CryptographyClient class
用來在 Azure Key Vault 金鑰或本機 JsonWebKey上執行密碼編譯作業的用戶端。
建構函式
| Cryptography |
在本機模式中,為指定的密鑰建構密碼編譯用戶端的新實例。 範例用法: |
| Cryptography |
為指定的金鑰建構密碼編譯用戶端的新實例 範例用法: |
屬性
| keyID | 用來執行客戶端密碼編譯作業之金鑰的識別碼。 |
| vault |
保存庫的基底 URL。 如果使用本機 JsonWebKey,vaultUrl 會是空的。 |
方法
| decrypt(Decrypt |
使用指定的解密參數解密指定的加密文字。 根據解密參數中使用的演算法,一組可能的解密參數將會變更。 Microsoft建議您不要先確保使用加密文字的完整性,例如 HMAC。 如需詳細資訊,請參閱 https://learn.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode。 範例用法: |
| decrypt(string, Uint8Array, Decrypt |
使用指定的密碼編譯演算法解密指定的加密文字 範例用法: Microsoft建議您不要先確保使用加密文字的完整性,例如 HMAC。 如需詳細資訊,請參閱 https://learn.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode。 |
| encrypt(Encrypt |
使用指定的加密參數來加密指定的純文字。 根據加密參數中設定的演算法,一組可能的加密參數將會變更。 範例用法: |
| encrypt(string, Uint8Array, Encrypt |
使用指定的密碼編譯演算法加密指定的純文字 範例用法: |
| sign(string, Uint8Array, Sign |
以密碼編譯方式簽署訊息的摘要 範例用法: |
| sign |
以密碼編譯方式簽署數據區塊 範例用法: |
| unwrap |
使用指定的密碼編譯演算法解除包裝指定的包裝密鑰 範例用法: |
| verify(string, Uint8Array, Uint8Array, Verify |
確認已簽署的訊息摘要 範例用法: |
| verify |
確認已簽署的數據區塊 範例用法: |
| wrap |
使用指定的密碼編譯演算法包裝指定的金鑰 範例用法: |
建構函式詳細資料
CryptographyClient(JsonWebKey)
在本機模式中,為指定的密鑰建構密碼編譯用戶端的新實例。
範例用法:
import { CryptographyClient } from "@azure/keyvault-keys";
const jsonWebKey = {
kty: "RSA",
kid: "test-key-123",
use: "sig",
alg: "RS256",
n: new Uint8Array([112, 34, 56, 98, 123, 244, 200, 99]),
e: new Uint8Array([1, 0, 1]),
d: new Uint8Array([45, 67, 89, 23, 144, 200, 76, 233]),
p: new Uint8Array([34, 89, 100, 77, 204, 56, 29, 77]),
q: new Uint8Array([78, 99, 201, 45, 188, 34, 67, 90]),
dp: new Uint8Array([23, 45, 78, 56, 200, 144, 32, 67]),
dq: new Uint8Array([12, 67, 89, 144, 99, 56, 23, 45]),
qi: new Uint8Array([78, 90, 45, 201, 34, 67, 120, 55]),
};
const client = new CryptographyClient(jsonWebKey);
new CryptographyClient(key: JsonWebKey)參數
- key
- JsonWebKey
在密碼編譯作業期間使用的 JsonWebKey。
CryptographyClient(string | KeyVaultKey, TokenCredential, CryptographyClientOptions)
為指定的金鑰建構密碼編譯用戶端的新實例
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
// Create or retrieve a key from the keyvault
const myKey = await client.createKey("MyKey", "RSA");
// Lastly, create our cryptography client and connect to the service
const cryptographyClient = new CryptographyClient(myKey, credential);
new CryptographyClient(key: string | KeyVaultKey, credential: TokenCredential, pipelineOptions?: CryptographyClientOptions)參數
- key
-
string | KeyVaultKey
密碼編譯工作期間要使用的密鑰。 您也可以在這裡傳遞密鑰的識別碼,也就是其URL。
- credential
- TokenCredential
對象,實作用來驗證服務要求 TokenCredential 介面。 使用 @azure/identity 套件來建立符合您需求的認證。
- pipelineOptions
- CryptographyClientOptions
用來設定 Key Vault API 要求的管線選項。 請省略此參數以使用預設管線組態。
屬性詳細資料
keyID
用來執行客戶端密碼編譯作業之金鑰的識別碼。
undefined | string keyID屬性值
undefined | string
vaultUrl
方法詳細資料
decrypt(DecryptParameters, DecryptOptions)
使用指定的解密參數解密指定的加密文字。 根據解密參數中使用的演算法,一組可能的解密參數將會變更。
Microsoft建議您不要先確保使用加密文字的完整性,例如 HMAC。 如需詳細資訊,請參閱 https://learn.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey.id, credential);
const encryptResult = await cryptographyClient.encrypt({
algorithm: "RSA1_5",
plaintext: Buffer.from("My Message"),
});
console.log("encrypt result: ", encryptResult.result);
const decryptResult = await cryptographyClient.decrypt({
algorithm: "RSA1_5",
ciphertext: encryptResult.result,
});
console.log("decrypt result: ", decryptResult.result.toString());
function decrypt(decryptParameters: DecryptParameters, options?: DecryptOptions): Promise<DecryptResult>參數
- decryptParameters
- DecryptParameters
解密參數。
- options
- DecryptOptions
其他選項。
傳回
Promise<DecryptResult>
decrypt(string, Uint8Array, DecryptOptions)
警告
此 API 現已淘汰。
Use decrypt({ algorithm, ciphertext }, options) instead.
使用指定的密碼編譯演算法解密指定的加密文字
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey.id, credential);
const encryptResult = await cryptographyClient.encrypt({
algorithm: "RSA1_5",
plaintext: Buffer.from("My Message"),
});
console.log("encrypt result: ", encryptResult.result);
const decryptResult = await cryptographyClient.decrypt({
algorithm: "RSA1_5",
ciphertext: encryptResult.result,
});
console.log("decrypt result: ", decryptResult.result.toString());
Microsoft建議您不要先確保使用加密文字的完整性,例如 HMAC。 如需詳細資訊,請參閱 https://learn.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode。
function decrypt(algorithm: string, ciphertext: Uint8Array, options?: DecryptOptions): Promise<DecryptResult>參數
- algorithm
-
string
要使用的演算法。
- ciphertext
-
Uint8Array
要解密的文字。
- options
- DecryptOptions
其他選項。
傳回
Promise<DecryptResult>
encrypt(EncryptParameters, EncryptOptions)
使用指定的加密參數來加密指定的純文字。 根據加密參數中設定的演算法,一組可能的加密參數將會變更。
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey.id, credential);
const encryptResult = await cryptographyClient.encrypt({
algorithm: "RSA1_5",
plaintext: Buffer.from("My Message"),
});
console.log("encrypt result: ", encryptResult.result);
function encrypt(encryptParameters: EncryptParameters, options?: EncryptOptions): Promise<EncryptResult>參數
- encryptParameters
- EncryptParameters
加密參數,以所選的加密演算法為金鑰。
- options
- EncryptOptions
其他選項。
傳回
Promise<EncryptResult>
encrypt(string, Uint8Array, EncryptOptions)
警告
此 API 現已淘汰。
Use encrypt({ algorithm, plaintext }, options) instead.
使用指定的密碼編譯演算法加密指定的純文字
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey.id, credential);
const encryptResult = await cryptographyClient.encrypt({
algorithm: "RSA1_5",
plaintext: Buffer.from("My Message"),
});
console.log("encrypt result: ", encryptResult.result);
function encrypt(algorithm: string, plaintext: Uint8Array, options?: EncryptOptions): Promise<EncryptResult>參數
- algorithm
-
string
要使用的演算法。
- plaintext
-
Uint8Array
要加密的文字。
- options
- EncryptOptions
其他選項。
傳回
Promise<EncryptResult>
sign(string, Uint8Array, SignOptions)
以密碼編譯方式簽署訊息的摘要
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
import { createHash } from "node:crypto";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
let myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey, credential);
const signatureValue = "MySignature";
const hash = createHash("sha256");
const digest = hash.update(signatureValue).digest();
console.log("digest: ", digest);
const signResult = await cryptographyClient.sign("RS256", digest);
console.log("sign result: ", signResult.result);
function sign(algorithm: string, digest: Uint8Array, options?: SignOptions): Promise<SignResult>參數
- algorithm
-
string
要使用的簽署演算法。
- digest
-
Uint8Array
要簽署之數據的摘要。
- options
- SignOptions
其他選項。
傳回
Promise<SignResult>
signData(string, Uint8Array, SignOptions)
以密碼編譯方式簽署數據區塊
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey, credential);
const signResult = await cryptographyClient.signData("RS256", Buffer.from("My Message"));
console.log("sign result: ", signResult.result);
function signData(algorithm: string, data: Uint8Array, options?: SignOptions): Promise<SignResult>參數
- algorithm
-
string
要使用的簽署演算法。
- data
-
Uint8Array
要簽署的數據。
- options
- SignOptions
其他選項。
傳回
Promise<SignResult>
unwrapKey(KeyWrapAlgorithm, Uint8Array, UnwrapKeyOptions)
使用指定的密碼編譯演算法解除包裝指定的包裝密鑰
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey, credential);
const wrapResult = await cryptographyClient.wrapKey("RSA-OAEP", Buffer.from("My Key"));
console.log("wrap result:", wrapResult.result);
const unwrapResult = await cryptographyClient.unwrapKey("RSA-OAEP", wrapResult.result);
console.log("unwrap result: ", unwrapResult.result);
function unwrapKey(algorithm: KeyWrapAlgorithm, encryptedKey: Uint8Array, options?: UnwrapKeyOptions): Promise<UnwrapResult>參數
- algorithm
- KeyWrapAlgorithm
用來解除包裝金鑰的解密演算法。
- encryptedKey
-
Uint8Array
要解除包裝的加密金鑰。
- options
- UnwrapKeyOptions
其他選項。
傳回
Promise<UnwrapResult>
verify(string, Uint8Array, Uint8Array, VerifyOptions)
確認已簽署的訊息摘要
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
import { createHash } from "node:crypto";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey, credential);
const hash = createHash("sha256");
hash.update("My Message");
const digest = hash.digest();
const signResult = await cryptographyClient.sign("RS256", digest);
console.log("sign result: ", signResult.result);
const verifyResult = await cryptographyClient.verify("RS256", digest, signResult.result);
console.log("verify result: ", verifyResult.result);
function verify(algorithm: string, digest: Uint8Array, signature: Uint8Array, options?: VerifyOptions): Promise<VerifyResult>參數
- algorithm
-
string
用來驗證的簽署演算法。
- digest
-
Uint8Array
要驗證的摘要。
- signature
-
Uint8Array
要驗證摘要的簽章。
- options
- VerifyOptions
其他選項。
傳回
Promise<VerifyResult>
verifyData(string, Uint8Array, Uint8Array, VerifyOptions)
確認已簽署的數據區塊
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey, credential);
const buffer = Buffer.from("My Message");
const signResult = await cryptographyClient.signData("RS256", buffer);
console.log("sign result: ", signResult.result);
const verifyResult = await cryptographyClient.verifyData("RS256", buffer, signResult.result);
console.log("verify result: ", verifyResult.result);
function verifyData(algorithm: string, data: Uint8Array, signature: Uint8Array, options?: VerifyOptions): Promise<VerifyResult>參數
- algorithm
-
string
要用來驗證的演算法。
- data
-
Uint8Array
要驗證的已簽署數據區塊。
- signature
-
Uint8Array
要驗證區塊的簽章。
- options
- VerifyOptions
其他選項。
傳回
Promise<VerifyResult>
wrapKey(KeyWrapAlgorithm, Uint8Array, WrapKeyOptions)
使用指定的密碼編譯演算法包裝指定的金鑰
範例用法:
import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
const credential = new DefaultAzureCredential();
const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;
const client = new KeyClient(url, credential);
const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey, credential);
const wrapResult = await cryptographyClient.wrapKey("RSA-OAEP", Buffer.from("My Key"));
console.log("wrap result:", wrapResult.result);
function wrapKey(algorithm: KeyWrapAlgorithm, key: Uint8Array, options?: WrapKeyOptions): Promise<WrapResult>參數
- algorithm
- KeyWrapAlgorithm
用來包裝指定金鑰的加密演算法。
- key
-
Uint8Array
要包裝的索引鍵。
- options
- WrapKeyOptions
其他選項。
傳回
Promise<WrapResult>