-
Notifications
You must be signed in to change notification settings - Fork 7
Key Vault feature reference
Esta Nagy edited this page Jun 16, 2025
·
18 revisions
Lowkey Vault supports the full list of key types supported by Azure Key Vault although not all algorithms are supported for them in crypto operations.
| Key type | Software protected | Simulated HSM | Encrypt/Decrypt algorithms | Sign/Verify algorithms |
|---|---|---|---|---|
| RSA 2k | ✅ | ✅ | RSA1_5, RSA-OAEP, RSA-OAEP-256 | PS256, PS384, PS512, RS256, RS384, RS512 |
| RSA 3k | ✅ | ✅ | RSA1_5, RSA-OAEP, RSA-OAEP-256 | PS256, PS384, PS512, RS256, RS384, RS512 |
| RSA 4k | ✅ | ✅ | RSA1_5, RSA-OAEP, RSA-OAEP-256 | PS256, PS384, PS512, RS256, RS384, RS512 |
| EC P-256 | ✅ | ✅ | ❌ | ES256 |
| EC P-256K | ✅ | ✅ | ❌ | ES256K |
| EC P-384 | ✅ | ✅ | ❌ | ES384 |
| EC P-512 | ✅ | ✅ | ❌ | ES512 |
| AES 128 | ❌ | ✅ | AES-CBC, AES-CBC Pad | ❌ |
| AES 192 | ❌ | ✅ | AES-CBC, AES-CBC Pad | ❌ |
| AES 256 | ❌ | ✅ | AES-CBC, AES-CBC Pad | ❌ |
Please see the following table for the list of supported key APIs.
| Endpoint | Azure REST API reference | API version supported | Notes |
|---|---|---|---|
| Create key | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
|
| Get key versions | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
|
| Get key | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
|
| Get keys | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
List keys |
| Update key | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
|
| Delete key | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
|
| Get deleted key | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
|
| Get deleted keys | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
List deleted keys |
| Purge deleted key | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
Since v0.11.0
|
| Recover deleted key | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
|
| Encrypt | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
|
| Wrap Key | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
|
| Decrypt | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
|
| Unwrap Key | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
|
| Sign | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
Since v0.8.0
|
| Verify | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
Since v0.8.0
|
| Import key | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
Since v0.9.0
|
| Restore key | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
Since v1.0.0
|
| Backup key | link |
7.2, 7.3, 7.4, 7.5, 7.6
|
Since v1.0.0
|
| Get key rotation policy | link |
7.3, 7.4, 7.5, 7.6
|
Since v1.7.0
|
| Get random bytes | link |
7.3, 7.4, 7.5, 7.6
|
Since v1.5.0
|
| Rotate key | link |
7.3, 7.4, 7.5, 7.6
|
Since v1.6.0
|
| Update key rotation policy | link |
7.3, 7.4, 7.5, 7.6
|
Since v1.7.0
|
| Release (key) | link | ❌ | ➖ Not planned in MVP |
*Basic support of API version 7.3 was added in v1.3.0.
*Basic support of API version 7.4 was added in v2.1.0.
*Basic support of API version 7.5 was added in v2.3.0.
*Basic support of API version 7.6 was added in v3.2.0.