Import Key into Vault Transit

no-cool-name · August 23, 2023, 9:06am

Hello,

To understand the Vault Transit better I have been trying to import a key. I have read through how to convert a private key to ciphertext which at the end can be imported.
Key-Wrapping

But I keep getting error in response.

error importing key: error parsing asymmetric key: asn1: structure error: tags don't match (16 vs {class:0 tag:10 length:45 isCompound:false}) {optional:false explicit:false application:false private:false defaultValue:\u003cnil\u003e tag:\u003cnil\u003e stringType:0 timeType:0 set:false omitEmpty:false} pkcs8 @2\n\n

Anybody faced any such error. I can share private key and wrapping key (as this is just test environment) if that helps.

Thanks in advance.

no-cool-name · August 23, 2023, 2:32pm

I got it working. I missed one aspect which is not very clear in the Key-Wrapping documentation.
The key which is to be wrapped needs to be in DER/binary format. I was using the PEM format which is the problem. This step is mentioned in some other page link is below:

BYOK → Manual process

Thanks