public class CryptographyClient extends Object
CryptographyClient
provides synchronous methods to perform cryptographic operations using asymmetric and
symmetric keys. The client supports encrypt, decrypt, wrap key, unwrap key, sign and verify operations using the
configured key.
Samples to construct the sync client
CryptographyClient cryptographyClient = new CryptographyClientBuilder() .keyIdentifier("<yourkeyid>") .credential(new DefaultAzureCredentialBuilder().build()) .buildClient();
JsonWebKey jsonWebKey = new JsonWebKey().setId("SampleJsonWebKey"); CryptographyClient cryptographyClient = new CryptographyClientBuilder() .jsonWebKey(jsonWebKey) .buildClient();
CryptographyClientBuilder
Modifier and Type  Method and Description 

DecryptResult 
decrypt(DecryptParameters decryptParameters,
com.azure.core.util.Context context)
Decrypts a single block of encrypted data using the configured key and specified algorithm.

DecryptResult 
decrypt(EncryptionAlgorithm algorithm,
byte[] ciphertext)
Decrypts a single block of encrypted data using the configured key and specified algorithm.

DecryptResult 
decrypt(EncryptionAlgorithm algorithm,
byte[] ciphertext,
com.azure.core.util.Context context)
Decrypts a single block of encrypted data using the configured key and specified algorithm.

EncryptResult 
encrypt(EncryptionAlgorithm algorithm,
byte[] plaintext)
Encrypts an arbitrary sequence of bytes using the configured key.

EncryptResult 
encrypt(EncryptionAlgorithm algorithm,
byte[] plaintext,
com.azure.core.util.Context context)
Encrypts an arbitrary sequence of bytes using the configured key.

EncryptResult 
encrypt(EncryptParameters encryptParameters,
com.azure.core.util.Context context)
Encrypts an arbitrary sequence of bytes using the configured key.

KeyVaultKey 
getKey()
Gets the public part of the configured key.

com.azure.core.http.rest.Response<KeyVaultKey> 
getKeyWithResponse(com.azure.core.util.Context context)
Gets the public part of the configured key.

SignResult 
sign(SignatureAlgorithm algorithm,
byte[] digest)
Creates a signature from a digest using the configured key.

SignResult 
sign(SignatureAlgorithm algorithm,
byte[] digest,
com.azure.core.util.Context context)
Creates a signature from a digest using the configured key.

SignResult 
signData(SignatureAlgorithm algorithm,
byte[] data)
Creates a signature from the raw data using the configured key.

SignResult 
signData(SignatureAlgorithm algorithm,
byte[] data,
com.azure.core.util.Context context)
Creates a signature from the raw data using the configured key.

UnwrapResult 
unwrapKey(KeyWrapAlgorithm algorithm,
byte[] encryptedKey)
Unwraps a symmetric key using the configured key that was initially used for wrapping that key.

UnwrapResult 
unwrapKey(KeyWrapAlgorithm algorithm,
byte[] encryptedKey,
com.azure.core.util.Context context)
Unwraps a symmetric key using the configured key that was initially used for wrapping that key.

VerifyResult 
verify(SignatureAlgorithm algorithm,
byte[] digest,
byte[] signature)
Verifies a signature using the configured key.

VerifyResult 
verify(SignatureAlgorithm algorithm,
byte[] digest,
byte[] signature,
com.azure.core.util.Context context)
Verifies a signature using the configured key.

VerifyResult 
verifyData(SignatureAlgorithm algorithm,
byte[] data,
byte[] signature)
Verifies a signature against the raw data using the configured key.

VerifyResult 
verifyData(SignatureAlgorithm algorithm,
byte[] data,
byte[] signature,
com.azure.core.util.Context context)
Verifies a signature against the raw data using the configured key.

WrapResult 
wrapKey(KeyWrapAlgorithm algorithm,
byte[] key)
Wraps a symmetric key using the configured key.

WrapResult 
wrapKey(KeyWrapAlgorithm algorithm,
byte[] key,
com.azure.core.util.Context context)
Wraps a symmetric key using the configured key.

public KeyVaultKey getKey()
keys/get
permission for nonlocal operations.
Code Samples
Gets the configured key in the client. Subscribes to the call asynchronously and prints out the returned key details when a response has been received.
KeyVaultKey key = cryptographyClient.getKey(); System.out.printf("Key returned with name: %s and id: %s.%n", key.getName(), key.getId());
public com.azure.core.http.rest.Response<KeyVaultKey> getKeyWithResponse(com.azure.core.util.Context context)
keys/get
permission for nonlocal operations.
Code Samples
Gets the configured key in the client. Subscribes to the call asynchronously and prints out the returned key details when a response has been received.
KeyVaultKey keyWithVersion = cryptographyClient.getKeyWithResponse(new Context("key1", "value1")).getValue(); System.out.printf("Key is returned with name: %s and id %s.%n", keyWithVersion.getName(), keyWithVersion.getId());
context
 Additional context that is passed through the HttpPipeline
during the service call.Mono
containing a Response
whose value
contains the
requested key
.com.azure.core.exception.ResourceNotFoundException
 When the configured key doesn't exist in the key vault.public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext)
keys/encrypt
permission
for nonlocal operations.
The encryption algorithm
indicates the type of algorithm to use for encrypting
the specified plaintext
. Possible values for asymmetric keys include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128CBC
,
A128CBCPAD
, A128CBCHS256
,
A128GCM
, A192CBC
,
A192CBCPAD
, A192CBCHS384
,
A192GCM
, A256CBC
,
A256CBPAD
, A256CBCHS512
and
A256GCM
.
Code Samples
Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when a response has been received.
byte[] plaintext = new byte[100]; new Random(0x1234567L).nextBytes(plaintext); EncryptResult encryptResult = cryptographyClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plaintext); System.out.printf("Received encrypted content of length: %d, with algorithm: %s.%n", encryptResult.getCipherText().length, encryptResult.getAlgorithm());
algorithm
 The algorithm to be used for encryption.plaintext
 The content to be encrypted.EncryptResult
whose cipher text
contains the encrypted
content.NullPointerException
 If algorithm
or plaintext
are null
.com.azure.core.exception.ResourceNotFoundException
 If the key cannot be found for encryption.UnsupportedOperationException
 If the encrypt operation is not supported or configured on the key.public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, com.azure.core.util.Context context)
keys/encrypt
permission
for nonlocal operations.
The encryption algorithm
indicates the type of algorithm to use for encrypting
the specified plaintext
. Possible values for asymmetric keys include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128CBC
,
A128CBCPAD
, A128CBCHS256
,
A128GCM
, A192CBC
,
A192CBCPAD
, A192CBCHS384
,
A192GCM
, A256CBC
,
A256CBPAD
, A256CBCHS512
and
A256GCM
.
Code Samples
Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when a response has been received.
byte[] plaintextToEncrypt = new byte[100]; new Random(0x1234567L).nextBytes(plaintextToEncrypt); EncryptResult encryptionResult = cryptographyClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plaintextToEncrypt, new Context("key1", "value1")); System.out.printf("Received encrypted content of length: %d, with algorithm: %s.%n", encryptionResult.getCipherText().length, encryptionResult.getAlgorithm());
algorithm
 The algorithm to be used for encryption.plaintext
 The content to be encrypted.context
 Additional context that is passed through the HttpPipeline
during the service call.EncryptResult
whose cipher text
contains the encrypted
content.NullPointerException
 If algorithm
or plaintext
are null
.com.azure.core.exception.ResourceNotFoundException
 If the key cannot be found for encryption.UnsupportedOperationException
 If the encrypt operation is not supported or configured on the key.public EncryptResult encrypt(EncryptParameters encryptParameters, com.azure.core.util.Context context)
keys/encrypt
permission
for nonlocal operations.
The encryption algorithm
indicates the type of algorithm to use for encrypting
the specified plaintext
. Possible values for asymmetric keys include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128CBC
,
A128CBCPAD
, A128CBCHS256
,
A128GCM
, A192CBC
,
A192CBCPAD
, A192CBCHS384
,
A192GCM
, A256CBC
,
A256CBPAD
, A256CBCHS512
and
A256GCM
.
Code Samples
Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when a response has been received.
byte[] myPlaintext = new byte[100]; new Random(0x1234567L).nextBytes(myPlaintext); byte[] iv = { (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd, (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04 }; EncryptParameters encryptParameters = EncryptParameters.createA128CbcParameters(myPlaintext, iv); EncryptResult encryptedResult = cryptographyClient.encrypt(encryptParameters, new Context("key1", "value1")); System.out.printf("Received encrypted content of length: %d, with algorithm: %s.%n", encryptedResult.getCipherText().length, encryptedResult.getAlgorithm());
encryptParameters
 The parameters to use in the encryption operation.context
 Additional context that is passed through the HttpPipeline
during the service call.EncryptResult
whose cipher text
contains the encrypted
content.NullPointerException
 If algorithm
or plaintext
are null
.com.azure.core.exception.ResourceNotFoundException
 If the key cannot be found for encryption.UnsupportedOperationException
 If the encrypt operation is not supported or configured on the key.public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext)
keys/decrypt
permission for nonlocal operations.
The encryption algorithm
indicates the type of algorithm to use for decrypting
the specified encrypted content. Possible values for asymmetric keys include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128CBC
,
A128CBCPAD
, A128CBCHS256
,
A128GCM
, A192CBC
,
A192CBCPAD
, A192CBCHS384
,
A192GCM
, A256CBC
,
A256CBPAD
, A256CBCHS512
and
A256GCM
.
Code Samples
Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content details when a response has been received.
byte[] ciphertext = new byte[100]; new Random(0x1234567L).nextBytes(ciphertext); DecryptResult decryptResult = cryptographyClient.decrypt(EncryptionAlgorithm.RSA_OAEP, ciphertext); System.out.printf("Received decrypted content of length: %d.%n", decryptResult.getPlainText().length);
algorithm
 The algorithm to be used for decryption.ciphertext
 The content to be decrypted.DecryptResult
whose plain text
contains the decrypted
content.NullPointerException
 If algorithm
or ciphertext
are null
.com.azure.core.exception.ResourceNotFoundException
 If the key cannot be found for decryption.UnsupportedOperationException
 If the decrypt operation is not supported or configured on the key.public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext, com.azure.core.util.Context context)
keys/decrypt
permission for nonlocal operations.
The encryption algorithm
indicates the type of algorithm to use for decrypting
the specified encrypted content. Possible values for asymmetric keys include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128CBC
,
A128CBCPAD
, A128CBCHS256
,
A128GCM
, A192CBC
,
A192CBCPAD
, A192CBCHS384
,
A192GCM
, A256CBC
,
A256CBPAD
, A256CBCHS512
and
A256GCM
.
Code Samples
Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content details when a response has been received.
byte[] ciphertextToDecrypt = new byte[100]; new Random(0x1234567L).nextBytes(ciphertextToDecrypt); DecryptResult decryptionResult = cryptographyClient.decrypt(EncryptionAlgorithm.RSA_OAEP, ciphertextToDecrypt, new Context("key1", "value1")); System.out.printf("Received decrypted content of length: %d.%n", decryptionResult.getPlainText().length);
algorithm
 The algorithm to be used for decryption.ciphertext
 The content to be decrypted.context
 Additional context that is passed through the HttpPipeline
during the service call.DecryptResult
whose plain text
contains the decrypted
content.NullPointerException
 If algorithm
or ciphertext
are null
.com.azure.core.exception.ResourceNotFoundException
 If the key cannot be found for decryption.UnsupportedOperationException
 If the decrypt operation is not supported or configured on the key.public DecryptResult decrypt(DecryptParameters decryptParameters, com.azure.core.util.Context context)
keys/decrypt
permission for nonlocal operations.
The encryption algorithm
indicates the type of algorithm to use for decrypting
the specified encrypted content. Possible values for asymmetric keys include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128CBC
,
A128CBCPAD
, A128CBCHS256
,
A128GCM
, A192CBC
,
A192CBCPAD
, A192CBCHS384
,
A192GCM
, A256CBC
,
A256CBPAD
, A256CBCHS512
and
A256GCM
.
Code Samples
Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content details when a response has been received.
byte[] myCiphertext = new byte[100]; new Random(0x1234567L).nextBytes(myCiphertext); byte[] iv = { (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd, (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04 }; DecryptParameters decryptParameters = DecryptParameters.createA128CbcParameters(myCiphertext, iv); DecryptResult decryptedResult = cryptographyClient.decrypt(decryptParameters, new Context("key1", "value1")); System.out.printf("Received decrypted content of length: %d.%n", decryptedResult.getPlainText().length);
decryptParameters
 The parameters to use in the decryption operation.context
 Additional context that is passed through the HttpPipeline
during the service call.DecryptResult
whose plain text
contains the decrypted
content.NullPointerException
 If algorithm
or ciphertext
are null
.com.azure.core.exception.ResourceNotFoundException
 If the key cannot be found for decryption.UnsupportedOperationException
 If the decrypt operation is not supported or configured on the key.public SignResult sign(SignatureAlgorithm algorithm, byte[] digest)
keys/sign
permission for nonlocal operations.
The signature algorithm
indicates the type of algorithm to use to create the
signature from the digest. Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Sings the digest. Subscribes to the call asynchronously and prints out the signature details when a response has been received.
byte[] data = new byte[100]; new Random(0x1234567L).nextBytes(data); MessageDigest md = MessageDigest.getInstance("SHA256"); md.update(data); byte[] digest = md.digest(); SignResult signResult = cryptographyClient.sign(SignatureAlgorithm.ES256, digest); System.out.printf("Received signature of length: %d, with algorithm: %s.%n", signResult.getSignature().length, signResult.getAlgorithm());
algorithm
 The algorithm to use for signing.digest
 The content from which signature is to be created.SignResult
whose signature
contains the created signature.NullPointerException
 If algorithm
or digest
is null
.com.azure.core.exception.ResourceNotFoundException
 If the key cannot be found for signing.UnsupportedOperationException
 If the sign operation is not supported or configured on the key.public SignResult sign(SignatureAlgorithm algorithm, byte[] digest, com.azure.core.util.Context context)
keys/sign
permission for nonlocal operations.
The signature algorithm
indicates the type of algorithm to use to create the
signature from the digest. Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Sings the digest. Subscribes to the call asynchronously and prints out the signature details when a response has been received.
byte[] dataToVerify = new byte[100]; new Random(0x1234567L).nextBytes(dataToVerify); MessageDigest myMessageDigest = MessageDigest.getInstance("SHA256"); myMessageDigest.update(dataToVerify); byte[] digestContent = myMessageDigest.digest(); SignResult signResponse = cryptographyClient.sign(SignatureAlgorithm.ES256, digestContent, new Context("key1", "value1")); System.out.printf("Received signature of length: %d, with algorithm: %s.%n", signResponse.getSignature().length, signResponse.getAlgorithm());
algorithm
 The algorithm to use for signing.digest
 The content from which signature is to be created.context
 Additional context that is passed through the HttpPipeline
during the service call.SignResult
whose signature
contains the created signature.NullPointerException
 If algorithm
or digest
is null
.com.azure.core.exception.ResourceNotFoundException
 If the key cannot be found for signing.UnsupportedOperationException
 If the sign operation is not supported or configured on the key.public VerifyResult verify(SignatureAlgorithm algorithm, byte[] digest, byte[] signature)
keys/verify
permission for nonlocal operations.
The signature algorithm
indicates the type of algorithm to use to verify the
signature. Possible values include: ES256
,
E384
, ES512
,
ES246K
, PS256
,
RS384
, RS512
,
RS256
, RS384
and
RS512
Code Samples
Verifies the signature against the specified digest. Subscribes to the call asynchronously and prints out the verification details when a response has been received.
byte[] myData = new byte[100]; new Random(0x1234567L).nextBytes(myData); MessageDigest messageDigest = MessageDigest.getInstance("SHA256"); messageDigest.update(myData); byte[] myDigest = messageDigest.digest(); // A signature can be obtained from the SignResult returned by the CryptographyClient.sign() operation. VerifyResult verifyResult = cryptographyClient.verify(SignatureAlgorithm.ES256, myDigest, signature); System.out.printf("Verification status: %s.%n", verifyResult.isValid());
algorithm
 The algorithm to use for signing.digest
 The content from which signature was created.signature
 The signature to be verified.VerifyResult
indicating the signature verification result
.com.azure.core.exception.ResourceNotFoundException
 if the key cannot be found for verifying.UnsupportedOperationException
 if the verify operation is not supported or configured on the key.NullPointerException
 if algorithm
, digest
or signature
is null.public VerifyResult verify(SignatureAlgorithm algorithm, byte[] digest, byte[] signature, com.azure.core.util.Context context)
keys/verify
permission for nonlocal operations.
The signature algorithm
indicates the type of algorithm to use to verify the
signature. Possible values include: ES256
,
E384
, ES512
,
ES246K
, PS256
,
RS384
, RS512
,
RS256
, RS384
and
RS512
Code Samples
Verifies the signature against the specified digest. Subscribes to the call asynchronously and prints out the verification details when a response has been received.
byte[] dataBytes = new byte[100]; new Random(0x1234567L).nextBytes(dataBytes); MessageDigest msgDigest = MessageDigest.getInstance("SHA256"); msgDigest.update(dataBytes); byte[] digestBytes = msgDigest.digest(); // A signature can be obtained from the SignResult returned by the CryptographyClient.sign() operation. VerifyResult verifyResponse = cryptographyClient.verify(SignatureAlgorithm.ES256, digestBytes, signatureBytes, new Context("key1", "value1")); System.out.printf("Verification status: %s.%n", verifyResponse.isValid());
algorithm
 The algorithm to use for signing.digest
 The content from which signature was created.signature
 The signature to be verified.context
 Additional context that is passed through the HttpPipeline
during the service call.VerifyResult
indicating the signature verification result
.NullPointerException
 If algorithm
, digest
or signature
is null
.com.azure.core.exception.ResourceNotFoundException
 If the key cannot be found for verifying.UnsupportedOperationException
 If the verify operation is not supported or configured on the key.public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key)
keys/wrapKey
permission for nonlocal
operations.
The wrap algorithm
indicates the type of algorithm to use for wrapping the specified
key content. Possible values include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128KW
,
A192KW
and A256KW
.
Code Samples
Wraps the key content. Subscribes to the call asynchronously and prints out the wrapped key details when a response has been received.
byte[] key = new byte[100]; new Random(0x1234567L).nextBytes(key); WrapResult wrapResult = cryptographyClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, key); System.out.printf("Received encrypted key of length: %d, with algorithm: %s.%n", wrapResult.getEncryptedKey().length, wrapResult.getAlgorithm());
algorithm
 The encryption algorithm to use for wrapping the key.key
 The key content to be wrapped.WrapResult
whose encrypted key
contains the wrapped
key result.NullPointerException
 If algorithm
or key
are null
.com.azure.core.exception.ResourceNotFoundException
 If the key cannot be found for encryption.UnsupportedOperationException
 If the wrap operation is not supported or configured on the key.public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key, com.azure.core.util.Context context)
keys/wrapKey
permission for nonlocal
operations.
The wrap algorithm
indicates the type of algorithm to use for wrapping the specified
key content. Possible values include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128KW
,
A192KW
and A256KW
.
Code Samples
Wraps the key content. Subscribes to the call asynchronously and prints out the wrapped key details when a response has been received.
byte[] keyToWrap = new byte[100]; new Random(0x1234567L).nextBytes(keyToWrap); WrapResult keyWrapResult = cryptographyClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyToWrap, new Context("key1", "value1")); System.out.printf("Received encrypted key of length: %d, with algorithm: %s.%n", keyWrapResult.getEncryptedKey().length, keyWrapResult.getAlgorithm());
algorithm
 The encryption algorithm to use for wrapping the key.key
 The key content to be wrapped.context
 Additional context that is passed through the HttpPipeline
during the service call.WrapResult
whose encrypted key
contains the wrapped
key result.NullPointerException
 If algorithm
or key
are null
.com.azure.core.exception.ResourceNotFoundException
 If the key cannot be found for encryption.UnsupportedOperationException
 If the wrap operation is not supported or configured on the key.public UnwrapResult unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey)
keys/unwrapKey
permission for nonlocal operations.
The wrap algorithm
indicates the type of algorithm to use for unwrapping the
specified encrypted key content. Possible values for asymmetric keys include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128KW
,
A192KW
and A256KW
.
Code Samples
Unwraps the key content. Subscribes to the call asynchronously and prints out the unwrapped key details when a response has been received.
byte[] keyContent = new byte[100]; new Random(0x1234567L).nextBytes(keyContent); WrapResult wrapKeyResult = cryptographyClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyContent, new Context("key1", "value1")); UnwrapResult unwrapResult = cryptographyClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, wrapKeyResult.getEncryptedKey()); System.out.printf("Received key of length %d", unwrapResult.getKey().length);
algorithm
 The encryption algorithm to use for wrapping the key.encryptedKey
 The encrypted key content to unwrap.UnwrapResult
whose decrypted key
contains the unwrapped key
result.NullPointerException
 If algorithm
or encryptedKey
are null
.com.azure.core.exception.ResourceNotFoundException
 If the key cannot be found for wrap operation.UnsupportedOperationException
 If the unwrap operation is not supported or configured on the key.public UnwrapResult unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, com.azure.core.util.Context context)
keys/unwrapKey
permission for nonlocal operations.
The wrap algorithm
indicates the type of algorithm to use for unwrapping the
specified encrypted key content. Possible values for asymmetric keys include:
RSA1_5
, RSA_OAEP
and
RSA_OAEP_256
.
Possible values for symmetric keys include: A128KW
,
A192KW
and A256KW
.
Code Samples
Unwraps the key content. Subscribes to the call asynchronously and prints out the unwrapped key details when a response has been received.
byte[] keyContentToWrap = new byte[100]; new Random(0x1234567L).nextBytes(keyContentToWrap); Context context = new Context("key1", "value1"); WrapResult wrapKeyContentResult = cryptographyClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyContentToWrap, context); UnwrapResult unwrapKeyResponse = cryptographyClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, wrapKeyContentResult.getEncryptedKey(), context); System.out.printf("Received key of length %d", unwrapKeyResponse.getKey().length);
algorithm
 The encryption algorithm to use for wrapping the key.encryptedKey
 The encrypted key content to unwrap.context
 Additional context that is passed through the HttpPipeline
during the service call.UnwrapResult
whose decrypted key
contains the unwrapped key
result.NullPointerException
 If algorithm
or encryptedKey
are null
.com.azure.core.exception.ResourceNotFoundException
 If the key cannot be found for wrap operation.UnsupportedOperationException
 If the unwrap operation is not supported or configured on the key.public SignResult signData(SignatureAlgorithm algorithm, byte[] data)
keys/sign
permission for nonlocal operations.
The signature algorithm
indicates the type of algorithm to use to sign the digest.
Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Signs the raw data. Subscribes to the call asynchronously and prints out the signature details when a response has been received.
byte[] data = new byte[100]; new Random(0x1234567L).nextBytes(data); SignResult signResult = cryptographyClient.sign(SignatureAlgorithm.ES256, data); System.out.printf("Received signature of length: %d, with algorithm: %s.%n", signResult.getSignature().length, signResult.getAlgorithm());
algorithm
 The algorithm to use for signing.data
 The content from which signature is to be created.SignResult
whose signature
contains the created signature.NullPointerException
 if algorithm
or data
is null.com.azure.core.exception.ResourceNotFoundException
 if the key cannot be found for signing.UnsupportedOperationException
 if the sign operation is not supported or configured on the key.public SignResult signData(SignatureAlgorithm algorithm, byte[] data, com.azure.core.util.Context context)
keys/sign
permission for nonlocal operations.
The signature algorithm
indicates the type of algorithm to use to sign the digest.
Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Signs the raw data. Subscribes to the call asynchronously and prints out the signature details when a response has been received.
byte[] plainTextData = new byte[100]; new Random(0x1234567L).nextBytes(plainTextData); SignResult signingResult = cryptographyClient.sign(SignatureAlgorithm.ES256, plainTextData); System.out.printf("Received signature of length: %d, with algorithm: %s.%n", signingResult.getSignature().length, new Context("key1", "value1"));
algorithm
 The algorithm to use for signing.data
 The content from which signature is to be created.context
 Additional context that is passed through the HttpPipeline
during the service call.SignResult
whose signature
contains the created signature.NullPointerException
 if algorithm
or data
is null.com.azure.core.exception.ResourceNotFoundException
 if the key cannot be found for signing.UnsupportedOperationException
 if the sign operation is not supported or configured on the key.public VerifyResult verifyData(SignatureAlgorithm algorithm, byte[] data, byte[] signature)
keys/verify
permission for nonlocal operations.
The signature algorithm
indicates the type of algorithm to use to verify the
signature. Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Verifies the signature against the raw data. Subscribes to the call asynchronously and prints out the verification details when a response has been received.
byte[] myData = new byte[100]; new Random(0x1234567L).nextBytes(myData); // A signature can be obtained from the SignResult returned by the CryptographyClient.sign() operation. VerifyResult verifyResult = cryptographyClient.verify(SignatureAlgorithm.ES256, myData, signature); System.out.printf("Verification status: %s.%n", verifyResult.isValid());
algorithm
 The algorithm to use for signing.data
 The raw content against which signature is to be verified.signature
 The signature to be verified.VerifyResult
indicating the signature verification result
.com.azure.core.exception.ResourceNotFoundException
 if the key cannot be found for verifying.UnsupportedOperationException
 if the verify operation is not supported or configured on the key.NullPointerException
 if algorithm
, data
or signature
is null.public VerifyResult verifyData(SignatureAlgorithm algorithm, byte[] data, byte[] signature, com.azure.core.util.Context context)
keys/verify
permission for nonlocal operations.
The signature algorithm
indicates the type of algorithm to use to verify the
signature. Possible values include:
ES256
, E384
,
ES512
, ES246K
,
PS256
, RS384
,
RS512
, RS256
,
RS384
and RS512
Code Samples
Verifies the signature against the raw data. Subscribes to the call asynchronously and prints out the verification details when a response has been received.
byte[] dataToVerify = new byte[100]; new Random(0x1234567L).nextBytes(dataToVerify); // A signature can be obtained from the SignResult returned by the CryptographyClient.sign() operation. VerifyResult verificationResult = cryptographyClient.verify(SignatureAlgorithm.ES256, dataToVerify, mySignature, new Context("key1", "value1")); System.out.printf("Verification status: %s.%n", verificationResult.isValid());
algorithm
 The algorithm to use for signing.data
 The raw content against which signature is to be verified.signature
 The signature to be verified.context
 Additional context that is passed through the HttpPipeline
during the service call.VerifyResult
indicating the signature verification result
.NullPointerException
 if algorithm
, data
or signature
is null.com.azure.core.exception.ResourceNotFoundException
 if the key cannot be found for verifying.UnsupportedOperationException
 if the verify operation is not supported or configured on the key.Visit the Azure for Java Developers site for more Java documentation, including quick starts, tutorials, and code samples.