com.azure.security.keyvault.keys.cryptography
Azure Key Vault is a cloud-based service provided by Microsoft Azure that allows users to securely store and manage cryptographic keys used for encrypting and decrypting data. It is a part of Azure Key Vault, which is a cloud-based service for managing cryptographic keys, secrets, and certificates.
The service supports various cryptographic algorithms and operations, including symmetric and asymmetric encryption, digital signatures, hashing, and random number generation. You can use the service to perform operations like encrypting sensitive data before storing it, decrypting data when needed, signing data to ensure its integrity, and verifying signatures to validate the authenticity of the data.
By utilizing Azure Key Vault Cryptography service, you benefit from the strong security features provided by Azure Key Vault, such as hardware security modules (HSMs) for key storage and cryptographic operations, access control policies, and audit logging. It helps you protect your sensitive data and comply with industry standards and regulatory requirements.
The Azure Key Vault Keys Cryptography client library allows developers to interact with the Azure Key Vault service from their applications. The library provides a set of APIs that enable developers to securely encrypt, decrypt, sign, and verify data using cryptographic keys securely stored in Key Vault.
Key Concepts:
What is a Cryptography Client?
The cryptography client performs the cryptographic operations locally or calls the Azure Key Vault service depending on how much key information is available locally. It supports encrypting, decrypting, signing, verifying, key wrapping, key unwrapping, and retrieving the configured key. Asynchronous (`CryptographyAsyncClient`) and synchronous (`CryptographyClient`) clients exist in the SDK allowing for the selection of a client based on an application's use case.
Getting Started
In order to interact with the Azure Key Vault service, you will need to create an instance of the CryptographyClient class, a vault url and a credential object.
The examples shown in this document use a credential object named DefaultAzureCredential for authentication, which is appropriate for most scenarios, including local development and production environments. Additionally, we recommend using a managed identity for authentication in production environments. You can find more information on different ways of authenticating and their corresponding credential types in the Azure Identity documentation".
Sample: Construct Synchronous Cryptography Client
The following code sample demonstrates the creation of a CryptographyClient, using the CryptographyClientBuilder to configure it.
CryptographyClient cryptographyClient = new CryptographyClientBuilder()
.keyIdentifier("<your-key-id>")
.credential(new DefaultAzureCredentialBuilder().build())
.buildClient();
Sample: Construct Asynchronous Cryptography Client
The following code sample demonstrates the creation of a CryptographyAsyncClient, using the CryptographyClientBuilder to configure it.
CryptographyAsyncClient cryptographyAsyncClient = new CryptographyClientBuilder()
.keyIdentifier("<your-key-id>")
.credential(new DefaultAzureCredentialBuilder().build())
.buildAsyncClient();
Encrypt Data
The CryptographyClient or CryptographyAsyncClient can be used to encrypt data.
Synchronous Code Sample:
The following code sample demonstrates how to synchronously encrypt data using the encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) API.
byte[] plaintext = new byte[100];
new Random(0x1234567L).nextBytes(plaintext);
EncryptResult encryptResult = cryptographyClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plaintext);
System.out.printf("Received encrypted content of length: %d, with algorithm: %s.%n",
encryptResult.getCipherText().length, encryptResult.getAlgorithm());
Note: For the asynchronous sample, refer to CryptographyAsyncClient.
Decrypt Data
The CryptographyClient or CryptographyAsyncClient can be used to decrypt data.
Synchronous Code Sample:
The following code sample demonstrates how to synchronously decrypt data using the decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext) API.
byte[] ciphertext = new byte[100];
new Random(0x1234567L).nextBytes(ciphertext);
DecryptResult decryptResult = cryptographyClient.decrypt(EncryptionAlgorithm.RSA_OAEP, ciphertext);
System.out.printf("Received decrypted content of length: %d.%n", decryptResult.getPlainText().length);
Note: For the asynchronous sample, refer to CryptographyAsyncClient.
|
Cryptography |
The CryptographyAsyncClient provides asynchronous methods to perform cryptographic operations using asymmetric and symmetric keys. |
|
Cryptography |
The CryptographyClient provides synchronous methods to perform cryptographic operations using asymmetric and symmetric keys. |
|
Cryptography |
This class provides a fluent builder API to help aid the configuration and instantiation of the CryptographyAsyncClient and CryptographyClient, by calling buildAsyncClient() and buildClient() respectively It constructs an instance of the desired client. |
|
Key |
A key client which is used to asynchronously wrap or unwrap another key. |
|
Key |
A key client which is used to synchronously wrap or unwrap another key. |
|
Key |
This class provides a fluent builder API to help aid the configuration and instantiation of the KeyEncryptionKey async client and KeyEncryptionKey, by calling buildAsyncKeyEncryptionKey(String keyId) and buildKeyEncryptionKey(String keyId) respectively. |
|
Cryptography |
The versions of Azure Key Vault Cryptography supported by this client library. |
Azure SDK for Java-feedback
Azure SDK for Java is een open source project. Selecteer een koppeling om feedback te geven: