bouncy

Well, not a full answer, but probably it will get you going.

We've built before an Azure Web App (not a function app, but I guess wouldn't matter) which did exactly what you want. Took us a week or so. Full answer would be posting the code of the whole app, we I obviously cannot do. Some hints though.

We walked around the certificate problem by uploading certificates to the app (TLS settings) and accessing them in code through WEBSITE_LOAD_CERTIFICATES setting (you put thumbprints there, it's also mentioned in the link you posted), than you can get them in code and build your own certificate store:

this example explain how to select individual choice.
do these steps :

As Jim Garrison and dave_thompson_085 already said in comments that's a base64 encoded signed attributes DER structure with content type, signing time, message digest, and algorithm protection properties. Here an ASN.1 dump of it:

I'm using Bouncy Castle to implement Argon2id as it allows to set the parameters and salt instead of parsing the output.

The below full running program uses 4 parameter sets - the parameter were taken from PHP's OpenSSL implementation but you can choose the parameter individually of course.

As the program is taken from a Cross platform project it uses a fixed salt that is UNSECURE - in production you need to use a randomly generated salt.

This is an output:

Ultimately, I was able to resolve this by:

• downloading Java straight from Oracle (rather than uninstalling and reinstalling with homebrew),
• deleting spark, downloading again (from apache, not via homebrew), and setting up environment variables as described here (mostly... I use a virtual environment so I didn't hardcode PYSPARK_PYTHON to system python3)
• uninstalling pyspark and reinstalling
• quitting pycharm and reopening (this refreshed all my environment variables that were set in .zshrc, like JAVA_HOME)

There's almost certainly an easier way, but this worked.

The private and public Ed25519 keys are each 32 bytes in size. They can be encapsulated in different formats. ssh-keygen generates both Ed25519 keys in OpenSSH format with the statement used. This format cannot be imported directly. However, BouncyCastle provides helper classes for this purpose.

The private key can be loaded with a PemReader and imported into an Ed25519PrivateKeyParameters instance with OpenSSHPrivateKeyUtil.parsePrivateKeyBlob(). OpenSSHPublicKeyUtil.parsePublicKey() allows importing the Base64 decoded body of the public key into an Ed25519PublicKeyParameters instance.

A key pair created with ssh-keygen -t ed25519 looks e.g. as follows:

The PHP code first separates the three parts. The second part is the IV, which is hex decoded and thus has a size of 8 bytes. The third part is the data, which is first hex decoded because of the -1 in the first part and then decrypted using the key and IV by applying Blowfish in CBC mode with PKCS7 padding.

To check the C# implementation, test data is useful:

• As 20 bytes key the following Base64 decoded key is applied:

Those log entries ("Server found no credentials..." mean that the server is configured to support the mentioned algorithm, but could not find a suitable credential (key-plus-certificate) via the X509KeyManager the SSLContext was initialized with.

BCJSSE (especially FIPS) doesn't interoperate with KeyManagerFactory or TrustManagerFactory from other providers, so please check that you have the default algorithms configured to PKIX (in java.security) to use the BCJSSE ones:

I inserted your private key (that is hopefully a sample one) in https://lapo.it/asn1js/

and got this result: