How to store a public certificate (.cer file) in an Azure key store
2 answers
You should consider whether Key Vault is right for your scenario. The public key is (by nature) not sensitive information, you don't need a secure place to store it. You can use a general purpose service for it.
If you still need to use Key Vault, you can keep it as a secret. Vault key secrets are octet sequences with a maximum size of 25 KB each.
+1
source to share
Uploading public key certificates
Azure Key Vault Explorer allows you to upload public key certificates (.cer files).
Certificates are stored as keys in a key store using the "standard" format used by this application (since .cer files are not supported by Azure Key Vault).
Access to public key certificates
Once you've uploaded the public keys to Azure Key Vault, they can then be programmed like this:
// load certificate based on format used by `Azure Key Vault Explorer`
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var certBundle = await kv.GetSecretAsync(secretIdentifier).ConfigureAwait(false);
byte[] certBytes = null;
if (certBundle.ContentType == "application/x-pkcs12")
{
certBytes = Convert.FromBase64String(certBundle.Value);
}
else if (certBundle.ContentType == "application/pkix-cert")
{
certBytes = certBundle?.Value.FromJson<PublicKeyCertificate>()?.Data;
}
if (certBytes != null && certBytes.Length > 0)
{
return new X509Certificate2(certBytes,
"",
X509KeyStorageFlags.Exportable |
X509KeyStorageFlags.MachineKeySet |
X509KeyStorageFlags.PersistKeySet);
}
return null;
...
// class used to access public key certificate stored in Key Vault
public class PublicKeyCertificate
{
public byte[] Data;
}
+1
source to share