Import Key into Vault Transit

no-cool-name · August 23, 2023, 9:06am

Hello,

To understand the Vault Transit better I have been trying to import a key. I have read through how to convert a private key to ciphertext which at the end can be imported.
Key-Wrapping

But I keep getting error in response.

error importing key: error parsing asymmetric key: asn1: structure error: tags don't match (16 vs {class:0 tag:10 length:45 isCompound:false}) {optional:false explicit:false application:false private:false defaultValue:\u003cnil\u003e tag:\u003cnil\u003e stringType:0 timeType:0 set:false omitEmpty:false} pkcs8 @2\n\n

Anybody faced any such error. I can share private key and wrapping key (as this is just test environment) if that helps.

Thanks in advance.

no-cool-name · August 23, 2023, 2:32pm

I got it working. I missed one aspect which is not very clear in the Key-Wrapping documentation.
The key which is to be wrapped needs to be in DER/binary format. I was using the PEM format which is the problem. This step is mentioned in some other page link is below:

BYOK → Manual process

Thanks

Topic		Replies	Views
Issue on importing transit ecdsa-p256 private key Vault vault	2	589	May 18, 2023
Import transit key fails integrity check Vault	0	19	December 13, 2024
Importing pre-existing rsa-4096 key as a transit key Vault	0	290	July 1, 2021
Unable to decrypt using imported aes256-gcm96 transit key Vault	1	154	December 18, 2023
Import private key to transit Vault	1	230	December 20, 2023

Import Key into Vault Transit

Related topics