ECC support for Azure Key Vault
Give Azure Key Vault the option to perform Encrypt/Decrypt/Sign/Verify functions using ECC keypairs instead of using RSA keypairs.
This allows Azure Key Vault to create digital signatures which are far smaller to transmit and faster to verify than their RSA counterparts. This is an extremely useful function for many scenarios, such as deferring to Azure Key Vault for signing (and potentially verifying) JWT tokens for use as API access tokens.
Though some feature of KeyVault may support ECC now, it's definitely not well supported or tested. For example, just now I tried importing (via powershell) an RSA 4096 cert signed by an ECC 256 ca, and it fails with "Unsupported key size (4096). Supported sizes are [256, 384, 521]". There's also no UI or Powershell support for importing ECC certs.
So, still not supported.
Quentin Bracken commented
Support for ECC was added in June 2018. Here are the links that discuss the curves supported:
REST API: https://docs.microsoft.com/en-us/rest/api/keyvault/createcertificate/createcertificate#jsonwebkeycurvename
.NET SDK: https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.keyvault.models.keyproperties.curve?view=azure-dotnet#Microsoft_Azure_KeyVault_Models_KeyProperties_Curve
Note that you still can't import via the Portal UI or PowerShell but you can import using the Azure CLI. Portal and PowerShell support for importing will arrive in a future update.
Matt Psaltis commented
Trying to import a Let's Encrypt certificate which is ECC into Azure Key Vault. Looks like I'll need to spend more $$$ or store my keys in a less secure fashion.
No, it isn't fully supported. You can generate, but not import, e.g. importing an ECC cert returns "Key type of an x509 certificate in the certificate chain is not RSA. Only RSA key type is supported."
Thuan Soldier commented
EC is supported now.
We need to be able to sign Ethereum transactions.
Nick Addison commented
ECC is going to be essential for Blockchain as a Service. I'm currently having to call out to an AWS hosted service from my Azure hosted application to sign Ethereum transactions.
Matt Cotterell commented
Just found out that Key Vault exists in a new section, could a Feedback administrator move it to the right section so it gets the visibility it needs?
Paul Ulvinius commented
Since this is planned, when can we expect progress on this? Would be nice with a roadmap for Azure Key Vault.
Samir FARHAT (MVP) commented
This planned : Elliptic Curve and Symmetric operations will be added to Azure Key Vault.
"The initial Azure Key Vault release supports RSA keys only; future releases may support other key types such as symmetric and elliptic curve."