关于密钥About keys

Azure Key Vault 提供了两种类型的资源来存储和管理加密密钥:Azure Key Vault provides two types of resources to store and manage cryptographic keys:

资源类型Resource type 密钥保护方法Key protection methods 数据平面终结点基 URLData-plane endpoint base URL
保管库Vaults 受软件保护Software-protected

https://{vault-name}.vault.azure.cnhttps://{vault-name}.vault.azure.cn
  • 保管库 - 保管库提供低成本、易部署、多租户、区域复原(若可用)且高度可用的密钥管理解决方案,适用于最常见的云应用程序方案。Vaults - Vaults provide a low-cost, easy to deploy, multi-tenant, zone-resilient (where available), highly available key management solution suitable for most common cloud application scenarios.

备注

除了加密密钥外,保管库还能让你存储和管理多种类型的对象(如机密、证书和存储帐户密钥)。Vaults also allow you to store and manage several types of objects like secrets, certificates and storage account keys, in addition to cryptographic keys.

Key Vault 中的加密密钥表示为 JSON Web 密钥 [JWK] 对象。Cryptographic keys in Key Vault are represented as JSON Web Key [JWK] objects. JavaScript 对象表示法 (JSON) 和 JavaScript 对象签名和加密 (JOSE) 规范如下:The JavaScript Object Notation (JSON) and JavaScript Object Signing and Encryption (JOSE) specifications are:

此外,还扩展了基本 JWK/JWA 规范,以启用对于 Azure Key Vault 实现唯一的密钥类型。The base JWK/JWA specifications are also extended to enable key types unique to the Azure Key Vault implementation.

密钥类型和保护方法Key types and protection methods

Key Vault 支持 RSA、EC 和对称密钥。Key Vault supports RSA, EC and symmetric keys.

受软件保护的密钥Software-protected keys

密钥类型Key type 保管库Vaults
RSA:“受软件保护的”RSA 密钥RSA: "Software-protected" RSA key FIPS 140-2 级别 1FIPS 140-2 Level 1
EC:“受软件保护的”椭圆曲线密钥EC: "Software-protected" Elliptic Curve key FIPS 140-2 级别 1FIPS 140-2 Level 1

有关每种密钥类型、算法、操作、属性和标记的详细信息,请参阅密钥类型、算法和操作Please see Key types, algorithms, and operations for details about each key type, algorithms, operations, attributes and tags.

后续步骤Next steps