Get Private Key for a certificate from Azure Key Vault

Question

I need a public key as encryptionCertificate, to encrypt the resource data that returns to my ReactJs Client app. Later a private key to decrypt MS Graph Rich notifications includes the resource data, as per URL: https://learn.microsoft.com/en-us/graph/change-notifications-with-resource-data?tabs=javascript

I have created a self-signed Azure certificate on Vault and accessing it via an Azure function, I am trying to send private and public key to my React JS Client App via this Azure Function, I am able to get the public key but can't get the private key. How can I get the private key form the Azure vault for the certificate?

I have tried CertificateClient, KeyClient, SecretClient classes in my function app.

Following code gave me public key

var latestCertificate = await VaultManager._certificateClient.getCertificate(_certificateName);

const {cer } = latestCertificate as KeyVaultCertificate;

const base64CER = Buffer.from(cer).toString("base64");

console.log("public: ", base64CER);

Tried getting private key using secretClient.getSecret(this._certificateName);,

but no success. Any help?

Update:

I manage to get private and public keys openssl with the data returned from secretClient.getSecret(this._certificateName). Data was in pkcs1 format, I saved in in a file 'pkcs12.p12', then I created private key and public key using openssl.

Now I want to do it without openssl. How can I do it?

Answer 1

I manage to get private and public keys openssl with the data returned from secretClient.getSecret(this._certificateName). Data was in pkcs1 format, I saved in in a file 'pkcs12.p12', then I created private key and public key using openssl.

Now I want to do it without openssl. How can I do it?