Constructs a new instance of the Cryptography client for the given key
Example usage:
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
import { DefaultAzureCredential } from "@azure/identity";
let vaultUrl = `https://<MY KEYVAULT HERE>.vault.azure.net`;
let credentials = new DefaultAzureCredential();
let keyClient = new KeyClient(vaultUrl, credentials);
let keyVaultKey = await keyClient.getKey("MyKey");
let client = new CryptographyClient(keyVaultKey.id, credentials);
// or
let client = new CryptographyClient(keyVaultKey, credentials);
The key to use during cryptography tasks. You can also pass the identifier of the key i.e its url here.
An object that implements the TokenCredential
interface used to authenticate requests to the service. Use the @azure/identity package to create a credential that suits your needs.
Optional
pipelineOptions: CryptographyClientOptionsPipeline options used to configure Key Vault API requests. Omit this parameter to use the default pipeline configuration.
Constructs a new instance of the Cryptography client for the given key in local mode.
Example usage:
import { CryptographyClient } from "@azure/keyvault-keys";
const jsonWebKey: JsonWebKey = {
// ...
};
const client = new CryptographyClient(jsonWebKey);
The JsonWebKey to use during cryptography operations.
The ID of the key used to perform cryptographic operations for the client.
The base URL to the vault. If a local JsonWebKey is used vaultUrl will be empty.
Decrypts the given ciphertext with the specified decryption parameters. Depending on the algorithm used in the decryption parameters, the set of possible decryption parameters will change.
Microsoft recommends you not use CBC without first ensuring the integrity of the ciphertext using, for example, an HMAC. See https://docs.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode for more information.
Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.decrypt({ algorithm: "RSA1_5", ciphertext: encryptedBuffer });
let result = await client.decrypt({ algorithm: "A256GCM", iv: ivFromEncryptResult, authenticationTag: tagFromEncryptResult });
The decryption parameters.
Optional
options: DecryptOptionsAdditional options.
Decrypts the given ciphertext with the specified cryptography algorithm
Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.decrypt("RSA1_5", encryptedBuffer);
Microsoft recommends you not use CBC without first ensuring the integrity of the ciphertext using, for example, an HMAC. See https://docs.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode for more information.
Use decrypt({ algorithm, ciphertext }, options)
instead.
The algorithm to use.
The text to decrypt.
Optional
options: DecryptOptionsAdditional options.
Encrypts the given plaintext with the specified encryption parameters. Depending on the algorithm set in the encryption parameters, the set of possible encryption parameters will change.
Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.encrypt({ algorithm: "RSA1_5", plaintext: Buffer.from("My Message")});
let result = await client.encrypt({ algorithm: "A256GCM", plaintext: Buffer.from("My Message"), additionalAuthenticatedData: Buffer.from("My authenticated data")});
The encryption parameters, keyed on the encryption algorithm chosen.
Optional
options: EncryptOptionsAdditional options.
Encrypts the given plaintext with the specified cryptography algorithm
Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.encrypt("RSA1_5", Buffer.from("My Message"));
Use encrypt({ algorithm, plaintext }, options)
instead.
The algorithm to use.
The text to encrypt.
Optional
options: EncryptOptionsAdditional options.
Cryptographically sign the digest of a message
Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.sign("RS256", digest);
The signing algorithm to use.
The digest of the data to sign.
Additional options.
Cryptographically sign a block of data
Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.signData("RS256", message);
The signing algorithm to use.
The data to sign.
Additional options.
Unwraps the given wrapped key using the specified cryptography algorithm
Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.unwrapKey("RSA1_5", keyToUnwrap);
The decryption algorithm to use to unwrap the key.
The encrypted key to unwrap.
Additional options.
Verify the signed message digest
Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.verify("RS256", signedDigest, signature);
The signing algorithm to use to verify with.
The digest to verify.
The signature to verify the digest against.
Additional options.
Verify the signed block of data
Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.verifyData("RS256", signedMessage, signature);
The algorithm to use to verify with.
The signed block of data to verify.
The signature to verify the block against.
Additional options.
Wraps the given key using the specified cryptography algorithm
Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.wrapKey("RSA1_5", keyToWrap);
The encryption algorithm to use to wrap the given key.
The key to wrap.
Additional options.
Generated using TypeDoc
A client used to perform cryptographic operations on an Azure Key vault key or a local JsonWebKey.