Class CryptographyClient
- java.lang.Object
-
- com.azure.security.keyvault.keys.cryptography.CryptographyClient
-
public class CryptographyClient extends Object
TheCryptographyClient
provides synchronous methods to perform cryptographic operations using asymmetric and symmetric keys. The client supports encrypt, decrypt, wrap key, unwrap key, sign and verify operations using the configured key.Samples to construct the sync client
CryptographyClient cryptographyClient = new CryptographyClientBuilder() .keyIdentifier("<your-key-id>") .credential(new DefaultAzureCredentialBuilder().build()) .buildClient();
JsonWebKey jsonWebKey = new JsonWebKey().setId("SampleJsonWebKey"); CryptographyClient cryptographyClient = new CryptographyClientBuilder() .jsonWebKey(jsonWebKey) .buildClient();
- See Also:
CryptographyClientBuilder
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description DecryptResult
decrypt(DecryptParameters decryptParameters, com.azure.core.util.Context context)
Decrypts a single block of encrypted data using the configured key and specified algorithm.DecryptResult
decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext)
Decrypts a single block of encrypted data using the configured key and specified algorithm.DecryptResult
decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext, com.azure.core.util.Context context)
Decrypts a single block of encrypted data using the configured key and specified algorithm.EncryptResult
encrypt(EncryptionAlgorithm algorithm, byte[] plaintext)
Encrypts an arbitrary sequence of bytes using the configured key.EncryptResult
encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, com.azure.core.util.Context context)
Encrypts an arbitrary sequence of bytes using the configured key.EncryptResult
encrypt(EncryptParameters encryptParameters, com.azure.core.util.Context context)
Encrypts an arbitrary sequence of bytes using the configured key.KeyVaultKey
getKey()
Gets the public part of the configured key.com.azure.core.http.rest.Response<KeyVaultKey>
getKeyWithResponse(com.azure.core.util.Context context)
Gets the public part of the configured key.SignResult
sign(SignatureAlgorithm algorithm, byte[] digest)
Creates a signature from a digest using the configured key.SignResult
sign(SignatureAlgorithm algorithm, byte[] digest, com.azure.core.util.Context context)
Creates a signature from a digest using the configured key.SignResult
signData(SignatureAlgorithm algorithm, byte[] data)
Creates a signature from the raw data using the configured key.SignResult
signData(SignatureAlgorithm algorithm, byte[] data, com.azure.core.util.Context context)
Creates a signature from the raw data using the configured key.UnwrapResult
unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey)
Unwraps a symmetric key using the configured key that was initially used for wrapping that key.UnwrapResult
unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, com.azure.core.util.Context context)
Unwraps a symmetric key using the configured key that was initially used for wrapping that key.VerifyResult
verify(SignatureAlgorithm algorithm, byte[] digest, byte[] signature)
Verifies a signature using the configured key.VerifyResult
verify(SignatureAlgorithm algorithm, byte[] digest, byte[] signature, com.azure.core.util.Context context)
Verifies a signature using the configured key.VerifyResult
verifyData(SignatureAlgorithm algorithm, byte[] data, byte[] signature)
Verifies a signature against the raw data using the configured key.VerifyResult
verifyData(SignatureAlgorithm algorithm, byte[] data, byte[] signature, com.azure.core.util.Context context)
Verifies a signature against the raw data using the configured key.WrapResult
wrapKey(KeyWrapAlgorithm algorithm, byte[] key)
Wraps a symmetric key using the configured key.WrapResult
wrapKey(KeyWrapAlgorithm algorithm, byte[] key, com.azure.core.util.Context context)
Wraps a symmetric key using the configured key.
-
-
-
Method Detail
-
getKey
public KeyVaultKey getKey()
Gets the public part of the configured key. The get key operation is applicable to all key types and it requires thekeys/get
permission for non-local operations.Code Samples
Gets the configured key in the client. Subscribes to the call asynchronously and prints out the returned key details when a response has been received.
KeyVaultKey key = cryptographyClient.getKey(); System.out.printf("Key returned with name: %s and id: %s.%n", key.getName(), key.getId());
-
getKeyWithResponse
public com.azure.core.http.rest.Response<KeyVaultKey> getKeyWithResponse(com.azure.core.util.Context context)
Gets the public part of the configured key. The get key operation is applicable to all key types and it requires thekeys/get
permission for non-local operations.Code Samples
Gets the configured key in the client. Subscribes to the call asynchronously and prints out the returned key details when a response has been received.
KeyVaultKey keyWithVersion = cryptographyClient.getKeyWithResponse(new Context("key1", "value1")).getValue(); System.out.printf("Key is returned with name: %s and id %s.%n", keyWithVersion.getName(), keyWithVersion.getId());
- Parameters:
context
- Additional context that is passed through theHttpPipeline
during the service call.- Returns:
- A
Mono
containing aResponse
whosevalue
contains the requestedkey
. - Throws:
com.azure.core.exception.ResourceNotFoundException
- When the configured key doesn't exist in the key vault.
-
encrypt
public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext)
Encrypts an arbitrary sequence of bytes using the configured key. Note that the encrypt operation only supports a single block of data, the size of which is dependent on the target key and the encryption algorithm to be used. The encrypt operation is supported for both symmetric keys and asymmetric keys. In case of asymmetric keys, the public portion of the key is used for encryption. This operation requires thekeys/encrypt
permission for non-local operations.The
encryption algorithm
indicates the type of algorithm to use for encrypting the specifiedplaintext
. Possible values for asymmetric keys include:RSA1_5
,RSA_OAEP
andRSA_OAEP_256
. Possible values for symmetric keys include:A128CBC
,A128CBCPAD
,A128CBC-HS256
,A128GCM
,A192CBC
,A192CBCPAD
,A192CBC-HS384
,A192GCM
,A256CBC
,A256CBPAD
,A256CBC-HS512
andA256GCM
.Code Samples
Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when a response has been received.
byte[] plaintext = new byte[100]; new Random(0x1234567L).nextBytes(plaintext); EncryptResult encryptResult = cryptographyClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plaintext); System.out.printf("Received encrypted content of length: %d, with algorithm: %s.%n", encryptResult.getCipherText().length, encryptResult.getAlgorithm());
- Parameters:
algorithm
- The algorithm to be used for encryption.plaintext
- The content to be encrypted.- Returns:
- The
EncryptResult
whosecipher text
contains the encrypted content. - Throws:
NullPointerException
- Ifalgorithm
orplaintext
arenull
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for encryption.UnsupportedOperationException
- If the encrypt operation is not supported or configured on the key.
-
encrypt
public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, com.azure.core.util.Context context)
Encrypts an arbitrary sequence of bytes using the configured key. Note that the encrypt operation only supports a single block of data, the size of which is dependent on the target key and the encryption algorithm to be used. The encrypt operation is supported for both symmetric keys and asymmetric keys. In case of asymmetric keys, the public portion of the key is used for encryption. This operation requires thekeys/encrypt
permission for non-local operations.The
encryption algorithm
indicates the type of algorithm to use for encrypting the specifiedplaintext
. Possible values for asymmetric keys include:RSA1_5
,RSA_OAEP
andRSA_OAEP_256
. Possible values for symmetric keys include:A128CBC
,A128CBCPAD
,A128CBC-HS256
,A128GCM
,A192CBC
,A192CBCPAD
,A192CBC-HS384
,A192GCM
,A256CBC
,A256CBPAD
,A256CBC-HS512
andA256GCM
.Code Samples
Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when a response has been received.
byte[] plaintextToEncrypt = new byte[100]; new Random(0x1234567L).nextBytes(plaintextToEncrypt); EncryptResult encryptionResult = cryptographyClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plaintextToEncrypt, new Context("key1", "value1")); System.out.printf("Received encrypted content of length: %d, with algorithm: %s.%n", encryptionResult.getCipherText().length, encryptionResult.getAlgorithm());
- Parameters:
algorithm
- The algorithm to be used for encryption.plaintext
- The content to be encrypted.context
- Additional context that is passed through theHttpPipeline
during the service call.- Returns:
- The
EncryptResult
whosecipher text
contains the encrypted content. - Throws:
NullPointerException
- Ifalgorithm
orplaintext
arenull
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for encryption.UnsupportedOperationException
- If the encrypt operation is not supported or configured on the key.
-
encrypt
public EncryptResult encrypt(EncryptParameters encryptParameters, com.azure.core.util.Context context)
Encrypts an arbitrary sequence of bytes using the configured key. Note that the encrypt operation only supports a single block of data, the size of which is dependent on the target key and the encryption algorithm to be used. The encrypt operation is supported for both symmetric keys and asymmetric keys. In case of asymmetric keys, the public portion of the key is used for encryption. This operation requires thekeys/encrypt
permission for non-local operations.The
encryption algorithm
indicates the type of algorithm to use for encrypting the specifiedplaintext
. Possible values for asymmetric keys include:RSA1_5
,RSA_OAEP
andRSA_OAEP_256
. Possible values for symmetric keys include:A128CBC
,A128CBCPAD
,A128CBC-HS256
,A128GCM
,A192CBC
,A192CBCPAD
,A192CBC-HS384
,A192GCM
,A256CBC
,A256CBPAD
,A256CBC-HS512
andA256GCM
.Code Samples
Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when a response has been received.
byte[] myPlaintext = new byte[100]; new Random(0x1234567L).nextBytes(myPlaintext); byte[] iv = { (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd, (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04 }; EncryptParameters encryptParameters = EncryptParameters.createA128CbcParameters(myPlaintext, iv); EncryptResult encryptedResult = cryptographyClient.encrypt(encryptParameters, new Context("key1", "value1")); System.out.printf("Received encrypted content of length: %d, with algorithm: %s.%n", encryptedResult.getCipherText().length, encryptedResult.getAlgorithm());
- Parameters:
encryptParameters
- The parameters to use in the encryption operation.context
- Additional context that is passed through theHttpPipeline
during the service call.- Returns:
- The
EncryptResult
whosecipher text
contains the encrypted content. - Throws:
NullPointerException
- Ifalgorithm
orplaintext
arenull
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for encryption.UnsupportedOperationException
- If the encrypt operation is not supported or configured on the key.
-
decrypt
public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext)
Decrypts a single block of encrypted data using the configured key and specified algorithm. Note that only a single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to be used. The decrypt operation is supported for both asymmetric and symmetric keys. This operation requires thekeys/decrypt
permission for non-local operations.The
encryption algorithm
indicates the type of algorithm to use for decrypting the specified encrypted content. Possible values for asymmetric keys include:RSA1_5
,RSA_OAEP
andRSA_OAEP_256
. Possible values for symmetric keys include:A128CBC
,A128CBCPAD
,A128CBC-HS256
,A128GCM
,A192CBC
,A192CBCPAD
,A192CBC-HS384
,A192GCM
,A256CBC
,A256CBPAD
,A256CBC-HS512
andA256GCM
.Code Samples
Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content details when a response has been received.
byte[] ciphertext = new byte[100]; new Random(0x1234567L).nextBytes(ciphertext); DecryptResult decryptResult = cryptographyClient.decrypt(EncryptionAlgorithm.RSA_OAEP, ciphertext); System.out.printf("Received decrypted content of length: %d.%n", decryptResult.getPlainText().length);
- Parameters:
algorithm
- The algorithm to be used for decryption.ciphertext
- The content to be decrypted.- Returns:
- The
DecryptResult
whoseplain text
contains the decrypted content. - Throws:
NullPointerException
- Ifalgorithm
orciphertext
arenull
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for decryption.UnsupportedOperationException
- If the decrypt operation is not supported or configured on the key.
-
decrypt
public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext, com.azure.core.util.Context context)
Decrypts a single block of encrypted data using the configured key and specified algorithm. Note that only a single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to be used. The decrypt operation is supported for both asymmetric and symmetric keys. This operation requires thekeys/decrypt
permission for non-local operations.The
encryption algorithm
indicates the type of algorithm to use for decrypting the specified encrypted content. Possible values for asymmetric keys include:RSA1_5
,RSA_OAEP
andRSA_OAEP_256
. Possible values for symmetric keys include:A128CBC
,A128CBCPAD
,A128CBC-HS256
,A128GCM
,A192CBC
,A192CBCPAD
,A192CBC-HS384
,A192GCM
,A256CBC
,A256CBPAD
,A256CBC-HS512
andA256GCM
.Code Samples
Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content details when a response has been received.
byte[] ciphertextToDecrypt = new byte[100]; new Random(0x1234567L).nextBytes(ciphertextToDecrypt); DecryptResult decryptionResult = cryptographyClient.decrypt(EncryptionAlgorithm.RSA_OAEP, ciphertextToDecrypt, new Context("key1", "value1")); System.out.printf("Received decrypted content of length: %d.%n", decryptionResult.getPlainText().length);
- Parameters:
algorithm
- The algorithm to be used for decryption.ciphertext
- The content to be decrypted.context
- Additional context that is passed through theHttpPipeline
during the service call.- Returns:
- The
DecryptResult
whoseplain text
contains the decrypted content. - Throws:
NullPointerException
- Ifalgorithm
orciphertext
arenull
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for decryption.UnsupportedOperationException
- If the decrypt operation is not supported or configured on the key.
-
decrypt
public DecryptResult decrypt(DecryptParameters decryptParameters, com.azure.core.util.Context context)
Decrypts a single block of encrypted data using the configured key and specified algorithm. Note that only a single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to be used. The decrypt operation is supported for both asymmetric and symmetric keys. This operation requires thekeys/decrypt
permission for non-local operations.The
encryption algorithm
indicates the type of algorithm to use for decrypting the specified encrypted content. Possible values for asymmetric keys include:RSA1_5
,RSA_OAEP
andRSA_OAEP_256
. Possible values for symmetric keys include:A128CBC
,A128CBCPAD
,A128CBC-HS256
,A128GCM
,A192CBC
,A192CBCPAD
,A192CBC-HS384
,A192GCM
,A256CBC
,A256CBPAD
,A256CBC-HS512
andA256GCM
.Code Samples
Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content details when a response has been received.
byte[] myCiphertext = new byte[100]; new Random(0x1234567L).nextBytes(myCiphertext); byte[] iv = { (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd, (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04 }; DecryptParameters decryptParameters = DecryptParameters.createA128CbcParameters(myCiphertext, iv); DecryptResult decryptedResult = cryptographyClient.decrypt(decryptParameters, new Context("key1", "value1")); System.out.printf("Received decrypted content of length: %d.%n", decryptedResult.getPlainText().length);
- Parameters:
decryptParameters
- The parameters to use in the decryption operation.context
- Additional context that is passed through theHttpPipeline
during the service call.- Returns:
- The
DecryptResult
whoseplain text
contains the decrypted content. - Throws:
NullPointerException
- Ifalgorithm
orciphertext
arenull
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for decryption.UnsupportedOperationException
- If the decrypt operation is not supported or configured on the key.
-
sign
public SignResult sign(SignatureAlgorithm algorithm, byte[] digest)
Creates a signature from a digest using the configured key. The sign operation supports both asymmetric and symmetric keys. This operation requires thekeys/sign
permission for non-local operations.The
signature algorithm
indicates the type of algorithm to use to create the signature from the digest. Possible values include:ES256
,E384
,ES512
,ES246K
,PS256
,RS384
,RS512
,RS256
,RS384
andRS512
Code Samples
Sings the digest. Subscribes to the call asynchronously and prints out the signature details when a response has been received.
byte[] data = new byte[100]; new Random(0x1234567L).nextBytes(data); MessageDigest md = MessageDigest.getInstance("SHA-256"); md.update(data); byte[] digest = md.digest(); SignResult signResult = cryptographyClient.sign(SignatureAlgorithm.ES256, digest); System.out.printf("Received signature of length: %d, with algorithm: %s.%n", signResult.getSignature().length, signResult.getAlgorithm());
- Parameters:
algorithm
- The algorithm to use for signing.digest
- The content from which signature is to be created.- Returns:
- A
SignResult
whosesignature
contains the created signature. - Throws:
NullPointerException
- Ifalgorithm
ordigest
isnull
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for signing.UnsupportedOperationException
- If the sign operation is not supported or configured on the key.
-
sign
public SignResult sign(SignatureAlgorithm algorithm, byte[] digest, com.azure.core.util.Context context)
Creates a signature from a digest using the configured key. The sign operation supports both asymmetric and symmetric keys. This operation requires thekeys/sign
permission for non-local operations.The
signature algorithm
indicates the type of algorithm to use to create the signature from the digest. Possible values include:ES256
,E384
,ES512
,ES246K
,PS256
,RS384
,RS512
,RS256
,RS384
andRS512
Code Samples
Sings the digest. Subscribes to the call asynchronously and prints out the signature details when a response has been received.
byte[] dataToVerify = new byte[100]; new Random(0x1234567L).nextBytes(dataToVerify); MessageDigest myMessageDigest = MessageDigest.getInstance("SHA-256"); myMessageDigest.update(dataToVerify); byte[] digestContent = myMessageDigest.digest(); SignResult signResponse = cryptographyClient.sign(SignatureAlgorithm.ES256, digestContent, new Context("key1", "value1")); System.out.printf("Received signature of length: %d, with algorithm: %s.%n", signResponse.getSignature().length, signResponse.getAlgorithm());
- Parameters:
algorithm
- The algorithm to use for signing.digest
- The content from which signature is to be created.context
- Additional context that is passed through theHttpPipeline
during the service call.- Returns:
- A
SignResult
whosesignature
contains the created signature. - Throws:
NullPointerException
- Ifalgorithm
ordigest
isnull
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for signing.UnsupportedOperationException
- If the sign operation is not supported or configured on the key.
-
verify
public VerifyResult verify(SignatureAlgorithm algorithm, byte[] digest, byte[] signature)
Verifies a signature using the configured key. The verify operation supports both symmetric keys and asymmetric keys. In case of asymmetric keys public portion of the key is used to verify the signature. This operation requires thekeys/verify
permission for non-local operations.The
signature algorithm
indicates the type of algorithm to use to verify the signature. Possible values include:ES256
,E384
,ES512
,ES246K
,PS256
,RS384
,RS512
,RS256
,RS384
andRS512
Code Samples
Verifies the signature against the specified digest. Subscribes to the call asynchronously and prints out the verification details when a response has been received.
byte[] myData = new byte[100]; new Random(0x1234567L).nextBytes(myData); MessageDigest messageDigest = MessageDigest.getInstance("SHA-256"); messageDigest.update(myData); byte[] myDigest = messageDigest.digest(); // A signature can be obtained from the SignResult returned by the CryptographyClient.sign() operation. VerifyResult verifyResult = cryptographyClient.verify(SignatureAlgorithm.ES256, myDigest, signature); System.out.printf("Verification status: %s.%n", verifyResult.isValid());
- Parameters:
algorithm
- The algorithm to use for signing.digest
- The content from which signature was created.signature
- The signature to be verified.- Returns:
- A
VerifyResult
indicating the signature verification result
. - Throws:
com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for verifying.UnsupportedOperationException
- if the verify operation is not supported or configured on the key.NullPointerException
- ifalgorithm
,digest
orsignature
is null.
-
verify
public VerifyResult verify(SignatureAlgorithm algorithm, byte[] digest, byte[] signature, com.azure.core.util.Context context)
Verifies a signature using the configured key. The verify operation supports both symmetric keys and asymmetric keys. In case of asymmetric keys public portion of the key is used to verify the signature. This operation requires thekeys/verify
permission for non-local operations.The
signature algorithm
indicates the type of algorithm to use to verify the signature. Possible values include:ES256
,E384
,ES512
,ES246K
,PS256
,RS384
,RS512
,RS256
,RS384
andRS512
Code Samples
Verifies the signature against the specified digest. Subscribes to the call asynchronously and prints out the verification details when a response has been received.
byte[] dataBytes = new byte[100]; new Random(0x1234567L).nextBytes(dataBytes); MessageDigest msgDigest = MessageDigest.getInstance("SHA-256"); msgDigest.update(dataBytes); byte[] digestBytes = msgDigest.digest(); // A signature can be obtained from the SignResult returned by the CryptographyClient.sign() operation. VerifyResult verifyResponse = cryptographyClient.verify(SignatureAlgorithm.ES256, digestBytes, signatureBytes, new Context("key1", "value1")); System.out.printf("Verification status: %s.%n", verifyResponse.isValid());
- Parameters:
algorithm
- The algorithm to use for signing.digest
- The content from which signature was created.signature
- The signature to be verified.context
- Additional context that is passed through theHttpPipeline
during the service call.- Returns:
- A
VerifyResult
indicating the signature verification result
. - Throws:
NullPointerException
- Ifalgorithm
,digest
orsignature
isnull
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for verifying.UnsupportedOperationException
- If the verify operation is not supported or configured on the key.
-
wrapKey
public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key)
Wraps a symmetric key using the configured key. The wrap operation supports wrapping a symmetric key with both symmetric and asymmetric keys. This operation requires thekeys/wrapKey
permission for non-local operations.The
wrap algorithm
indicates the type of algorithm to use for wrapping the specified key content. Possible values include:RSA1_5
,RSA_OAEP
andRSA_OAEP_256
. Possible values for symmetric keys include:A128KW
,A192KW
andA256KW
.Code Samples
Wraps the key content. Subscribes to the call asynchronously and prints out the wrapped key details when a response has been received.
byte[] key = new byte[100]; new Random(0x1234567L).nextBytes(key); WrapResult wrapResult = cryptographyClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, key); System.out.printf("Received encrypted key of length: %d, with algorithm: %s.%n", wrapResult.getEncryptedKey().length, wrapResult.getAlgorithm());
- Parameters:
algorithm
- The encryption algorithm to use for wrapping the key.key
- The key content to be wrapped.- Returns:
- The
WrapResult
whoseencrypted key
contains the wrapped key result. - Throws:
NullPointerException
- Ifalgorithm
orkey
arenull
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for encryption.UnsupportedOperationException
- If the wrap operation is not supported or configured on the key.
-
wrapKey
public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key, com.azure.core.util.Context context)
Wraps a symmetric key using the configured key. The wrap operation supports wrapping a symmetric key with both symmetric and asymmetric keys. This operation requires thekeys/wrapKey
permission for non-local operations.The
wrap algorithm
indicates the type of algorithm to use for wrapping the specified key content. Possible values include:RSA1_5
,RSA_OAEP
andRSA_OAEP_256
. Possible values for symmetric keys include:A128KW
,A192KW
andA256KW
.Code Samples
Wraps the key content. Subscribes to the call asynchronously and prints out the wrapped key details when a response has been received.
byte[] keyToWrap = new byte[100]; new Random(0x1234567L).nextBytes(keyToWrap); WrapResult keyWrapResult = cryptographyClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyToWrap, new Context("key1", "value1")); System.out.printf("Received encrypted key of length: %d, with algorithm: %s.%n", keyWrapResult.getEncryptedKey().length, keyWrapResult.getAlgorithm());
- Parameters:
algorithm
- The encryption algorithm to use for wrapping the key.key
- The key content to be wrapped.context
- Additional context that is passed through theHttpPipeline
during the service call.- Returns:
- The
WrapResult
whoseencrypted key
contains the wrapped key result. - Throws:
NullPointerException
- Ifalgorithm
orkey
arenull
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for encryption.UnsupportedOperationException
- If the wrap operation is not supported or configured on the key.
-
unwrapKey
public UnwrapResult unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey)
Unwraps a symmetric key using the configured key that was initially used for wrapping that key. This operation is the reverse of the wrap operation. The unwrap operation supports asymmetric and symmetric keys to unwrap. This operation requires thekeys/unwrapKey
permission for non-local operations.The
wrap algorithm
indicates the type of algorithm to use for unwrapping the specified encrypted key content. Possible values for asymmetric keys include:RSA1_5
,RSA_OAEP
andRSA_OAEP_256
. Possible values for symmetric keys include:A128KW
,A192KW
andA256KW
.Code Samples
Unwraps the key content. Subscribes to the call asynchronously and prints out the unwrapped key details when a response has been received.
byte[] keyContent = new byte[100]; new Random(0x1234567L).nextBytes(keyContent); WrapResult wrapKeyResult = cryptographyClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyContent, new Context("key1", "value1")); UnwrapResult unwrapResult = cryptographyClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, wrapKeyResult.getEncryptedKey()); System.out.printf("Received key of length %d", unwrapResult.getKey().length);
- Parameters:
algorithm
- The encryption algorithm to use for wrapping the key.encryptedKey
- The encrypted key content to unwrap.- Returns:
- An
UnwrapResult
whosedecrypted key
contains the unwrapped key result. - Throws:
NullPointerException
- Ifalgorithm
orencryptedKey
arenull
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for wrap operation.UnsupportedOperationException
- If the unwrap operation is not supported or configured on the key.
-
unwrapKey
public UnwrapResult unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, com.azure.core.util.Context context)
Unwraps a symmetric key using the configured key that was initially used for wrapping that key. This operation is the reverse of the wrap operation. The unwrap operation supports asymmetric and symmetric keys to unwrap. This operation requires thekeys/unwrapKey
permission for non-local operations.The
wrap algorithm
indicates the type of algorithm to use for unwrapping the specified encrypted key content. Possible values for asymmetric keys include:RSA1_5
,RSA_OAEP
andRSA_OAEP_256
. Possible values for symmetric keys include:A128KW
,A192KW
andA256KW
.Code Samples
Unwraps the key content. Subscribes to the call asynchronously and prints out the unwrapped key details when a response has been received.
byte[] keyContentToWrap = new byte[100]; new Random(0x1234567L).nextBytes(keyContentToWrap); Context context = new Context("key1", "value1"); WrapResult wrapKeyContentResult = cryptographyClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyContentToWrap, context); UnwrapResult unwrapKeyResponse = cryptographyClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, wrapKeyContentResult.getEncryptedKey(), context); System.out.printf("Received key of length %d", unwrapKeyResponse.getKey().length);
- Parameters:
algorithm
- The encryption algorithm to use for wrapping the key.encryptedKey
- The encrypted key content to unwrap.context
- Additional context that is passed through theHttpPipeline
during the service call.- Returns:
- An
UnwrapResult
whosedecrypted key
contains the unwrapped key result. - Throws:
NullPointerException
- Ifalgorithm
orencryptedKey
arenull
.com.azure.core.exception.ResourceNotFoundException
- If the key cannot be found for wrap operation.UnsupportedOperationException
- If the unwrap operation is not supported or configured on the key.
-
signData
public SignResult signData(SignatureAlgorithm algorithm, byte[] data)
Creates a signature from the raw data using the configured key. The sign data operation supports both asymmetric and symmetric keys. This operation requires thekeys/sign
permission for non-local operations.The
signature algorithm
indicates the type of algorithm to use to sign the digest. Possible values include:ES256
,E384
,ES512
,ES246K
,PS256
,RS384
,RS512
,RS256
,RS384
andRS512
Code Samples
Signs the raw data. Subscribes to the call asynchronously and prints out the signature details when a response has been received.
byte[] data = new byte[100]; new Random(0x1234567L).nextBytes(data); SignResult signResult = cryptographyClient.sign(SignatureAlgorithm.ES256, data); System.out.printf("Received signature of length: %d, with algorithm: %s.%n", signResult.getSignature().length, signResult.getAlgorithm());
- Parameters:
algorithm
- The algorithm to use for signing.data
- The content from which signature is to be created.- Returns:
- A
SignResult
whosesignature
contains the created signature. - Throws:
NullPointerException
- ifalgorithm
ordata
is null.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for signing.UnsupportedOperationException
- if the sign operation is not supported or configured on the key.
-
signData
public SignResult signData(SignatureAlgorithm algorithm, byte[] data, com.azure.core.util.Context context)
Creates a signature from the raw data using the configured key. The sign data operation supports both asymmetric and symmetric keys. This operation requires thekeys/sign
permission for non-local operations.The
signature algorithm
indicates the type of algorithm to use to sign the digest. Possible values include:ES256
,E384
,ES512
,ES246K
,PS256
,RS384
,RS512
,RS256
,RS384
andRS512
Code Samples
Signs the raw data. Subscribes to the call asynchronously and prints out the signature details when a response has been received.
byte[] plainTextData = new byte[100]; new Random(0x1234567L).nextBytes(plainTextData); SignResult signingResult = cryptographyClient.sign(SignatureAlgorithm.ES256, plainTextData); System.out.printf("Received signature of length: %d, with algorithm: %s.%n", signingResult.getSignature().length, new Context("key1", "value1"));
- Parameters:
algorithm
- The algorithm to use for signing.data
- The content from which signature is to be created.context
- Additional context that is passed through theHttpPipeline
during the service call.- Returns:
- A
SignResult
whosesignature
contains the created signature. - Throws:
NullPointerException
- ifalgorithm
ordata
is null.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for signing.UnsupportedOperationException
- if the sign operation is not supported or configured on the key.
-
verifyData
public VerifyResult verifyData(SignatureAlgorithm algorithm, byte[] data, byte[] signature)
Verifies a signature against the raw data using the configured key. The verify operation supports both symmetric keys and asymmetric keys. In case of asymmetric keys public portion of the key is used to verify the signature. This operation requires thekeys/verify
permission for non-local operations.The
signature algorithm
indicates the type of algorithm to use to verify the signature. Possible values include:ES256
,E384
,ES512
,ES246K
,PS256
,RS384
,RS512
,RS256
,RS384
andRS512
Code Samples
Verifies the signature against the raw data. Subscribes to the call asynchronously and prints out the verification details when a response has been received.
byte[] myData = new byte[100]; new Random(0x1234567L).nextBytes(myData); // A signature can be obtained from the SignResult returned by the CryptographyClient.sign() operation. VerifyResult verifyResult = cryptographyClient.verify(SignatureAlgorithm.ES256, myData, signature); System.out.printf("Verification status: %s.%n", verifyResult.isValid());
- Parameters:
algorithm
- The algorithm to use for signing.data
- The raw content against which signature is to be verified.signature
- The signature to be verified.- Returns:
- A
VerifyResult
indicating the signature verification result
. - Throws:
com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for verifying.UnsupportedOperationException
- if the verify operation is not supported or configured on the key.NullPointerException
- ifalgorithm
,data
orsignature
is null.
-
verifyData
public VerifyResult verifyData(SignatureAlgorithm algorithm, byte[] data, byte[] signature, com.azure.core.util.Context context)
Verifies a signature against the raw data using the configured key. The verify operation supports both symmetric keys and asymmetric keys. In case of asymmetric keys public portion of the key is used to verify the signature. This operation requires thekeys/verify
permission for non-local operations.The
signature algorithm
indicates the type of algorithm to use to verify the signature. Possible values include:ES256
,E384
,ES512
,ES246K
,PS256
,RS384
,RS512
,RS256
,RS384
andRS512
Code Samples
Verifies the signature against the raw data. Subscribes to the call asynchronously and prints out the verification details when a response has been received.
byte[] dataToVerify = new byte[100]; new Random(0x1234567L).nextBytes(dataToVerify); // A signature can be obtained from the SignResult returned by the CryptographyClient.sign() operation. VerifyResult verificationResult = cryptographyClient.verify(SignatureAlgorithm.ES256, dataToVerify, mySignature, new Context("key1", "value1")); System.out.printf("Verification status: %s.%n", verificationResult.isValid());
- Parameters:
algorithm
- The algorithm to use for signing.data
- The raw content against which signature is to be verified.signature
- The signature to be verified.context
- Additional context that is passed through theHttpPipeline
during the service call.- Returns:
- A
VerifyResult
indicating the signature verification result
. - Throws:
NullPointerException
- ifalgorithm
,data
orsignature
is null.com.azure.core.exception.ResourceNotFoundException
- if the key cannot be found for verifying.UnsupportedOperationException
- if the verify operation is not supported or configured on the key.
-
-