How to Get Private Key from Certificate in an Azure Key Vault?
I have a Certificate in an Azure Key Vault that I would like to extract a private key from.
According to the Microsoft Docs:
When a Key Vault certificate is created, an addressable key and secret are also created with the same name. The Key Vault key allows key operations and the Key Vault secret allows retrieval of the certificate value as a secret.
However, I have been unsuccessful in extracting the private key from this. Here is an example of some python code I tried:
pem_data = get_secret('https://keyvault.azure.net/', 'x509-cert')
pem_data = '-----BEGIN CERTIFICATE----- ' + pem_data + ' -----END CERTIFICATE-----'
pem_data = pem_data.encode()
key = x509.load_pem_x509_certificate(pem_data, backend=default_backend())
private_key = key.private_key()
This however, will error saying it cannot load the certificate.
The pem_data you get from the key vault is already in pem format, and you can ony get the public key.
pem_data = client.get_secret("https://XX.vault.azure.net/", "XX", "XX")
pem_data = pem_data.value.encode()
cert = load_pem_x509_certificate(pem_data, backend=default_backend())
public_key = cert.public_key()
If you want to get the private key, you can use OpenSSL:
import OpenSSL.crypto
pem_data = client.get_secret("https://XX.vault.azure.net/", "XX", "XX")
pem_data = pem_data.value.encode()
crtObj = crypto.load_certificate(crypto.FILETYPE_PEM, pem_data)
pubKeyObject = crtObj.get_pubkey()
priKeyString = crypto.dump_privatekey(crypto.FILETYPE_PEM, pubKeyObject)
print(priKeyString)
Note:
Please make sure that you have indicated that the key is exportable when you create the certificate. If the policy indicates non-exportable, then the private key isn't a part of the value when retrieved as a secret. Refer to this document for more details.
- Python, Web Scraping
- Cannot scrape xpath using Selenium
- Scrapy script not scraping items
- why does the html all have same class and sub-class with different information
- Yfinace - Getting Too Many Requests. Rate limited. Try after a while
- Requests and BeautifulSoup to get video length from YouTube
- web scraping Proplem no such element
- Python/Selenium - Scraping Into Excel Sheet
- Scraping data using Network, Fetch, Response
- Python NLTK: Bigrams trigrams fourgrams
- Discovering Poetic Form with NLTK and CMU Dict
- Python Wand: MagickReadImage returns false, but did not raise ImageMagick exception
- Executing multi-line statements in the one-line command-line
- How to get the replit link for uptime robot?
- How to install TA-Lib On vscode/windows(64bit)
- Python injector doesn't work for NewType based on tuple[str, str]
- Python conditional list joins
- Why Can't VS Code Directly Run Python unittest .py's Or Discover In Testing Tab
- Limiting amount of objects user can add in another object
- I got warning as: "Name 'x' can be undefined" and "Global variable 'x' is undefined at the module level"
- How to split data into 3 sets (train, validation and test)?
- How can I set session details in conftest.py for yield along with fixture in pytest?
- Show DataFrame as table in iPython Notebook
- How to get all possible (2^N) combinations of a list’s elements, of any length
- Python Declare variables iteratively
- Quarto Unable to Render Python
- Filter pandas dataframe with specific column names in python
- Tkinter canvas image probably being garbage collected but creating a persistent reference does not solve the problem
- Why is Pipenv not picking up my Pyenv versions?
- Why do I get lots of terminal messages about files 'first seen with mtime' when starting django runserver?