com.azure.security.keyvault.keys.cryptography.package-info Maven / Gradle / Ivy
Show all versions of azure-security-keyvault-keys Show documentation
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
/**
* Azure Key Vault is a cloud-based service
* provided by Microsoft Azure that allows users to securely store and manage cryptographic keys used for encrypting
* and decrypting data. It is a part of Azure Key Vault, which is a cloud-based service for managing cryptographic keys,
* secrets, and certificates.
*
* The service supports various cryptographic algorithms and operations, including symmetric and asymmetric
* encryption, digital signatures, hashing, and random number generation. You can use the service to perform
* operations like encrypting sensitive data before storing it, decrypting data when needed, signing data to ensure
* its integrity, and verifying signatures to validate the authenticity of the data.
*
* By utilizing Azure Key Vault Cryptography service, you benefit from the strong security features provided
* by Azure Key Vault, such as hardware security modules (HSMs) for key storage and cryptographic operations,
* access control policies, and audit logging. It helps you protect your sensitive data and comply with industry
* standards and regulatory requirements.
*
* The Azure Key Vault Keys Cryptography client library allows developers to interact with the Azure Key Vault service
* from their applications. The library provides a set of APIs that enable developers to securely encrypt, decrypt,
* sign, and verify data using cryptographic keys securely stored in Key Vault.
*
* Key Concepts:
*
* What is a Cryptography Client?
* The cryptography client performs the cryptographic operations locally or calls the Azure Key Vault service
* depending on how much key information is available locally. It supports encrypting, decrypting, signing,
* verifying, key wrapping, key unwrapping, and retrieving the configured key.
* Asynchronous (`CryptographyAsyncClient`) and synchronous (`CryptographyClient`) clients exist in the SDK
* allowing for the selection of a client based on an application's use case.
*
* Getting Started
*
* In order to interact with the Azure Key Vault service, you will need to create an instance of the
* {@link com.azure.security.keyvault.keys.cryptography.CryptographyClient} class, a vault url and a
* credential object.
*
* The examples shown in this document use a credential object named DefaultAzureCredential for authentication,
* which is appropriate for most scenarios, including local development and production environments. Additionally,
* we recommend using a
*
* managed identity for authentication in production environments.
* You can find more information on different ways of authenticating and their corresponding credential types in the
*
* Azure Identity documentation".
*
* Sample: Construct Synchronous Cryptography Client
*
* The following code sample demonstrates the creation of a
* {@link com.azure.security.keyvault.keys.cryptography.CryptographyClient},
* using the {@link com.azure.security.keyvault.keys.cryptography.CryptographyClientBuilder} to configure it.
*
*
*
* CryptographyClient cryptographyClient = new CryptographyClientBuilder()
* .keyIdentifier("<your-key-id>")
* .credential(new DefaultAzureCredentialBuilder().build())
* .buildClient();
*
*
*
* Sample: Construct Asynchronous Cryptography Client
*
* The following code sample demonstrates the creation of a
* {@link com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient}, using the
* {@link com.azure.security.keyvault.keys.cryptography.CryptographyClientBuilder} to configure it.
*
*
*
* CryptographyAsyncClient cryptographyAsyncClient = new CryptographyClientBuilder()
* .keyIdentifier("<your-key-id>")
* .credential(new DefaultAzureCredentialBuilder().build())
* .buildAsyncClient();
*
*
*
*
*
*
*
* Encrypt Data
* The {@link com.azure.security.keyvault.keys.cryptography.CryptographyClient} or
* {@link com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient} can be used to encrypt data.
*
* Synchronous Code Sample:
* The following code sample demonstrates how to synchronously encrypt data using the
* {@link com.azure.security.keyvault.keys.cryptography.CryptographyClient#encrypt(com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm, byte[])} API.
*
*
*
* byte[] plaintext = new byte[100];
* new Random(0x1234567L).nextBytes(plaintext);
*
* EncryptResult encryptResult = cryptographyClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plaintext);
*
* System.out.printf("Received encrypted content of length: %d, with algorithm: %s.%n",
* encryptResult.getCipherText().length, encryptResult.getAlgorithm());
*
*
*
* Note: For the asynchronous sample, refer to
* {@link com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient}.
*
*
*
*
*
* Decrypt Data
* The {@link com.azure.security.keyvault.keys.cryptography.CryptographyClient} or
* {@link com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient} can be used to decrypt data.
*
* Synchronous Code Sample:
* The following code sample demonstrates how to synchronously decrypt data using the
* {@link com.azure.security.keyvault.keys.cryptography.CryptographyClient#decrypt(com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm, byte[])} API.
*
*
*
* byte[] ciphertext = new byte[100];
* new Random(0x1234567L).nextBytes(ciphertext);
*
* DecryptResult decryptResult = cryptographyClient.decrypt(EncryptionAlgorithm.RSA_OAEP, ciphertext);
*
* System.out.printf("Received decrypted content of length: %d.%n", decryptResult.getPlainText().length);
*
*
*
* Note: For the asynchronous sample, refer to
* {@link com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient}.
*
* @see com.azure.security.keyvault.keys.cryptography.CryptographyClient
* @see com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient
* @see com.azure.security.keyvault.keys.cryptography.CryptographyClientBuilder
*/
package com.azure.security.keyvault.keys.cryptography;