Share via

IKey Interface

  • Reference
Package:
com.microsoft.azure.keyvault.core

public interface IKey

Interface for representing cryptographic keys with the Microsoft Azure Key Vault libraries.

Method Summary

Modifier and Type Method and Description
ListenableFuture<byte[]> decryptAsync(final byte[] ciphertext, final byte[] iv, final byte[] authenticationData, final byte[] authenticationTag, final String algorithm)

Decrypts the specified cipher text. Note that not all algorithms require, or support, all parameters.
ListenableFuture<Triple<byte[], byte[], String>> encryptAsync(final byte[] plaintext, final byte[] iv, final byte[] authenticationData, final String algorithm)

Encrypts the specified plain text. Note that not all algorithms require, or support, all parameters.
String getDefaultEncryptionAlgorithm()

The default encryption algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.
String getDefaultKeyWrapAlgorithm()

The default key wrap algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.
String getDefaultSignatureAlgorithm()

The default signature algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.
String getKid()

The unique key identifier for this key.
ListenableFuture<Pair<byte[], String>> signAsync(final byte[] digest, final String algorithm)

Signs the specified digest using the specified algorithm, or the keys DefaultSignatureAlgorithm if no algorithm is specified.
ListenableFuture<byte[]> unwrapKeyAsync(final byte[] encryptedKey, final String algorithm)

Unwraps (decrypts) the specified encryped key material.
ListenableFuture<Boolean> verifyAsync(final byte[] digest, final byte[] signature, final String algorithm)

Verifies the supplied signature value using the supplied digest and algorithm.
ListenableFuture<Pair<byte[], String>> wrapKeyAsync(final byte[] key, final String algorithm)

Wraps (encrypts) the specified symmetric key material using the specified algorithm, or the keys DefaultKeyWrapAlgorithm if none is specified.

Method Details

decryptAsync

public ListenableFuture decryptAsync(final byte[] ciphertext, final byte[] iv, final byte[] authenticationData, final byte[] authenticationTag, final String algorithm)

Decrypts the specified cipher text. Note that not all algorithms require, or support, all parameters.

Parameters:

ciphertext - The cipher text to decrypt
iv - The initialization vector (optional with some algorithms)
authenticationData - Additional authentication data (optional with some algorithms)
authenticationTag - The authentication tag from the encrypt operation (optional with some algorithms)
algorithm - The encryption algorithm to use, must be supplied

Returns:

A ListenableFuture containing the plain text

Throws:

NoSuchAlgorithmException - the algorithm is not valid

encryptAsync

public ListenableFuture> encryptAsync(final byte[] plaintext, final byte[] iv, final byte[] authenticationData, final String algorithm)

Encrypts the specified plain text. Note that not all algorithms require, or support, all parameters.

Parameters:

plaintext - The plain text to encrypt
iv - The initialization vector (optional with some algorithms)
authenticationData - Additional authentication data (optional with some algorithms)
algorithm - The encryption algorithm to use, defaults to the keys DefaultEncryptionAlgorithm

Returns:

A ListenableFuture containing the cipher text, the authentication tag and the algorithm that was used

Throws:

NoSuchAlgorithmException - the algorithm is not valid

getDefaultEncryptionAlgorithm

public String getDefaultEncryptionAlgorithm()

The default encryption algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.

Returns:

The default encryption algorithm for this key.

getDefaultKeyWrapAlgorithm

public String getDefaultKeyWrapAlgorithm()

The default key wrap algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.

Returns:

The default key wrap algorithm for this key.

getDefaultSignatureAlgorithm

public String getDefaultSignatureAlgorithm()

The default signature algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.

Returns:

The default signature algorithm for this key.

getKid

public String getKid()

The unique key identifier for this key.

Returns:

The key identifier

signAsync

public ListenableFuture> signAsync(final byte[] digest, final String algorithm)

Signs the specified digest using the specified algorithm, or the keys DefaultSignatureAlgorithm if no algorithm is specified.

Parameters:

digest - The digest to sign
algorithm - The signature algorithm to use

Returns:

A ListenableFuture containing the signature and the algorithm used.

Throws:

NoSuchAlgorithmException - the algorithm is not valid

unwrapKeyAsync

public ListenableFuture unwrapKeyAsync(final byte[] encryptedKey, final String algorithm)

Unwraps (decrypts) the specified encryped key material.

Parameters:

encryptedKey - The encrypted key to decrypt
algorithm - The algorithm to use, must be supplied

Returns:

A ListenableFuture containing the unwrapped key

Throws:

NoSuchAlgorithmException - the algorithm is not valid

verifyAsync

public ListenableFuture verifyAsync(final byte[] digest, final byte[] signature, final String algorithm)

Verifies the supplied signature value using the supplied digest and algorithm.

Parameters:

digest - The digest input
signature - The signature to verify
algorithm - The algorithm to use, must be provided

Returns:

A ListenableFuture containing the signature and the algorithm used.

Throws:

NoSuchAlgorithmException - the algorithm is not valid

wrapKeyAsync

public ListenableFuture> wrapKeyAsync(final byte[] key, final String algorithm)

Wraps (encrypts) the specified symmetric key material using the specified algorithm, or the keys DefaultKeyWrapAlgorithm if none is specified.

Parameters:

key - The symmetric key to wrap
algorithm - The wrapping algorithm to use, defaults to the keys DefaultKeyWrapAlgorithm

Returns:

ListenableFuture containing the encrypted key and the algorithm that was used

Throws:

NoSuchAlgorithmException - the algorithm is not valid

Applies to