Import key-pair to GCP KMS

[jp-gouin]

Hello,

I have generated a key-pair using ./cosign-darwin-amd64 generate-key-pair i used it to sign several container images. And now i want to import the key-pair into GCPKMS to store it securely.

Since i already used it to sign images i do not want to regenerate a key-pair with --kms gcpkms://... option.

When i tried to upload the signature in GCP using gcloud i got the following error :

gcloud kms keys versions import \
  --import-job test \
  --location global \
  --keyring g3s \
  --key test \
  --algorithm ec-sign-p256-sha256 \
  --target-key-file cosign.key
ERROR: (gcloud.kms.keys.versions.import) INVALID_ARGUMENT: Wrapped ECDSA key has invalid length of 664.

Is there a way to import an already generated key inside KMS ?

Thanks