the public key I exported from the certgmgr. But what should I put as the CertificatePass? Is this a hash? Or a private key? I could not find anything in the docs and also the link above does not give me any advice...
Also I do not really understand why the private key is not imported to the portal?
In my experience, CertificatePass should be required when you export a private key.
This document has such content before:
Export the private key, specify a password for the cert file, and
export to a file.
But now it only tells you to export a public key. You can see details from this issue.
So based on the SharePoint document, if you are reading a PFX file from your local machine, I think you should use private key with a password.
Okay, the CertificatePass was the password for the certificate itself.
The Azure Portal itself only holds the public key.
The client application needs to provide the whole certificate with private and public key.
If you export a private/public key from certificate manager in Windows 10, you will not be able to directly export this as base64, but you can create a pfx file.
Those files can later be encoded to Base64 with a tool of your choice. For example this.
The password for your certificate has to be the CertificatePass, the FileContents are the Base64 public and private key, but decrypted with the password.
This is of course only an approach for testing purpose. In a production environment you would rather use key vault or something similar to not have any secrets in your appsettings.json.
Related
Correct me if I am wrong, but if a byte of an app is changed then the signature of the app changes too. But in this library https://github.com/javiersantos/PiracyChecker in section verify signature there is written that we shoud save the signature in a variable and check if it is correct. I tried it and it works. But if we save signature inside a variable that means the app is changed which means the signatue is changed also and then it can't pass the check wright? So how is that possible?
how does a signature check works?
I now understand it. When a private key creates a certificate, then that certificate can be checked using the public key. But the piracy check included is using the public key or hash of the public key and NOT the whole apk digital signature. When any part of the app is changed there is a high probability that the app digital signature changes. On the other hand, using a public key or hash of a public key inside the piracy check enables us to sign the app using our private key. The piracy check verifies if the app is signed with the equal public key or hash of the public key that is stored inside the code.
I am trying to decrypt a sting in azure function using private key . The code is working fine on my local PC but when i try to execute the code via azure function deployed it is throwing error 500 .
I am new to azure hence seeking some good advice . After disabling few method inside the code i found out the method that is actually breaking the code. Below is the code part when commented function is giving 200 response but not the actual output because this code is decrypting the key .
using (var rsa = RSAWrapper.Create())
{
rsa.ImportPkcs8PrivateKey(Convert.FromBase64String(privkey), out _); // passing the private key here
byte[] data = Convert.FromBase64String(input);
byte[] bytesEncrypted = rsa.Decrypt(data, RSAEncryptionPadding.Pkcs1);
output = Convert.ToBase64String(bytesEncrypted);
}
return output;
}
Please check the below steps if that helps to:
I am currently passing private key hardcoded in a string in azure function . on local is is working but not via Azure function . Are there any security settings at azure function to consume private key ?
AFAIK, you can secure the RSA Private Keys using Azure Key Vault instead of hardcoding in the Azure Functions Project.
As we know that Azure Key Vault is the place where we can store/import/maintain the keys and secrets essential for our cloud applications and where we do not have direct access to it.
Here is an article you can find the practical workaround that retrieves Azure Key Vault Secrets using Azure Functions and Managed Service Identity.
Here are the few references that helps you the issues recorded on storing the RSA private keys/certificates on Azure key vault along with their resolution discussions:
Is it possible to put RSA Private Keys in Azure Key Vault Certificates?
https://github.com/MicrosoftDocs/azure-docs/issues/50164
I am trying to create SFTP lined service (Using keys) in azure data factory.
Soruce (SFTP) team has shared public key.
But in ADF, it is asking for private key content and pass phrase.
Please help me if this is somthing source team has to share the pass phrase and private key content or do I need to generate these keys using public key shared by source.
Regards,
Srinivas.
Convert your public key file into base64 string (On MAC: run in terminal base64 -i youkey.pub) then you can use that value for privateKeyContent
In adf connector authenticationType change to SshPublicKey.
passPhrase - is required only if you key is protected with password.
Also i would suggest you to store those sensitive data in keyvault
I am working on a basic-network project on Hyperledeger Fabric V-1.4.1. I have enrolled an admin and created a user using enrollAdmin.js and registerUser.js. A public Key and a private key is generated for user1. Now I want to use that private key to sign simple data and later verify using the public Key. I have tried using URSA node module which works fine with RSA keys generated through OpenSSL but isn't working with these two keys. Probably because these keys are not RSA, they are ECDSA keys. I have also read the documentation of the Crypto node module and it seems I need to have .pem files as keys to use in Crypto module. But In fabric, I have key files as -priv and -pub format.
Is there any node module that can encrypt decrypt using ECDSA keys?
Is there any specific way in hyperledger fabric to do this?
Or is there any other way I can do this thing? Please ask any questions if necessary.
Thank you.
The two formats you see
priv
pub
Are wallet formate of filestorage
Try to register an identity and enroll with fabric-CA by importing identity service then you will receive certificate and private key just put it in a file and mark the extension as pem and it will work
We have a requirement to create RSA key pair using Azure key vault and copy the RSA public key to external system. The requirement is the external system will encrypt the data using public key and internal system will talk to azure key vault and de-crypt the data. I don't have access to Azure key vault yet, so going through the documentation. I have two basic questions:
Is there a way to export the RSA public key in a text format using Azure portal without using API (https://learn.microsoft.com/en-us/rest/api/keyvault/getkey/getkey).
If I don't select 'set activation' or 'set expiration' date while creating the keys, will the key expire? Do they have a default expiration value?
Thanks in advance.
Is there a way to export the RSA public key in a text format using Azure portal without using API
The only way to export the key in the portal is Download Backup, you will get a file like xxxxvault1-testkey-20181227.keybackup, but the key will be encrypted, it could not be used outside the Azure Key Vault system.
If you want to export the key that will not be encrypted, you could use Azure CLI:
az keyvault key show --vault-name 'keyvaultname' --name 'testkey' --version 'e8dfb0f7b7a045b5a1e80442af833270' > C:\Users\joyw\Desktop\output.txt
It will export the key as a file output.txt.
If I don't select 'set activation' or 'set expiration' date while creating the keys, will the key expire? Do they have a default expiration value?
AFAIK, if you don't set expiration date, it will never expire.