public class CryptographyClient extends Object
Samples to construct the sync client
CryptographyClient cryptographyClient = new CryptographyClientBuilder() .keyIdentifier("<YOUR-KEY-IDENTIFIER>") .credential(new DefaultAzureCredentialBuilder().build()) .buildClient();
CryptographyClientBuilder
Modifier and Type | Method and Description |
---|---|
DecryptResult |
decrypt(EncryptionAlgorithm algorithm,
byte[] cipherText)
Decrypts a single block of encrypted data using the configured key and specified algorithm.
|
DecryptResult |
decrypt(EncryptionAlgorithm algorithm,
byte[] cipherText,
com.azure.core.util.Context context)
Decrypts a single block of encrypted data using the configured key and specified algorithm.
|
EncryptResult |
encrypt(EncryptionAlgorithm algorithm,
byte[] plaintext)
Encrypts an arbitrary sequence of bytes using the configured key.
|
EncryptResult |
encrypt(EncryptionAlgorithm algorithm,
byte[] plaintext,
com.azure.core.util.Context context)
Encrypts an arbitrary sequence of bytes using the configured key.
|
KeyVaultKey |
getKey()
Gets the public part of the configured key.
|
com.azure.core.http.rest.Response<KeyVaultKey> |
getKeyWithResponse(com.azure.core.util.Context context)
Gets the public part of the configured key.
|
SignResult |
sign(SignatureAlgorithm algorithm,
byte[] digest)
Creates a signature from a digest using the configured key.
|
SignResult |
sign(SignatureAlgorithm algorithm,
byte[] digest,
com.azure.core.util.Context context)
Creates a signature from a digest using the configured key.
|
SignResult |
signData(SignatureAlgorithm algorithm,
byte[] data)
Creates a signature from the raw data using the configured key.
|
SignResult |
signData(SignatureAlgorithm algorithm,
byte[] data,
com.azure.core.util.Context context)
Creates a signature from the raw data using the configured key.
|
UnwrapResult |
unwrapKey(KeyWrapAlgorithm algorithm,
byte[] encryptedKey)
Unwraps a symmetric key using the configured key that was initially used for wrapping that key.
|
UnwrapResult |
unwrapKey(KeyWrapAlgorithm algorithm,
byte[] encryptedKey,
com.azure.core.util.Context context)
Unwraps a symmetric key using the configured key that was initially used for wrapping that key.
|
VerifyResult |
verify(SignatureAlgorithm algorithm,
byte[] digest,
byte[] signature)
Verifies a signature using the configured key.
|
VerifyResult |
verify(SignatureAlgorithm algorithm,
byte[] digest,
byte[] signature,
com.azure.core.util.Context context)
Verifies a signature using the configured key.
|
VerifyResult |
verifyData(SignatureAlgorithm algorithm,
byte[] data,
byte[] signature)
Verifies a signature against the raw data using the configured key.
|
VerifyResult |
verifyData(SignatureAlgorithm algorithm,
byte[] data,
byte[] signature,
com.azure.core.util.Context context)
Verifies a signature against the raw data using the configured key.
|
WrapResult |
wrapKey(KeyWrapAlgorithm algorithm,
byte[] key)
Wraps a symmetric key using the configured key.
|
WrapResult |
wrapKey(KeyWrapAlgorithm algorithm,
byte[] key,
com.azure.core.util.Context context)
Wraps a symmetric key using the configured key.
|
public KeyVaultKey getKey()
keys/get
permission.
Code Samples
Gets the key configured in the client. Prints out the returned key details.
KeyVaultKey key = cryptographyClient.getKey(); System.out.printf("Key is returned with name %s and id %s \n", key.getName(), key.getId());
key
.com.azure.core.exception.ResourceNotFoundException
- when the configured key doesn't exist in the key vault.public com.azure.core.http.rest.Response<KeyVaultKey> getKeyWithResponse(com.azure.core.util.Context context)
keys/get
permission.
Code Samples
Gets the key configured in the client. Prints out the returned key details.
KeyVaultKey keyWithVersion = cryptographyClient.getKeyWithResponse(new Context(key1, value1)).getValue(); System.out.printf("Key is returned with name %s and id %s \n", keyWithVersion.getName(), keyWithVersion.getId());
context
- Additional context that is passed through the Http pipeline during the service call.Response
whose value
contains the requested key
.com.azure.core.exception.ResourceNotFoundException
- when the configured key doesn't exist in the key vault.public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, com.azure.core.util.Context context)
The encryption algorithm
indicates the type of algorithm to use for decrypting the
specified encrypted content. Possible values for assymetric keys include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128CBC
, A128CBC-HS256
, A192CBC
,
A192CBC-HS384
, A256CBC
and
A256CBC-HS512
Code Samples
Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when a response has been received.
byte[] plainTextToEncrypt = new byte[100]; new Random(0x1234567L).nextBytes(plainTextToEncrypt); EncryptResult encryptionResult = cryptographyClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plainTextToEncrypt, new Context(key1, value1)); System.out.printf("Received encrypted content of length %d with algorithm %s \n", encryptionResult.getCipherText().length, encryptionResult.getAlgorithm().toString());
algorithm
- The algorithm to be used for encryption.plaintext
- The content to be encrypted.context
- Additional context that is passed through the Http pipeline during the service call.EncryptResult
whose cipher text
contains the encrypted
content.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for encryption.UnsupportedOperationException
- if the encrypt operation is not supported or configured on the key.NullPointerException
- if algorithm
or plainText
is null.public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext)
The encryption algorithm
indicates the type of algorithm to use for decrypting the
specified encrypted content. Possible values
for assymetric keys include: RSA1_5
, RSA_OAEP
and RSA_OAEP_256
.
Possible values for symmetric keys include: A128CBC
, A128CBC-HS256
,
A192CBC
, A192CBC-HS384
, A256CBC
and A256CBC-HS512
Code Samples
Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when a response has been received.
byte[] plainText = new byte[100]; new Random(0x1234567L).nextBytes(plainText); EncryptResult encryptResult = cryptographyClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plainText); System.out.printf("Received encrypted content of length %d with algorithm %s \n", encryptResult.getCipherText().length, encryptResult.getAlgorithm().toString());
algorithm
- The algorithm to be used for encryption.plaintext
- The content to be encrypted.EncryptResult
whose cipher text
contains the encrypted
content.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for encryption.UnsupportedOperationException
- if the encrypt operation is not supported or configured on the key.NullPointerException
- if algorithm
or plainText
is null.public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, com.azure.core.util.Context context)
The encryption algorithm
indicates the type of algorithm to use for decrypting the
specified encrypted content. Possible values
for assymetric keys include: RSA1_5
, RSA_OAEP
and RSA_OAEP_256
.
Possible values for symmetric keys include: A128CBC
, A128CBC-HS256
,
A192CBC
, A192CBC-HS384
, A256CBC
and A256CBC-HS512
Code Samples
Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content details when a response has been received.
DecryptResult decryptionResult = cryptographyClient.decrypt(EncryptionAlgorithm.RSA_OAEP, encryptedData, new Context(key1, value1)); System.out.printf("Received decrypted content of length %d\n", decryptionResult.getPlainText().length);
algorithm
- The algorithm to be used for decryption.cipherText
- The content to be decrypted.context
- Additional context that is passed through the Http pipeline during the service call.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for decryption.UnsupportedOperationException
- if the decrypt operation is not supported or configured on the key.NullPointerException
- if algorithm
or cipherText
is null.public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText)
The encryption algorithm
indicates the type of algorithm to use for decrypting the
specified encrypted content. Possible values
for assymetric keys include: RSA1_5
, RSA_OAEP
and RSA_OAEP_256
.
Possible values for symmetric keys include: A128CBC
, A128CBC-HS256
,
A192CBC
, A192CBC-HS384
, A256CBC
and A256CBC-HS512
Code Samples
Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content details when a response has been received.
DecryptResult decryptResult = cryptographyClient.decrypt(EncryptionAlgorithm.RSA_OAEP, encryptedData); System.out.printf("Received decrypted content of length %d\n", decryptResult.getPlainText().length);
algorithm
- The algorithm to be used for decryption.cipherText
- The content to be decrypted.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for decryption.UnsupportedOperationException
- if the decrypt operation is not supported or configured on the key.NullPointerException
- if algorithm
or cipherText
is null.public SignResult sign(SignatureAlgorithm algorithm, byte[] digest, com.azure.core.util.Context context)
The signature algorithm
indicates the type of algorithm to use to create the
signature from the digest. Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Sings the digest. Subscribes to the call asynchronously and prints out the signature details when a response has been received.
byte[] plainTextData = new byte[100]; new Random(0x1234567L).nextBytes(plainTextData); MessageDigest messageDigest = MessageDigest.getInstance("SHA-256"); messageDigest.update(data); byte[] digetContent = messageDigest.digest(); SignResult signResponse = cryptographyClient.sign(SignatureAlgorithm.ES256, digetContent); System.out.printf("Received signature of length %d with algorithm %s", signResponse.getSignature().length, signResponse.getAlgorithm().toString(), new Context(key1, value1));
algorithm
- The algorithm to use for signing.digest
- The content from which signature is to be created.context
- Additional context that is passed through the Http pipeline during the service call.SignResult
whose signature
contains the created signature.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for signing.UnsupportedOperationException
- if the sign operation is not supported or configured on the key.NullPointerException
- if algorithm
or digest
is null.public SignResult sign(SignatureAlgorithm algorithm, byte[] digest)
The signature algorithm
indicates the type of algorithm to use to create the
signature from the digest. Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Sings the digest. Subscribes to the call asynchronously and prints out the signature details when a response has been received.
byte[] data = new byte[100]; new Random(0x1234567L).nextBytes(data); MessageDigest md = MessageDigest.getInstance("SHA-256"); md.update(data); byte[] digest = md.digest(); SignResult signResult = cryptographyClient.sign(SignatureAlgorithm.ES256, digest); System.out.printf("Received signature of length %d with algorithm %s", signResult.getSignature().length, signResult.getAlgorithm().toString());
algorithm
- The algorithm to use for signing.digest
- The content from which signature is to be created.SignResult
whose signature
contains the created signature.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for signing.UnsupportedOperationException
- if the sign operation is not supported or configured on the key.NullPointerException
- if algorithm
or digest
is null.public VerifyResult verify(SignatureAlgorithm algorithm, byte[] digest, byte[] signature)
The signature algorithm
indicates the type of algorithm to use to create the
signature from the digest. Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Verifies the signature against the specified digest. Subscribes to the call asynchronously and prints out the verification details when a response has been received.
VerifyResult verifyResult = cryptographyClient.verify(SignatureAlgorithm.ES256, digest, signature); System.out.printf("Verification status %s", verifyResult.isValid());
algorithm
- The algorithm to use for signing.digest
- The content from which signature was created.signature
- The signature to be verified.Boolean
indicating the signature verification result.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for verifying.UnsupportedOperationException
- if the verify operation is not supported or configured on the key.NullPointerException
- if algorithm
, digest
or signature
is null.public VerifyResult verify(SignatureAlgorithm algorithm, byte[] digest, byte[] signature, com.azure.core.util.Context context)
The signature algorithm
indicates the type of algorithm to use to create the
signature from the digest. Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Verifies the signature against the specified digest. Subscribes to the call asynchronously and prints out the verification details when a response has been received.
VerifyResult verifyResponse = cryptographyClient.verify(SignatureAlgorithm.ES256, digest, signature); System.out.printf("Verification status %s", verifyResponse.isValid(), new Context(key2, value2));
algorithm
- The algorithm to use for signing.digest
- The content from which signature is to be created.signature
- The signature to be verified.context
- Additional context that is passed through the Http pipeline during the service call.Boolean
indicating the signature verification result.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for verifying.UnsupportedOperationException
- if the verify operation is not supported or configured on the key.NullPointerException
- if algorithm
, digest
or signature
is null.public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key)
The wrap algorithm
indicates the type of algorithm to use for wrapping the specified
key content. Possible values include:
RSA1_5
, RSA_OAEP
and RSA_OAEP_256
Code Samples
Wraps the key content. Subscribes to the call asynchronously and prints out the wrapped key details when a response has been received.
byte[] key = new byte[100]; new Random(0x1234567L).nextBytes(key); WrapResult wrapResult = cryptographyClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, key); System.out.printf("Received encypted key of length %d with algorithm %s", wrapResult.getEncryptedKey().length, wrapResult.getAlgorithm().toString());
algorithm
- The encryption algorithm to use for wrapping the key.key
- The key content to be wrappedWrapResult
whose encrypted key
contains the wrapped
key result.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for wrap operation.UnsupportedOperationException
- if the wrap operation is not supported or configured on the key.NullPointerException
- if algorithm
or key
is null.public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key, com.azure.core.util.Context context)
The wrap algorithm
indicates the type of algorithm to use for wrapping the specified
key content. Possible values include:
RSA1_5
, RSA_OAEP
and RSA_OAEP_256
Code Samples
Wraps the key content. Subscribes to the call asynchronously and prints out the wrapped key details when a response has been received.
byte[] keyContent = new byte[100]; new Random(0x1234567L).nextBytes(keyContent); WrapResult keyWrapResponse = cryptographyClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyContent); System.out.printf("Received encypted key of length %d with algorithm %s", keyWrapResponse.getEncryptedKey().length, keyWrapResponse.getAlgorithm().toString(), new Context(key1, value1));
algorithm
- The encryption algorithm to use for wrapping the key.key
- The key content to be wrappedcontext
- Additional context that is passed through the Http pipeline during the service call.WrapResult
whose encrypted key
contains the wrapped
key result.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for wrap operation.UnsupportedOperationException
- if the wrap operation is not supported or configured on the key.NullPointerException
- if algorithm
or key
is null.public UnwrapResult unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey)
The wrap algorithm
indicates the type of algorithm to use for wrapping the specified
key content. Possible values for asymmetric keys include:
RSA1_5
, RSA_OAEP
and RSA_OAEP_256
.
Possible values for symmetric keys include: A128KW
, A192KW
and A256KW
Code Samples
Unwraps the key content. Subscribes to the call asynchronously and prints out the unwrapped key details when a response has been received.
UnwrapResult unwrapResult = cryptographyClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, encryptedKey); System.out.printf("Received key of length %d", unwrapResult.getKey().length);
algorithm
- The encryption algorithm to use for wrapping the key.encryptedKey
- The encrypted key content to unwrap.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for wrap operation.UnsupportedOperationException
- if the unwrap operation is not supported or configured on the key.NullPointerException
- if algorithm
or encryptedKey
is null.public UnwrapResult unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, com.azure.core.util.Context context)
The wrap algorithm
indicates the type of algorithm to use for wrapping the specified
key content. Possible values for asymmetric keys include:
RSA1_5
, RSA_OAEP
and RSA_OAEP_256
.
Possible values for symmetric keys include: A128KW
, A192KW
and A256KW
Code Samples
Unwraps the key content. Subscribes to the call asynchronously and prints out the unwrapped key details when a response has been received.
UnwrapResult keyUnwrapResponse = cryptographyClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, encryptedKey, new Context(key2, value2)); System.out.printf("Received key of length %d", keyUnwrapResponse.getKey().length);
algorithm
- The encryption algorithm to use for wrapping the key.encryptedKey
- The encrypted key content to unwrap.context
- Additional context that is passed through the Http pipeline during the service call.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for wrap operation.UnsupportedOperationException
- if the unwrap operation is not supported or configured on the key.NullPointerException
- if algorithm
or encryptedKey
is null.public SignResult signData(SignatureAlgorithm algorithm, byte[] data)
The signature algorithm
indicates the type of algorithm to use to create the
signature from the digest. Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Signs the raw data. Subscribes to the call asynchronously and prints out the signature details when a response has been received.
byte[] data = new byte[100]; new Random(0x1234567L).nextBytes(data); SignResult signResult = cryptographyClient.sign(SignatureAlgorithm.ES256, data); System.out.printf("Received signature of length %d with algorithm %s", signResult.getSignature().length);
algorithm
- The algorithm to use for signing.data
- The content from which signature is to be created.SignResult
whose signature
contains the created signature.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for signing.UnsupportedOperationException
- if the sign operation is not supported or configured on the key.NullPointerException
- if algorithm
or data
is null.public SignResult signData(SignatureAlgorithm algorithm, byte[] data, com.azure.core.util.Context context)
The signature algorithm
indicates the type of algorithm to use to create the
signature from the digest. Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Signs the raw data. Subscribes to the call asynchronously and prints out the signature details when a response has been received.
byte[] plainTextData = new byte[100]; new Random(0x1234567L).nextBytes(plainTextData); SignResult signReponse = cryptographyClient.sign(SignatureAlgorithm.ES256, plainTextData); System.out.printf("Received signature of length %d with algorithm %s", signReponse.getSignature().length, new Context(key1, value1));
algorithm
- The algorithm to use for signing.data
- The content from which signature is to be created.context
- Additional context that is passed through the Http pipeline during the service call.SignResult
whose signature
contains the created signature.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for signing.UnsupportedOperationException
- if the sign operation is not supported or configured on the key.NullPointerException
- if algorithm
or data
is null.public VerifyResult verifyData(SignatureAlgorithm algorithm, byte[] data, byte[] signature)
The signature algorithm
indicates the type of algorithm to use to create the
signature from the digest. Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Verifies the signature against the raw data. Subscribes to the call asynchronously and prints out the verification details when a response has been received.
VerifyResult verifyResult = cryptographyClient.verify(SignatureAlgorithm.ES256, data, signature); System.out.printf("Verification status %s", verifyResult.isValid());
algorithm
- The algorithm to use for signing.data
- The raw content against which signature is to be verified.signature
- The signature to be verified.Boolean
indicating the signature verification result.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for verifying.UnsupportedOperationException
- if the verify operation is not supported or configured on the key.NullPointerException
- if algorithm
, data
or signature
is null.public VerifyResult verifyData(SignatureAlgorithm algorithm, byte[] data, byte[] signature, com.azure.core.util.Context context)
The signature algorithm
indicates the type of algorithm to use to create the
signature from the digest. Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Verifies the signature against the raw data. Subscribes to the call asynchronously and prints out the verification details when a response has been received.
VerifyResult verifyResponse = cryptographyClient.verify(SignatureAlgorithm.ES256, data, signature); System.out.printf("Verification status %s", verifyResponse.isValid(), new Context(key2, value2));
algorithm
- The algorithm to use for signing.data
- The raw content against which signature is to be verified.signature
- The signature to be verified.context
- Additional context that is passed through the Http pipeline during the service call.Boolean
indicating the signature verification result.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for verifying.UnsupportedOperationException
- if the verify operation is not supported or configured on the key.NullPointerException
- if algorithm
, data
or signature
is null.Copyright © 2020 Microsoft Corporation. All rights reserved.