This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 74%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Is there a way to import a .pem format public key into the Azure key vault in python?
Ideally, import_key() method takes the JsonWebKey format to import a RSA public key.
Is there a way to convert a .pem format public key into JsonWebKey object to be passed into import_key SDK call.
Our use case is that we need to import an externally generated RSA public key into the Azure key vault.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Sharma, Arpana ,
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,
Shweta
Hi Shweta,
Thankyou so much for providing a reply on my query!
I tried integrating the code snippet that you posted as Answer. I am getting below error
AttributeError: '_RSAPublicKey' object has no attribute 'getJwk'
at below line of code
jwk = pubKey.getJwk() which will return the JWK in the most compact JSON format possible.
I am using cryptography-38.0.4.
Still figuring out what is wrong at my end. Will keep you posted.
Thanks,
Arpana
I tried the sample reference for import_certificate, it is working for me.
I have one query related to it, that can we import the certificate that contains only the public part of it?
I tried the code snippet that you suggested to convert pem into JWK but it is giving me below error
AttributeError: '_RSAPublicKey' object has no attribute 'getJwk'
I am using cryptography version 38.0.4
azure-keyvault-keys 4.7.0
Can you please suggest!
Thanks,
Arpana
@Fabian Gonzalez
@JamesTran-MSFT Can you please suggest
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 34%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFG%3C/text%3E%3C/svg%3E)
@Sharma, Arpana Azure Key Vault only supports asymmetric keys (key pair), you can't import a public key into Key Vault as a key, it will return an error saying that the file does not contain a private key. If you want to import a public-only key, you should do it as a secret.
Thankyou @Fabian Gonzalez This approach of storing public key is working for us.
Hi @Sharma, Arpana ,
Thanks for reaching out and apologies for delay in response.
I understand you are trying to convert .pem format public key to JsonWebKey(JWK) to pass in import_key() in python.
First, you need to load the PEM into a public key object(pubKey)
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.x509.oid import NameOID
pem_cert=open("/../../../fd.pem","rb").read()
cert = x509.load_pem_x509_certificate(pem_cert, default_backend())
pubKey = cert.public_key()
print(pubKey)
and then this can be converted using
jwk = pubKey.getJwk() which will return the JWK in the most compact JSON format possible.
Also, there is a sample reference to import PEM certificate into Azure Key Vault in the python:
Hope this will help.
Thanks,
Shweta
-------------------------------------
Please remember to "Accept Answer" if answer helped you.