CryptographyClient class

A client used to perform cryptographic operations with Azure Key Vault keys.

Constructors

CryptographyClient(string | KeyVaultKey, TokenCredential, CryptographyClientOptions)

Constructs a new instance of the Cryptography client for the given key Example usage:

import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
import { DefaultAzureCredential } from "@azure/identity";

let vaultUrl = `https://<MY KEYVAULT HERE>.vault.azure.net`;
let credentials = new DefaultAzureCredential();

let keyClient = new KeyClient(vaultUrl, credentials);
let keyVaultKey = await keyClient.getKey("MyKey");

let client = new CryptographyClient(keyVaultKey.id, credentials);
// or
let client = new CryptographyClient(keyVaultKey, credentials);

Properties

vaultUrl

The base URL to the vault

Methods

decrypt(EncryptionAlgorithm, Uint8Array, DecryptOptions)

Decrypts the given ciphertext with the specified cryptography algorithm Example usage:

let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.decrypt("RSA1_5", encryptedBuffer);
encrypt(EncryptionAlgorithm, Uint8Array, EncryptOptions)

Encrypts the given plaintext with the specified cryptography algorithm Example usage:

let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.encrypt("RSA1_5", Buffer.from("My Message"));
sign(SignatureAlgorithm, Uint8Array, SignOptions)

Cryptographically sign the digest of a message Example usage:

let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.sign("RS256", digest);
signData(SignatureAlgorithm, Uint8Array, SignOptions)

Cryptographically sign a block of data Example usage:

let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.signData("RS256", message);
unwrapKey(KeyWrapAlgorithm, Uint8Array, UnwrapKeyOptions)

Unwraps the given wrapped key using the specified cryptography algorithm Example usage:

let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.unwrapKey("RSA1_5", keyToUnwrap);
verify(SignatureAlgorithm, Uint8Array, Uint8Array, VerifyOptions)

Verify the signed message digest Example usage:

let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.verify("RS256", signedDigest, signature);
verifyData(SignatureAlgorithm, Uint8Array, Uint8Array, VerifyOptions)

Verify the signed block of data Example usage:

let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.verifyData("RS256", signedMessage, signature);
wrapKey(KeyWrapAlgorithm, Uint8Array, WrapKeyOptions)

Wraps the given key using the specified cryptography algorithm Example usage:

let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.wrapKey("RSA1_5", keyToWrap);

Constructor Details

CryptographyClient(string | KeyVaultKey, TokenCredential, CryptographyClientOptions)

Constructs a new instance of the Cryptography client for the given key Example usage:

import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
import { DefaultAzureCredential } from "@azure/identity";

let vaultUrl = `https://<MY KEYVAULT HERE>.vault.azure.net`;
let credentials = new DefaultAzureCredential();

let keyClient = new KeyClient(vaultUrl, credentials);
let keyVaultKey = await keyClient.getKey("MyKey");

let client = new CryptographyClient(keyVaultKey.id, credentials);
// or
let client = new CryptographyClient(keyVaultKey, credentials);
new CryptographyClient(key: string | KeyVaultKey, credential: TokenCredential, pipelineOptions?: CryptographyClientOptions)

Parameters

key

string | KeyVaultKey

The key to use during cryptography tasks. You can also pass the identifier of the key i.e its url here.

credential

TokenCredential

An object that implements the TokenCredential interface used to authenticate requests to the service. Use the @azure/identity package to create a credential that suits your needs.

pipelineOptions
CryptographyClientOptions

Property Details

vaultUrl

The base URL to the vault

vaultUrl: string

Property Value

string

Method Details

decrypt(EncryptionAlgorithm, Uint8Array, DecryptOptions)

Decrypts the given ciphertext with the specified cryptography algorithm Example usage:

let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.decrypt("RSA1_5", encryptedBuffer);
function decrypt(algorithm: EncryptionAlgorithm, ciphertext: Uint8Array, options?: DecryptOptions)

Parameters

algorithm
EncryptionAlgorithm

The algorithm to use.

ciphertext

Uint8Array

The text to decrypt.

options
DecryptOptions

Returns

Promise<DecryptResult>

encrypt(EncryptionAlgorithm, Uint8Array, EncryptOptions)

Encrypts the given plaintext with the specified cryptography algorithm Example usage:

let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.encrypt("RSA1_5", Buffer.from("My Message"));
function encrypt(algorithm: EncryptionAlgorithm, plaintext: Uint8Array, options?: EncryptOptions)

Parameters

algorithm
EncryptionAlgorithm

The algorithm to use.

plaintext

Uint8Array

The text to encrypt.

options
EncryptOptions

Returns

Promise<EncryptResult>

sign(SignatureAlgorithm, Uint8Array, SignOptions)

Cryptographically sign the digest of a message Example usage:

let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.sign("RS256", digest);
function sign(algorithm: SignatureAlgorithm, digest: Uint8Array, options?: SignOptions)

Parameters

algorithm
SignatureAlgorithm

The signing algorithm to use.

digest

Uint8Array

The digest of the data to sign.

options
SignOptions

Returns

Promise<SignResult>

signData(SignatureAlgorithm, Uint8Array, SignOptions)

Cryptographically sign a block of data Example usage:

let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.signData("RS256", message);
function signData(algorithm: SignatureAlgorithm, data: Uint8Array, options?: SignOptions)

Parameters

algorithm
SignatureAlgorithm

The signing algorithm to use.

data

Uint8Array

The data to sign.

options
SignOptions

Returns

Promise<SignResult>

unwrapKey(KeyWrapAlgorithm, Uint8Array, UnwrapKeyOptions)

Unwraps the given wrapped key using the specified cryptography algorithm Example usage:

let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.unwrapKey("RSA1_5", keyToUnwrap);
function unwrapKey(algorithm: KeyWrapAlgorithm, encryptedKey: Uint8Array, options?: UnwrapKeyOptions)

Parameters

algorithm
KeyWrapAlgorithm

The decryption algorithm to use to unwrap the key.

encryptedKey

Uint8Array

The encrypted key to unwrap.

Returns

Promise<UnwrapResult>

verify(SignatureAlgorithm, Uint8Array, Uint8Array, VerifyOptions)

Verify the signed message digest Example usage:

let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.verify("RS256", signedDigest, signature);
function verify(algorithm: SignatureAlgorithm, digest: Uint8Array, signature: Uint8Array, options?: VerifyOptions)

Parameters

algorithm
SignatureAlgorithm

The signing algorithm to use to verify with.

digest

Uint8Array

The digest to verify.

signature

Uint8Array

The signature to verify the digest against.

options
VerifyOptions

Returns

Promise<VerifyResult>

verifyData(SignatureAlgorithm, Uint8Array, Uint8Array, VerifyOptions)

Verify the signed block of data Example usage:

let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.verifyData("RS256", signedMessage, signature);
function verifyData(algorithm: SignatureAlgorithm, data: Uint8Array, signature: Uint8Array, options?: VerifyOptions)

Parameters

algorithm
SignatureAlgorithm

The algorithm to use to verify with.

data

Uint8Array

The signed block of data to verify.

signature

Uint8Array

The signature to verify the block against.

options
VerifyOptions

Returns

Promise<VerifyResult>

wrapKey(KeyWrapAlgorithm, Uint8Array, WrapKeyOptions)

Wraps the given key using the specified cryptography algorithm Example usage:

let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.wrapKey("RSA1_5", keyToWrap);
function wrapKey(algorithm: KeyWrapAlgorithm, key: Uint8Array, options?: WrapKeyOptions)

Parameters

algorithm
KeyWrapAlgorithm

The encryption algorithm to use to wrap the given key.

key

Uint8Array

The key to wrap.

options
WrapKeyOptions

Returns

Promise<WrapResult>