[英]Azure AD Verifiable Credential
Azure Key Vault is a cloud service that enables the secure storage and access of secrets and keys. Azure Key Vault 是一项云服务,可实现机密和密钥的安全存储和访问。 Your Verifiable Credentials service stores public and private keys in Azure Key Vault.
你的可验证凭据服务将公钥和私钥存储在 Azure Key Vault 中。 These keys are used to sign and verify credentials.
这些密钥用于签署和验证凭据。 https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-tenant
https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-tenant
How can we find our Public and Private key for verifiable credentials?我们如何找到可验证凭据的公钥和私钥? I can see Recovery, Signing, and Update key in my Key Vault used for VC.
我可以在用于 VC 的 Key Vault 中看到恢复、签名和更新密钥。
• Recovery, signing, and encrypting are various key management and cryptographic operations that are needed to be selected while creating an access policy for the said user selected thus limiting the scope of operations that can be performed by the keys, secrets and certificates issued by that user . •恢复、签名和加密是在为所选用户创建访问策略时需要选择的各种密钥管理和加密操作,因此限制了由该用户颁发的密钥、秘密和证书可以执行的操作范围用户.
Similarly, the private key and the public key of the verifiable credential cannot be accessible by the 'USER' as the user has delegated that authority to the application registered in Azure AD with the permissions 'VerifiableCredential.Create.All' and this application registered in Azure AD has been granted API permission for the API Verifiable Credential Request Service. Thus, the private key is generated and is with the service principal of the Azure resource which issues a 'Verifiable credential' through the registered Azure AD application to create a key, secret, or a certificate in the Azure keyvault
同样,
the private key and the public key of the verifiable credential cannot be accessible by the 'USER' as the user has delegated that authority to the application registered in Azure AD with the permissions 'VerifiableCredential.Create.All' and this application registered in Azure AD has been granted API permission for the API Verifiable Credential Request Service. Thus, the private key is generated and is with the service principal of the Azure resource which issues a 'Verifiable credential' through the registered Azure AD application to create a key, secret, or a certificate in the Azure keyvault
the private key and the public key of the verifiable credential cannot be accessible by the 'USER' as the user has delegated that authority to the application registered in Azure AD with the permissions 'VerifiableCredential.Create.All' and this application registered in Azure AD has been granted API permission for the API Verifiable Credential Request Service. Thus, the private key is generated and is with the service principal of the Azure resource which issues a 'Verifiable credential' through the registered Azure AD application to create a key, secret, or a certificate in the Azure keyvault
. the private key and the public key of the verifiable credential cannot be accessible by the 'USER' as the user has delegated that authority to the application registered in Azure AD with the permissions 'VerifiableCredential.Create.All' and this application registered in Azure AD has been granted API permission for the API Verifiable Credential Request Service. Thus, the private key is generated and is with the service principal of the Azure resource which issues a 'Verifiable credential' through the registered Azure AD application to create a key, secret, or a certificate in the Azure keyvault
。
• While the public key is with the key, secret or certificate generated in the Azure key vault thus, completing the nexus of secure communication through the concerned application hosted. • 当公钥与在 Azure 密钥库中生成的密钥、秘密或证书一起时,通过托管的相关应用程序完成安全通信的联系。 Thus, in this way, just based on RBAC (Role Based Access Control) and the ensuing access policy actions created in the key vault, you can create secure communication through the web app without exposing the private and the public keys .
因此,通过这种方式,仅基于 RBAC(基于角色的访问控制)和随后在密钥库中创建的访问策略操作,您就可以通过 Web 应用程序创建安全通信,而不会暴露私钥和公钥。
For more information, kindly refer to the documentation link below: -有关更多信息,请参阅以下文档链接:-
https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-issuer https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-issuer
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.