Key Vault feature reference - nagyesta/lowkey-vault GitHub Wiki
Key types and protection methods
Lowkey Vault supports the full list of key types supported by Azure Key Vault although not all algorithms are supported for them in crypto operations.
| Key type | Software protected | Simulated HSM | Encrypt/Decrypt algorithms | Sign/Verify algorithms |
|---|---|---|---|---|
| RSA 2k | ✅ | ✅ | RSA1_5, RSA-OAEP, RSA-OAEP-256 | PS256, PS384, PS512, RS256, RS384, RS512 |
| RSA 3k | ✅ | ✅ | RSA1_5, RSA-OAEP, RSA-OAEP-256 | PS256, PS384, PS512, RS256, RS384, RS512 |
| RSA 4k | ✅ | ✅ | RSA1_5, RSA-OAEP, RSA-OAEP-256 | PS256, PS384, PS512, RS256, RS384, RS512 |
| EC P-256 | ✅ | ✅ | ❌ | ES256 |
| EC P-256K | ✅ | ✅ | ❌ | ES256K |
| EC P-384 | ✅ | ✅ | ❌ | ES384 |
| EC P-512 | ✅ | ✅ | ❌ | ES512 |
| AES 128 | ❌ | ✅ | AES-CBC, AES-CBC Pad | ❌ |
| AES 192 | ❌ | ✅ | AES-CBC, AES-CBC Pad | ❌ |
| AES 256 | ❌ | ✅ | AES-CBC, AES-CBC Pad | ❌ |
Key APIs
Please see the following table for the list of supported key APIs.
| Endpoint | Azure REST API reference | API version supported | Notes |
|---|---|---|---|
| Create key | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
|
| Get key versions | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
|
| Get key | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
|
| Get keys | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
List keys |
| Update key | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
|
| Delete key | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
|
| Get deleted key | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
|
| Get deleted keys | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
List deleted keys |
| Purge deleted key | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
Since v0.11.0 |
| Recover deleted key | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
|
| Encrypt | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
|
| Wrap Key | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
|
| Decrypt | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
|
| Unwrap Key | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
|
| Sign | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
Since v0.8.0 |
| Verify | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
Since v0.8.0 |
| Import key | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
Since v0.9.0 |
| Restore key | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
Since v1.0.0 |
| Backup key | link | 7.2, 7.3, 7.4, 7.5, 7.6 |
Since v1.0.0 |
| Get key rotation policy | link | 7.3, 7.4, 7.5, 7.6 |
Since v1.7.0 |
| Get random bytes | link | 7.3, 7.4, 7.5, 7.6 |
Since v1.5.0 |
| Rotate key | link | 7.3, 7.4, 7.5, 7.6 |
Since v1.6.0 |
| Update key rotation policy | link | 7.3, 7.4, 7.5, 7.6 |
Since v1.7.0 |
| Release (key) | link | ❌ | :heavy_minus_sign: Not planned in MVP |
*Basic support of API version 7.3 was added in v1.3.0.
*Basic support of API version 7.4 was added in v2.1.0.
*Basic support of API version 7.5 was added in v2.3.0.
*Basic support of API version 7.6 was added in v3.2.0.