CryptographyClient class
A client used to perform cryptographic operations with Azure Key Vault keys.
Constructors
| Cryptography |
Constructs a new instance of the Cryptography client for the given key Example usage: |
Properties
| vault |
The base URL to the vault |
Methods
| decrypt(Encryption |
Decrypts the given ciphertext with the specified cryptography algorithm Example usage: |
| encrypt(Encryption |
Encrypts the given plaintext with the specified cryptography algorithm Example usage: |
| sign(Signature |
Cryptographically sign the digest of a message Example usage: |
| sign |
Cryptographically sign a block of data Example usage: |
| unwrap |
Unwraps the given wrapped key using the specified cryptography algorithm Example usage: |
| verify(Signature |
Verify the signed message digest Example usage: |
| verify |
Verify the signed block of data Example usage: |
| wrap |
Wraps the given key using the specified cryptography algorithm Example usage: |
Constructor Details
CryptographyClient(string | KeyVaultKey, TokenCredential, CryptographyClientOptions)
Constructs a new instance of the Cryptography client for the given key Example usage:
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
import { DefaultAzureCredential } from "@azure/identity";
let vaultUrl = `https://<MY KEYVAULT HERE>.vault.azure.net`;
let credentials = new DefaultAzureCredential();
let keyClient = new KeyClient(vaultUrl, credentials);
let keyVaultKey = await keyClient.getKey("MyKey");
let client = new CryptographyClient(keyVaultKey.id, credentials);
// or
let client = new CryptographyClient(keyVaultKey, credentials);
new CryptographyClient(key: string | KeyVaultKey, credential: TokenCredential, pipelineOptions?: CryptographyClientOptions)Parameters
- key
-
string | KeyVaultKey
The key to use during cryptography tasks. You can also pass the identifier of the key i.e its url here.
- credential
-
TokenCredential
An object that implements the TokenCredential interface used to authenticate requests to the service. Use the @azure/identity package to create a credential that suits your needs.
- pipelineOptions
- CryptographyClientOptions
Property Details
vaultUrl
The base URL to the vault
vaultUrl: stringProperty Value
string
Method Details
decrypt(EncryptionAlgorithm, Uint8Array, DecryptOptions)
Decrypts the given ciphertext with the specified cryptography algorithm Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.decrypt("RSA1_5", encryptedBuffer);
function decrypt(algorithm: EncryptionAlgorithm, ciphertext: Uint8Array, options?: DecryptOptions)Parameters
- algorithm
- EncryptionAlgorithm
The algorithm to use.
- ciphertext
-
Uint8Array
The text to decrypt.
- options
- DecryptOptions
Returns
Promise<DecryptResult>
encrypt(EncryptionAlgorithm, Uint8Array, EncryptOptions)
Encrypts the given plaintext with the specified cryptography algorithm Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.encrypt("RSA1_5", Buffer.from("My Message"));
function encrypt(algorithm: EncryptionAlgorithm, plaintext: Uint8Array, options?: EncryptOptions)Parameters
- algorithm
- EncryptionAlgorithm
The algorithm to use.
- plaintext
-
Uint8Array
The text to encrypt.
- options
- EncryptOptions
Returns
Promise<EncryptResult>
sign(SignatureAlgorithm, Uint8Array, SignOptions)
Cryptographically sign the digest of a message Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.sign("RS256", digest);
function sign(algorithm: SignatureAlgorithm, digest: Uint8Array, options?: SignOptions)Parameters
- algorithm
- SignatureAlgorithm
The signing algorithm to use.
- digest
-
Uint8Array
The digest of the data to sign.
- options
- SignOptions
Returns
Promise<SignResult>
signData(SignatureAlgorithm, Uint8Array, SignOptions)
Cryptographically sign a block of data Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.signData("RS256", message);
function signData(algorithm: SignatureAlgorithm, data: Uint8Array, options?: SignOptions)Parameters
- algorithm
- SignatureAlgorithm
The signing algorithm to use.
- data
-
Uint8Array
The data to sign.
- options
- SignOptions
Returns
Promise<SignResult>
unwrapKey(KeyWrapAlgorithm, Uint8Array, UnwrapKeyOptions)
Unwraps the given wrapped key using the specified cryptography algorithm Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.unwrapKey("RSA1_5", keyToUnwrap);
function unwrapKey(algorithm: KeyWrapAlgorithm, encryptedKey: Uint8Array, options?: UnwrapKeyOptions)Parameters
- algorithm
- KeyWrapAlgorithm
The decryption algorithm to use to unwrap the key.
- encryptedKey
-
Uint8Array
The encrypted key to unwrap.
- options
- UnwrapKeyOptions
Returns
Promise<UnwrapResult>
verify(SignatureAlgorithm, Uint8Array, Uint8Array, VerifyOptions)
Verify the signed message digest Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.verify("RS256", signedDigest, signature);
function verify(algorithm: SignatureAlgorithm, digest: Uint8Array, signature: Uint8Array, options?: VerifyOptions)Parameters
- algorithm
- SignatureAlgorithm
The signing algorithm to use to verify with.
- digest
-
Uint8Array
The digest to verify.
- signature
-
Uint8Array
The signature to verify the digest against.
- options
- VerifyOptions
Returns
Promise<VerifyResult>
verifyData(SignatureAlgorithm, Uint8Array, Uint8Array, VerifyOptions)
Verify the signed block of data Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.verifyData("RS256", signedMessage, signature);
function verifyData(algorithm: SignatureAlgorithm, data: Uint8Array, signature: Uint8Array, options?: VerifyOptions)Parameters
- algorithm
- SignatureAlgorithm
The algorithm to use to verify with.
- data
-
Uint8Array
The signed block of data to verify.
- signature
-
Uint8Array
The signature to verify the block against.
- options
- VerifyOptions
Returns
Promise<VerifyResult>
wrapKey(KeyWrapAlgorithm, Uint8Array, WrapKeyOptions)
Wraps the given key using the specified cryptography algorithm Example usage:
let client = new CryptographyClient(keyVaultKey, credentials);
let result = await client.wrapKey("RSA1_5", keyToWrap);
function wrapKey(algorithm: KeyWrapAlgorithm, key: Uint8Array, options?: WrapKeyOptions)Parameters
- algorithm
- KeyWrapAlgorithm
The encryption algorithm to use to wrap the given key.
- key
-
Uint8Array
The key to wrap.
- options
- WrapKeyOptions
Returns
Promise<WrapResult>