BlobEncryptionPolicy Class

  • java.lang.Object
    • com.microsoft.azure.storage.blob.BlobEncryptionPolicy

public class BlobEncryptionPolicy

Represents a blob encryption policy that is used to perform envelope encryption/decryption of Azure blobs.

Field Summary

Modifier and Type Field and Description
IKeyResolver keyResolver

The IKeyResolver used to select the correct key for decrypting existing blobs.

IKey keyWrapper

An object of type IKey that is used to wrap/unwrap the content key during encryption.

Constructor Summary

Constructor Description
BlobEncryptionPolicy(IKey key, IKeyResolver keyResolver)

Initializes a new instance of the BlobEncryptionPolicy class with the specified key and resolver.

If the generated policy is intended to be used for encryption, users are expected to provide a key at the minimum. The absence of key will cause an exception to be thrown during encryption. If the generated policy is intended to be used for decryption, users can provide a keyResolver. The client library will - 1. Invoke the key resolver if specified to get the key. 2. If resolver is not specified but a key is specified, match the key id on the key and use it.

Method Summary

Modifier and Type Method and Description
IKey getKey()

Gets the IKey that is used to wrap/unwrap the content key during encryption.

IKeyResolver getKeyResolver()

Gets the key resolver used to select the correct key for decrypting existing blobs.

void setKey(IKey key)

Sets the IKey that is used to wrap/unwrap the content key during encryption.

void setKeyResolver(IKeyResolver keyResolver)

Sets the key resolver used to select the correct key for decrypting existing blobs.

Field Details

keyResolver

public IKeyResolver keyResolver

The IKeyResolver used to select the correct key for decrypting existing blobs.

keyWrapper

public IKey keyWrapper

An object of type IKey that is used to wrap/unwrap the content key during encryption.

Constructor Details

BlobEncryptionPolicy

public BlobEncryptionPolicy(IKey key, IKeyResolver keyResolver)

Initializes a new instance of the BlobEncryptionPolicy class with the specified key and resolver.

If the generated policy is intended to be used for encryption, users are expected to provide a key at the minimum. The absence of key will cause an exception to be thrown during encryption. If the generated policy is intended to be used for decryption, users can provide a keyResolver. The client library will - 1. Invoke the key resolver if specified to get the key. 2. If resolver is not specified but a key is specified, match the key id on the key and use it.

Parameters:

key - An object of type IKey that is used to wrap/unwrap the content encryption key.
keyResolver - The key resolver used to select the correct key for decrypting existing blobs.

Method Details

getKey

public IKey getKey()

Gets the IKey that is used to wrap/unwrap the content key during encryption.

Returns:

An IKey object.

getKeyResolver

public IKeyResolver getKeyResolver()

Gets the key resolver used to select the correct key for decrypting existing blobs.

Returns:

A resolver that returns an IKey given a keyId.

setKey

public void setKey(IKey key)

Sets the IKey that is used to wrap/unwrap the content key during encryption.

Parameters:

key - An IKey object.

setKeyResolver

public void setKeyResolver(IKeyResolver keyResolver)

Sets the key resolver used to select the correct key for decrypting existing blobs.

Parameters:

keyResolver - A resolver that returns an IKey given a keyId.

Applies to