KeyVaultKey Class

Reference

Package:: com.microsoft.azure.keyvault.extensions

java.lang.Object
- Closeable
- - IKey
  - - com.microsoft.azure.keyvault.extensions.KeyVaultKey

public class KeyVaultKey implements IKey

The key vault key that performs cryptography operations.

Constructor Summary

Constructor	Description
KeyVaultKey(KeyVaultClient client, KeyBundle keyBundle)

Method Summary

Modifier and Type	Method and Description
void	close()
ListenableFuture<byte[]>	decryptAsync(byte[] ciphertext, byte[] iv, byte[] authenticationData, byte[] authenticationTag, String algorithm) Decrypts the specified cipher text. Note that not all algorithms require, or support, all parameters.
ListenableFuture<Triple<byte[], byte[], String>>	encryptAsync(byte[] plaintext, byte[] iv, byte[] authenticationData, String algorithm) Encrypts the specified plain text. Note that not all algorithms require, or support, all parameters.
String	getDefaultEncryptionAlgorithm() The default encryption algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.
String	getDefaultKeyWrapAlgorithm() The default key wrap algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.
String	getDefaultSignatureAlgorithm() The default signature algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.
String	getKid() The unique key identifier for this key.
ListenableFuture<Pair<byte[], String>>	signAsync(byte[] digest, String algorithm) Signs the specified digest using the specified algorithm, or the keys DefaultSignatureAlgorithm if no algorithm is specified.
ListenableFuture<byte[]>	unwrapKeyAsync(byte[] ciphertext, String algorithm) Unwraps (decrypts) the specified encryped key material.
ListenableFuture<Boolean>	verifyAsync(byte[] digest, byte[] signature, String algorithm) Verifies the supplied signature value using the supplied digest and algorithm.
ListenableFuture<Pair<byte[], String>>	wrapKeyAsync(byte[] plaintext, String algorithm) Wraps (encrypts) the specified symmetric key material using the specified algorithm, or the keys DefaultKeyWrapAlgorithm if none is specified.

Constructor Details

KeyVaultKey

protected KeyVaultKey(KeyVaultClient client, KeyBundle keyBundle)

Parameters:

client

keyBundle

Method Details

close

public void close()

decryptAsync

public ListenableFuture decryptAsync(byte[] ciphertext, byte[] iv, byte[] authenticationData, byte[] authenticationTag, String algorithm)

Decrypts the specified cipher text. Note that not all algorithms require, or support, all parameters.

Overrides:

KeyVaultKey.decryptAsync(byte[] ciphertext, byte[] iv, byte[] authenticationData, byte[] authenticationTag, String algorithm)

Parameters:

ciphertext - The cipher text to decrypt

iv - The initialization vector (optional with some algorithms)

authenticationData - Additional authentication data (optional with some algorithms)

authenticationTag - The authentication tag from the encrypt operation (optional with some algorithms)

algorithm - The encryption algorithm to use, must be supplied

Returns:

A ListenableFuture containing the plain text

Throws:

NoSuchAlgorithmException - the algorithm is not valid

encryptAsync

public ListenableFuture> encryptAsync(byte[] plaintext, byte[] iv, byte[] authenticationData, String algorithm)

Encrypts the specified plain text. Note that not all algorithms require, or support, all parameters.

Overrides:

KeyVaultKey.encryptAsync(byte[] plaintext, byte[] iv, byte[] authenticationData, String algorithm)

Parameters:

plaintext - The plain text to encrypt

iv - The initialization vector (optional with some algorithms)

authenticationData - Additional authentication data (optional with some algorithms)

algorithm - The encryption algorithm to use, defaults to the keys DefaultEncryptionAlgorithm

Returns:

A ListenableFuture containing the cipher text, the authentication tag and the algorithm that was used

Throws:

NoSuchAlgorithmException - the algorithm is not valid

getDefaultEncryptionAlgorithm

public String getDefaultEncryptionAlgorithm()

The default encryption algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.

Overrides:

KeyVaultKey.getDefaultEncryptionAlgorithm()

Returns:

The default encryption algorithm for this key.

getDefaultKeyWrapAlgorithm

public String getDefaultKeyWrapAlgorithm()

The default key wrap algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.

Overrides:

KeyVaultKey.getDefaultKeyWrapAlgorithm()

Returns:

The default key wrap algorithm for this key.

getDefaultSignatureAlgorithm

public String getDefaultSignatureAlgorithm()

The default signature algorithm for this key, using the representations from Json Web Key Algorithms, RFC7513.

Overrides:

KeyVaultKey.getDefaultSignatureAlgorithm()

Returns:

The default signature algorithm for this key.

getKid

public String getKid()

The unique key identifier for this key.

Overrides:

KeyVaultKey.getKid()

Returns:

The key identifier

signAsync

public ListenableFuture> signAsync(byte[] digest, String algorithm)

Signs the specified digest using the specified algorithm, or the keys DefaultSignatureAlgorithm if no algorithm is specified.

Overrides:

KeyVaultKey.signAsync(byte[] digest, String algorithm)

Parameters:

digest - The digest to sign

algorithm - The signature algorithm to use

Returns:

A ListenableFuture containing the signature and the algorithm used.

Throws:

NoSuchAlgorithmException - the algorithm is not valid

unwrapKeyAsync

public ListenableFuture unwrapKeyAsync(byte[] ciphertext, String algorithm)

Unwraps (decrypts) the specified encryped key material.

Overrides:

KeyVaultKey.unwrapKeyAsync(byte[] ciphertext, String algorithm)

Parameters:

encryptedKey - The encrypted key to decrypt

algorithm - The algorithm to use, must be supplied

Returns:

A ListenableFuture containing the unwrapped key

Throws:

NoSuchAlgorithmException - the algorithm is not valid

verifyAsync

public ListenableFuture verifyAsync(byte[] digest, byte[] signature, String algorithm)

Verifies the supplied signature value using the supplied digest and algorithm.

Overrides:

KeyVaultKey.verifyAsync(byte[] digest, byte[] signature, String algorithm)

Parameters:

digest - The digest input

signature - The signature to verify

algorithm - The algorithm to use, must be provided

Returns:

A ListenableFuture containing the signature and the algorithm used.

Throws:

NoSuchAlgorithmException - the algorithm is not valid

wrapKeyAsync

public ListenableFuture> wrapKeyAsync(byte[] plaintext, String algorithm)

Wraps (encrypts) the specified symmetric key material using the specified algorithm, or the keys DefaultKeyWrapAlgorithm if none is specified.

Overrides:

KeyVaultKey.wrapKeyAsync(byte[] plaintext, String algorithm)

Parameters:

key - The symmetric key to wrap

algorithm - The wrapping algorithm to use, defaults to the keys DefaultKeyWrapAlgorithm

Returns:

ListenableFuture containing the encrypted key and the algorithm that was used

Throws:

NoSuchAlgorithmException - the algorithm is not valid

Share via

KeyVaultKey Class

Constructor Summary

Method Summary

Constructor Details

KeyVaultKey

Method Details

close

decryptAsync

encryptAsync

getDefaultEncryptionAlgorithm

getDefaultKeyWrapAlgorithm

getDefaultSignatureAlgorithm

getKid

signAsync

unwrapKeyAsync

verifyAsync

wrapKeyAsync

Applies to

Additional resources