Package com.microsoft.azure.keyvault.core

Interface IKey

  • All Superinterfaces:
    AutoCloseable, Closeable
    public interface IKey
extends Closeable
    Interface for representing cryptographic keys with the Microsoft Azure Key Vault libraries.

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      com.google.common.util.concurrent.ListenableFuture<byte[]> decryptAsync​(byte[] ciphertext, byte[] iv, byte[] authenticationData, byte[] authenticationTag, String algorithm)
      Decrypts the specified cipher text.
      com.google.common.util.concurrent.ListenableFuture<org.apache.commons.lang3.tuple.Triple<byte[],​byte[],​String>> encryptAsync​(byte[] plaintext, byte[] iv, byte[] authenticationData, String algorithm)
      Encrypts the specified plain text.
      String getDefaultEncryptionAlgorithm()
      The default encryption algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.
      String getDefaultKeyWrapAlgorithm()
      The default key wrap algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.
      String getDefaultSignatureAlgorithm()
      The default signature algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.
      String getKid()
      The unique key identifier for this key.
      com.google.common.util.concurrent.ListenableFuture<org.apache.commons.lang3.tuple.Pair<byte[],​String>> signAsync​(byte[] digest, String algorithm)
      Signs the specified digest using the specified algorithm, or the keys DefaultSignatureAlgorithm if no algorithm is specified.
      com.google.common.util.concurrent.ListenableFuture<byte[]> unwrapKeyAsync​(byte[] encryptedKey, String algorithm)
      Unwraps (decrypts) the specified encryped key material.
      com.google.common.util.concurrent.ListenableFuture<Boolean> verifyAsync​(byte[] digest, byte[] signature, String algorithm)
      Verifies the supplied signature value using the supplied digest and algorithm.
      com.google.common.util.concurrent.ListenableFuture<org.apache.commons.lang3.tuple.Pair<byte[],​String>> wrapKeyAsync​(byte[] key, String algorithm)
      Wraps (encrypts) the specified symmetric key material using the specified algorithm, or the keys DefaultKeyWrapAlgorithm if none is specified.

    • Method Detail

      • getDefaultEncryptionAlgorithm

        String getDefaultEncryptionAlgorithm()
        The default encryption algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.
        Returns:
        The default encryption algorithm for this key.

      • getDefaultKeyWrapAlgorithm

        String getDefaultKeyWrapAlgorithm()
        The default key wrap algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.
        Returns:
        The default key wrap algorithm for this key.

      • getDefaultSignatureAlgorithm

        String getDefaultSignatureAlgorithm()
        The default signature algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.
        Returns:
        The default signature algorithm for this key.

      • getKid

        String getKid()
        The unique key identifier for this key.
        Returns:
        The key identifier

      • decryptAsync

        com.google.common.util.concurrent.ListenableFuture<byte[]> decryptAsync​(byte[] ciphertext,
                                                                        byte[] iv,
                                                                        byte[] authenticationData,
                                                                        byte[] authenticationTag,
                                                                        String algorithm)
                                                                 throws NoSuchAlgorithmException
        Decrypts the specified cipher text. Note that not all algorithms require, or support, all parameters.
        Parameters:
        ciphertext - The cipher text to decrypt
        iv - The initialization vector (optional with some algorithms)
        authenticationData - Additional authentication data (optional with some algorithms)
        authenticationTag - The authentication tag from the encrypt operation (optional with some algorithms)
        algorithm - The encryption algorithm to use, must be supplied
        Returns:
        A ListenableFuture containing the plain text
        Throws:
        NoSuchAlgorithmException - the algorithm is not valid

      • encryptAsync

        com.google.common.util.concurrent.ListenableFuture<org.apache.commons.lang3.tuple.Triple<byte[],​byte[],​String>> encryptAsync​(byte[] plaintext,
                                                                                                                                         byte[] iv,
                                                                                                                                         byte[] authenticationData,
                                                                                                                                         String algorithm)
                                                                                                                                  throws NoSuchAlgorithmException
        Encrypts the specified plain text. Note that not all algorithms require, or support, all parameters.
        Parameters:
        plaintext - The plain text to encrypt
        iv - The initialization vector (optional with some algorithms)
        authenticationData - Additional authentication data (optional with some algorithms)
        algorithm - The encryption algorithm to use, defaults to the keys DefaultEncryptionAlgorithm
        Returns:
        A ListenableFuture containing the cipher text, the authentication tag and the algorithm that was used
        Throws:
        NoSuchAlgorithmException - the algorithm is not valid

      • wrapKeyAsync

        com.google.common.util.concurrent.ListenableFuture<org.apache.commons.lang3.tuple.Pair<byte[],​String>> wrapKeyAsync​(byte[] key,
                                                                                                                          String algorithm)
                                                                                                                   throws NoSuchAlgorithmException
        Wraps (encrypts) the specified symmetric key material using the specified algorithm, or the keys DefaultKeyWrapAlgorithm if none is specified.
        Parameters:
        key - The symmetric key to wrap
        algorithm - The wrapping algorithm to use, defaults to the keys DefaultKeyWrapAlgorithm
        Returns:
        ListenableFuture containing the encrypted key and the algorithm that was used
        Throws:
        NoSuchAlgorithmException - the algorithm is not valid

      • unwrapKeyAsync

        com.google.common.util.concurrent.ListenableFuture<byte[]> unwrapKeyAsync​(byte[] encryptedKey,
                                                                          String algorithm)
                                                                   throws NoSuchAlgorithmException
        Unwraps (decrypts) the specified encryped key material.
        Parameters:
        encryptedKey - The encrypted key to decrypt
        algorithm - The algorithm to use, must be supplied
        Returns:
        A ListenableFuture containing the unwrapped key
        Throws:
        NoSuchAlgorithmException - the algorithm is not valid

      • signAsync

        com.google.common.util.concurrent.ListenableFuture<org.apache.commons.lang3.tuple.Pair<byte[],​String>> signAsync​(byte[] digest,
                                                                                                                       String algorithm)
                                                                                                                throws NoSuchAlgorithmException
        Signs the specified digest using the specified algorithm, or the keys DefaultSignatureAlgorithm if no algorithm is specified.
        Parameters:
        digest - The digest to sign
        algorithm - The signature algorithm to use
        Returns:
        A ListenableFuture containing the signature and the algorithm used.
        Throws:
        NoSuchAlgorithmException - the algorithm is not valid

      • verifyAsync

        com.google.common.util.concurrent.ListenableFuture<Boolean> verifyAsync​(byte[] digest,
                                                                        byte[] signature,
                                                                        String algorithm)
                                                                 throws NoSuchAlgorithmException
        Verifies the supplied signature value using the supplied digest and algorithm.
        Parameters:
        digest - The digest input
        signature - The signature to verify
        algorithm - The algorithm to use, must be provided
        Returns:
        A ListenableFuture containing the signature and the algorithm used.
        Throws:
        NoSuchAlgorithmException - the algorithm is not valid