Add bitcoin private key to Azure Key Vault
Question
I have an idea to store bitcoin/altcoin private keys in Azure Key Vault as cryptographic keys. Azure Key Vault allow execute some cryptographics methods with its (for examle hashing or encryption) without getting out the key from vault. Bitcoin use ECDSA algorithm for signing, Key Vault can it too. How can I import a btc private key to KeyVault? I use c# for it.
2 answers
solution1
0 2019-01-29 21:50:34
at this time it appears that only RSA keys can be imported, and that EC type keys such as secp256k1 that BTC uses cannot be imported. BUT
You could generate your own secp256k1 key within the HSM-protected key vault. Then you could do the calculations to determine the associated public key and the BTC address then just send all your BTC to that. Same thing!
You can even download encrypted backups of your secp256k1 key from the HSM, such that you could restore it later, but you will just never know what the private key is.
solution2
0 2021-04-17 19:54:21
I was able to import a PEM format secp256k1 private key into KeyVault using the following code.
var client = new KeyClient(new Uri("https://myKeyVault.vault.azure.net"), new ClientSecretCredential("tenantid", "clientid", "clientSecret"));
var key = ECDsa.Create();
key.ImportFromPem(@"-----BEGIN EC PARAMETERS-----
....
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
...
-----END EC PRIVATE KEY-----
");
JsonWebKey jwk = new JsonWebKey(key, true);
await client.ImportKeyAsync("MyKey", jwk);
You'll need to setup an app registration and create an access policy in the key vault in order to be able to do the import as described here https://www.c-sharpcorner.com/blogs/fetching-secrets-from-key-vault-in-net-console-app
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.