Does Azure support AES (symmetric) keys? We have tried to use CreateKe, ImportKey with kty=oct to support AES without success.
We think Azure key vaults do not support AES (Advanced Encryption Standard, symmetric) keys. We have been trying to use these two APIs: https://docs.microsoft.com/en-us/rest/api/keyvault/importkey/importkey
to upload AES 256 keys to Azure key vaults or to create AES 256 keys in the Azure key vaults. We assigned kty=oct and they all failed with the error message:
"message": "Invalid kty value: oct",
It clearly says the key type (kty=oct) is not supported. However, the Azure documentation indicates it should be supported. Could anyone confirm whether Azure supports the key type kty=oct?
The following possible kty values are from the Azure documentation:
JsonWebKey Key Type (kty), as defined in https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40.
Name Type Description
Elliptic Curve with a private key which is not exportable from the HSM.
RSA with a private key which is not exportable from the HSM.
Octet sequence (used to represent symmetric keys)
Victor Colin Amador commented
For the time being only EC and RSA keys are supported in Key Vault as laid out here: https://docs.microsoft.com/en-us/azure/key-vault/keys/about-keys#cryptographic-protection. However, I do agree the Azure documentation you shared could be clearer about whether the types mentioned are supported or not, instead of saying "these are the possible JWK types as per the specification", otherwise it feels somewhat ambiguous.