What are the services provided by Microsoft Azure?

• Master Key Types: Microsoft Azure offers 2048, 3072, and 4096-bit?RSA?asymmetric master keys, but it does not support any symmetric master keys.
• Encryption Modes: Microsoft Azure does not offer symmetric encryption methods, but does offer two asymmetric encryption methods: RSA OAEP and RSA PKCS#1v1.5.
• Plaintext Size Limits: Microsoft Azure offers a plaintext size limit of 0.25KB.
• Bring Your Own Key (BYOK) Options: To utilize?BYOK, the key being used on the cloud must first be imported by the?Cloud Service Provider,?and to import the key, it must first be wrapped.? Microsoft Azure takes an RSA key that is wrapped by?AES?and RSA-OAEP.?
• Signature Modes: To ensure the integrity of data-in-transit, signatures are used. Microsoft Azure offers RSA-PSS, RSA PKCS#1V1.5,?ECDSA?with P-256,? ECDSA with P-512, and ECDSA with SECP-256k1.?and ECDSA with P-384 signature methods.
• Cloud HSM Compliance: Each Cloud Service allows users to store keys in a cloud HSM, but the cloud HSM for each service has different compliance certificates. Microsoft Azure’s regular Vault?HSM?is FIPS 140-2 level 2 compliant and its Managed HSM is?FIPS?140-2 level 3 compliant.
• Azure Key Vault Features: Azure Key Vault protects keys and secrets with HSMs or software appliances. Both Azure Services and the customer can access the keys and secrets that are stored. Azure Key Vault is FIPS 140-2 Level 2 compliant and only supports asymmetric keys. It also supports RSA keys of sizes 2048, 3072, and 4096and Elliptic Curve key types P-256, P-384, P-521, and P-256K (SECP256K1). Azure Key Vault supports customer-managed?keys and manages tokens, passwords, certificates,?API?keys, and other secrets.
• Azure Dedicated HSM Features: Azure Dedicated HSM stores keys on an on-premises Luna HSM. This key storage is only accessible by the customer, allowing users to manage keys and not have to worry about the CSP having access to the keys. Azure Dedicated HSM is FIPS 140-2 Level 3 compliant and supports symmetric and asymmetric keys. It also supports RSA, DSA, Diffie-Hellman, Elliptic Curve Cryptography (ECDSA, ECDH, Ed25519, ECIES) with named, user-defined, and Brainpool curves, and KCDSA for asymmetric keys. Symmetric keys created with AES-GCM, Triple DES, DES, ARIA, SEED, RC2, RC4, RC5, and CAST are accepted by Azure Dedicated HSM. For Hash/Message Digest/HMAC, SHA-1, SHA-2, and SM3 are accepted, for key derivation SP800-108 Counter Mode is accepted, and for key wrapping, SP800-38F is accepted. Azure Dedicated HSM is capable of offline key backup, and single device provisioning, but customer-managed keys are not supported.

Check out Encryption Consulting for more!