Hello HashiCorp community,
I’m exploring how to use elliptic curve (EC) keys not just for signing (ECDSA) but also for encryption / key agreement (ECDH-ES style encryption) within Vault. The specific use case is supporting OpenID-4 Verifiable Credential issuance, which mandates alg = ECDH-ES with enc = A128GCM (on curve P-256).
I’m aware that Vault Transit supports:
-
ECDSA keys (
ecdsa-p256,ecdsa-p384,ecdsa-p521) for signing and verification. -
RSA keys for encryption, decryption, signing, verification.
-
Symmetric AES / GCM keys for encryption/decryption.
But I haven’t found documentation or examples showing that Vault can perform EC key agreement / ECDH-ES encryption. The typical JWE flow is:
-
Client picks ephemeral EC key (epk).
-
Client and server derive a shared secret via ECDH.
-
Use that shared secret (via KDF) to derive a CEK.
-
Encrypt payload with CEK using AES-GCM.
I have a few questions:
-
Does Vault Transit support ECDH / EC key agreement (i.e. can Vault internally perform the ECDH and wrap/unwrap CEK) as part of JWE encryption or decryption?
-
If not currently supported, is there a roadmap or feature request to enable EC-based encryption in Transit?
-
If partial support exists (e.g. in Enterprise or via plugin), what is the mechanism / API?
-
Does anyone have a workaround for using EC keys for encryption with Vault — e.g. exporting private key or bridging to external crypto engine — while preserving some security guarantees?
The goal is to allow EC keys stored in Vault to be used for full JWE ECDH-ES (not just ECDSA). I’d love to hear from maintainers or users who have tried this.
Thanks in advance for any guidance!