Options
All
  • Public
  • Public/Protected
  • All
Menu

Class CryptographyClient

Package version

A client used to perform cryptographic operations on an Azure Key vault key or a local JsonWebKey.

Hierarchy

  • CryptographyClient

Index

Constructors

Accessors

Methods

Constructors

constructor

  • Constructs a new instance of the Cryptography client for the given key

    Example usage:

    import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
import { DefaultAzureCredential } from "@azure/identity";

let vaultUrl = `https://<MY KEYVAULT HERE>.vault.azure.net`;
let credentials = new DefaultAzureCredential();

let keyClient = new KeyClient(vaultUrl, credentials);
let keyVaultKey = await keyClient.getKey("MyKey");

let client = new CryptographyClient(keyVaultKey.id, credentials);
// or
let client = new CryptographyClient(keyVaultKey, credentials);

    Parameters

    • key: string | KeyVaultKey

      The key to use during cryptography tasks. You can also pass the identifier of the key i.e its url here.

    • credential: TokenCredential

      An object that implements the TokenCredential interface used to authenticate requests to the service. Use the @azure/identity package to create a credential that suits your needs.

    • Optional pipelineOptions: CryptographyClientOptions

      Pipeline options used to configure Key Vault API requests. Omit this parameter to use the default pipeline configuration.

    Returns CryptographyClient

  • Constructs a new instance of the Cryptography client for the given key in local mode.

    Example usage:

    import { CryptographyClient } from "@azure/keyvault-keys";

const jsonWebKey: JsonWebKey = {
  // ...
};
const client = new CryptographyClient(jsonWebKey);

    Parameters

    • key: JsonWebKey

      The key to use during cryptography tasks. You can also pass the identifier of the key i.e its url here.

    Returns CryptographyClient

Accessors

keyID

  • get keyID(): string | undefined

vaultUrl

  • get vaultUrl(): string

Methods

decrypt

  • Decrypts the given ciphertext with the specified decryption parameters. Depending on the algorithm used in the decryption parameters, the set of possible decryption parameters will change.

    Example usage:

    let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.decrypt({ algorithm: "RSA1_5", ciphertext: encryptedBuffer });
let result = await client.decrypt({ algorithm: "A256GCM", iv: ivFromEncryptResult, authenticationTag: tagFromEncryptResult });

    Parameters

    Returns Promise<DecryptResult>

  • Decrypts the given ciphertext with the specified cryptography algorithm

    Example usage:

    let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.decrypt("RSA1_5", encryptedBuffer);
    deprecated

    Use decrypt({ algorithm, ciphertext }, options) instead.

    Parameters

    • algorithm: EncryptionAlgorithm

      The algorithm to use.

    • ciphertext: Uint8Array

      The text to decrypt.

    • Optional options: DecryptOptions

      Additional options.

    Returns Promise<DecryptResult>

encrypt

  • Encrypts the given plaintext with the specified encryption parameters. Depending on the algorithm set in the encryption parameters, the set of possible encryption parameters will change.

    Example usage:

    let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.encrypt({ algorithm: "RSA1_5", plaintext: Buffer.from("My Message")});
let result = await client.encrypt({ algorithm: "A256GCM", plaintext: Buffer.from("My Message"), additionalAuthenticatedData: Buffer.from("My authenticated data")});

    Parameters

    • encryptParameters: EncryptParameters

      The encryption parameters, keyed on the encryption algorithm chosen.

    • Optional options: EncryptOptions

      Additional options.

    Returns Promise<EncryptResult>

  • Encrypts the given plaintext with the specified cryptography algorithm

    Example usage:

    let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.encrypt("RSA1_5", Buffer.from("My Message"));
    deprecated

    Use encrypt({ algorithm, plaintext }, options) instead.

    Parameters

    • algorithm: EncryptionAlgorithm

      The algorithm to use.

    • plaintext: Uint8Array

      The text to encrypt.

    • Optional options: EncryptOptions

      Additional options.

    Returns Promise<EncryptResult>

sign

  • Cryptographically sign the digest of a message

    Example usage:

    let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.sign("RS256", digest);

    Parameters

    • algorithm: SignatureAlgorithm

      The signing algorithm to use.

    • digest: Uint8Array

      The digest of the data to sign.

    • Default value options: SignOptions = {}

      Additional options.

    Returns Promise<SignResult>

signData

  • Cryptographically sign a block of data

    Example usage:

    let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.signData("RS256", message);

    Parameters

    • algorithm: SignatureAlgorithm

      The signing algorithm to use.

    • data: Uint8Array

      The data to sign.

    • Default value options: SignOptions = {}

      Additional options.

    Returns Promise<SignResult>

unwrapKey

  • Unwraps the given wrapped key using the specified cryptography algorithm

    Example usage:

    let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.unwrapKey("RSA1_5", keyToUnwrap);

    Parameters

    • algorithm: KeyWrapAlgorithm

      The decryption algorithm to use to unwrap the key.

    • encryptedKey: Uint8Array

      The encrypted key to unwrap.

    • Default value options: UnwrapKeyOptions = {}

      Additional options.

    Returns Promise<UnwrapResult>

verify

  • verify(algorithm: SignatureAlgorithm, digest: Uint8Array, signature: Uint8Array, options?: VerifyOptions): Promise<VerifyResult>

  • Verify the signed message digest

    Example usage:

    let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.verify("RS256", signedDigest, signature);

    Parameters

    • algorithm: SignatureAlgorithm

      The signing algorithm to use to verify with.

    • digest: Uint8Array

      The digest to verify.

    • signature: Uint8Array

      The signature to verify the digest against.

    • Default value options: VerifyOptions = {}

      Additional options.

    Returns Promise<VerifyResult>

verifyData

  • verifyData(algorithm: SignatureAlgorithm, data: Uint8Array, signature: Uint8Array, options?: VerifyOptions): Promise<VerifyResult>

  • Verify the signed block of data

    Example usage:

    let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.verifyData("RS256", signedMessage, signature);

    Parameters

    • algorithm: SignatureAlgorithm

      The algorithm to use to verify with.

    • data: Uint8Array

      The signed block of data to verify.

    • signature: Uint8Array

      The signature to verify the block against.

    • Default value options: VerifyOptions = {}

      Additional options.

    Returns Promise<VerifyResult>

wrapKey

  • Wraps the given key using the specified cryptography algorithm

    Example usage:

    let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.wrapKey("RSA1_5", keyToWrap);

    Parameters

    • algorithm: KeyWrapAlgorithm

      The encryption algorithm to use to wrap the given key.

    • key: Uint8Array

      The key to wrap.

    • Default value options: WrapKeyOptions = {}

      Additional options.

    Returns Promise<WrapResult>

Generated using TypeDoc