Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[BUG] Unable to retrieve Private key for an Certificate with exportable keys
See original GitHub issueDescribe the bug Using the KeyVaultClient, we are unable to retrieve the private key from the Key Vault.
Exception or Stack Trace 2022-11-11 16:05:55,344 INFO | main | example.certificate.UserMgmtTest | Key Properties exportable ?: null 2022-11-11 16:05:55,344 INFO | main | example.certificate.UserMgmtTest | Private Key ?: false 2022-11-11 16:05:55,344 ERROR | main | com.azure.security.keyvault.keys.models.JsonWebKey | java.security.NoSuchAlgorithmException: no such algorithm: RSA for provider AzureKeyVault java.lang.IllegalStateException: java.security.NoSuchAlgorithmException: no such algorithm: RSA for provider AzureKeyVault at com.azure.security.keyvault.keys.models.JsonWebKey.getRsaPublicKey(JsonWebKey.java:583) at com.azure.security.keyvault.keys.models.JsonWebKey.toRsa(JsonWebKey.java:741)
To Reproduce Create a self signed certificate in Azure Key Vault, with Advanced option to enable export of keys. And try to download the private keys using the KeyVaultClient
Code Snippet
KeyClient keyClient = new KeyClientBuilder()
.credential(credential)
.vaultUrl(kvURL)
.buildClient();
KeyVaultKey keyVaultKey = keyClient.getKey(keyId);
log.info("Key Properties exportable ?: {}" , keyVaultKey.getProperties().isExportable());
JsonWebKey webKey = keyVaultKey.getKey();
log.info("Private Key ?: {}" , webKey.hasPrivateKey());
Expected behavior Should be able to extract the private key in this case.
Screenshots N/A Setup (please complete the following information):
- OS: [e.g. iOS]
- IDE: [e.g. IntelliJ]
- Library/Libraries: com.azure:azure-security-keyvault-keys:4.5.1
- Java version:17
- App Server/Environment: [e.g. Tomcat, WildFly, Azure Function, Apache Spark, Databricks, IDE plugin or anything special]
- Frameworks: [e.g. Spring Boot, Micronaut, Quarkus, etc]
If you suspect a dependency version mismatch (e.g. you see NoClassDefFoundError, NoSuchMethodError or similar), please check out Troubleshoot dependency version conflict article first. If it doesn’t provide solution for the problem, please provide:
- verbose dependency tree (
mvn dependency:tree -Dverbose) - exception message, full stack trace, and any available logs
Additional context
While creating the certificate, the Private key was marked as exportable
Access permissions are set as
Information Checklist Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report
- Bug Description Added
- Repro Steps Added
- Setup information Added
Issue Analytics
- State:
- Created 10 months ago
- Comments:16 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@vcolin7 it is different key. You think about cryptographic key. It is private key of certificate. Certificates does not have release policy (based on screenshot it is certificate).
@jlichwa He’s using the new
KeyClient(the deprecated one is calledKeyVaultClient). @vtapadia one thing to note is that the code sample shared only works for getting a certificate’s private key.@jlichwa, do you know if a KeyVaultKey’s private key (not part of a certificate) can even be exported from a Key Vault? I thought we only supported this for Managed HSMs.