KeyVaultRSAPrivateKey Class
An RSAPrivateKey implementation based on a key managed by Key Vault.
This class should not be instantiated directly. Instead, use the create_rsa_private_key method to create a key based on the client's key. Only synchronous clients and operations are supported at this time.
- Inheritance
-
cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyKeyVaultRSAPrivateKey
Constructor
KeyVaultRSAPrivateKey(client: CryptographyClient, key_material: JsonWebKey | None)Parameters
| Name | Description |
|---|---|
|
client
Required
|
|
|
key_material
Required
|
|
Methods
| decrypt |
Decrypts the provided ciphertext. |
| private_bytes |
Allows serialization of the key to bytes. This function uses the cryptography library's implementation. Encoding (PEM or DER) and format (TraditionalOpenSSL, OpenSSH, or PKCS8) and encryption algorithm (such as BestAvailableEncryption or NoEncryption) are chosen to define the exact serialization. |
| private_numbers |
Returns an RSAPrivateNumbers representing the key's private numbers. |
| public_key |
The RSAPublicKey associated with this private key, as a KeyVaultRSAPublicKey. The public key implementation will use the same underlying cryptography client as this private key. |
| sign |
Signs the data. |
| signer |
Not implemented. This method was deprecated in cryptography 2.0 and removed in 37.0.0. |
decrypt
Decrypts the provided ciphertext.
decrypt(ciphertext: bytes, padding: AsymmetricPadding) -> bytesParameters
| Name | Description |
|---|---|
|
ciphertext
Required
|
Encrypted bytes to decrypt. |
|
padding
Required
|
<xref:cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding>
The padding to use. Supported paddings are OAEP and PKCS1v15. For OAEP padding, supported hash algorithms are SHA1 and SHA256. The only supported mask generation function is MGF1. See https://learn.microsoft.com/azure/key-vault/keys/about-keys-details for details. |
Returns
| Type | Description |
|---|---|
|
The decrypted plaintext, as bytes. |
private_bytes
Allows serialization of the key to bytes.
This function uses the cryptography library's implementation. Encoding (PEM or DER) and format (TraditionalOpenSSL, OpenSSH, or PKCS8) and encryption algorithm (such as BestAvailableEncryption or NoEncryption) are chosen to define the exact serialization.
private_bytes(encoding: Encoding, format: PrivateFormat, encryption_algorithm: KeySerializationEncryption) -> bytesParameters
| Name | Description |
|---|---|
|
encoding
Required
|
<xref:cryptography.hazmat.primitives.serialization.Encoding>
A value from the Encoding enum. |
|
format
Required
|
<xref:cryptography.hazmat.primitives.serialization.PrivateFormat>
A value from the PrivateFormat enum. |
|
encryption_algorithm
Required
|
<xref:cryptography.hazmat.primitives.serialization.KeySerializationEncryption>
An instance of an object conforming to the KeySerializationEncryption interface. |
Returns
| Type | Description |
|---|---|
|
The serialized key. |
Exceptions
| Type | Description |
|---|---|
|
if the client is unable to obtain the key material from Key Vault. |
private_numbers
Returns an RSAPrivateNumbers representing the key's private numbers.
private_numbers() -> RSAPrivateNumbersReturns
| Type | Description |
|---|---|
|
<xref:cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers>
|
The private numbers of the key. |
Exceptions
| Type | Description |
|---|---|
|
if the client is unable to obtain the key material from Key Vault. |
public_key
The RSAPublicKey associated with this private key, as a KeyVaultRSAPublicKey.
The public key implementation will use the same underlying cryptography client as this private key.
public_key() -> KeyVaultRSAPublicKeyReturns
| Type | Description |
|---|---|
|
The KeyVaultRSAPublicKey associated with the key. |
sign
Signs the data.
sign(data: bytes, padding: AsymmetricPadding, algorithm: Prehashed | HashAlgorithm) -> bytesParameters
| Name | Description |
|---|---|
|
data
Required
|
The data to sign, as bytes. |
|
padding
Required
|
<xref:cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding>
The padding to use. Supported paddings are PKCS1v15 and PSS. For PSS, the only supported mask generation function is MGF1. See https://learn.microsoft.com/azure/key-vault/keys/about-keys-details for details. |
|
algorithm
Required
|
<xref:cryptography.hazmat.primitives.asymmetric.utils.Prehashed> or
<xref:cryptography.hazmat.primitives.hashes.HashAlgorithm>
The algorithm to sign with. Only HashAlgorithm |
Returns
| Type | Description |
|---|---|
|
The signature, as bytes. |
signer
Not implemented. This method was deprecated in cryptography 2.0 and removed in 37.0.0.
signer(padding: AsymmetricPadding, algorithm: HashAlgorithm) -> NoReturnParameters
| Name | Description |
|---|---|
|
padding
Required
|
|
|
algorithm
Required
|
|
Attributes
key_size
The bit length of the public modulus.
Returns
| Type | Description |
|---|---|
|
The key's size. |
Exceptions
| Type | Description |
|---|---|
|
if the client is unable to obtain the key material from Key Vault. |
Azure SDK for Python