public void CreateClient() { // Environment variable with the Key Vault endpoint. string vaultUrl = TestEnvironment.KeyVaultUrl; #region Snippet:CreateKeyClient // Create a new key client using the default credential from Azure.Identity using environment variables previously set, // including AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID. var client = new KeyClient(vaultUri: new Uri(vaultUrl), credential: new DefaultAzureCredential()); // Create a new key using the key client. KeyVaultKey key = client.CreateKey("key-name", KeyType.Rsa); // Retrieve a key using the key client. key = client.GetKey("key-name"); #endregion #region Snippet:CreateCryptographyClient // Create a new cryptography client using the same Key Vault or Managed HSM endpoint, service version, // and options as the KeyClient created earlier. var cryptoClient = client.GetCryptographyClient(key.Name, key.Properties.Version); #endregion this.client = client; this.cryptoClient = cryptoClient; }
public void EncryptDecrypt() { #region Snippet:EncryptDecrypt #if SNIPPET // Create a new cryptography client using the same Key Vault or Managed HSM endpoint, service version, // and options as the KeyClient created earlier. var cryptoClient = client.GetCryptographyClient(key.Name, key.Properties.Version); #endif byte[] plaintext = Encoding.UTF8.GetBytes("A single block of plaintext"); // encrypt the data using the algorithm RSAOAEP EncryptResult encryptResult = cryptoClient.Encrypt(EncryptionAlgorithm.RsaOaep, plaintext); // decrypt the encrypted data. DecryptResult decryptResult = cryptoClient.Decrypt(EncryptionAlgorithm.RsaOaep, encryptResult.Ciphertext); #endregion }
public async Task SerializeJsonWebKeyAsync() { // Environment variable with the Key Vault endpoint. string keyVaultUrl = TestEnvironment.KeyVaultUrl; var keyClient = new KeyClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); string rsaKeyName = $"CloudRsaKey-{Guid.NewGuid()}"; var rsaKey = new CreateRsaKeyOptions(rsaKeyName, hardwareProtected: false) { KeySize = 2048, }; KeyVaultKey cloudRsaKey = await keyClient.CreateRsaKeyAsync(rsaKey); Debug.WriteLine($"Key is returned with name {cloudRsaKey.Name} and type {cloudRsaKey.KeyType}"); string dir = Path.Combine(TestContext.CurrentContext.WorkDirectory, "samples", nameof(Sample7_SerializeJsonWebKey)); Directory.CreateDirectory(dir); string path = Path.Combine(dir, $"{nameof(SerializeJsonWebKeyAsync)}.json"); // Use `using` expression for clean sample, but scope it to close and dispose immediately. { using FileStream file = File.Create(path); await JsonSerializer.SerializeAsync(file, cloudRsaKey.Key); Debug.WriteLine($"Saved JWK to {path}"); } // Use `using` expression for clean sample, but scope it to close and dispose immediately. JsonWebKey jwk = null; { using FileStream file = File.Open(path, FileMode.Open); jwk = await JsonSerializer.DeserializeAsync <JsonWebKey>(file); Debug.WriteLine($"Read JWK from {path} with ID {jwk.Id}"); } string content = "plaintext"; var encryptClient = new CryptographyClient(jwk); byte[] plaintext = Encoding.UTF8.GetBytes(content); EncryptResult encrypted = await encryptClient.EncryptAsync(EncryptParameters.RsaOaepParameters(plaintext)); Debug.WriteLine($"Encrypted: {Encoding.UTF8.GetString(plaintext)}"); byte[] ciphertext = encrypted.Ciphertext; CryptographyClient decryptClient = keyClient.GetCryptographyClient(cloudRsaKey.Name, cloudRsaKey.Properties.Version); DecryptResult decrypted = await decryptClient.DecryptAsync(DecryptParameters.RsaOaepParameters(ciphertext)); Debug.WriteLine($"Decrypted: {Encoding.UTF8.GetString(decrypted.Plaintext)}"); DeleteKeyOperation operation = await keyClient.StartDeleteKeyAsync(rsaKeyName); // You only need to wait for completion if you want to purge or recover the key. await operation.WaitForCompletionAsync(); // If the keyvault is soft-delete enabled, then for permanent deletion, deleted key needs to be purged. keyClient.PurgeDeletedKey(rsaKeyName); }
public void SerializeJsonWebKeySync() { // Environment variable with the Key Vault endpoint. string keyVaultUrl = TestEnvironment.KeyVaultUrl; #region Snippet:KeysSample7KeyClient var keyClient = new KeyClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); #endregion #region Snippet:KeysSample7CreateKey string rsaKeyName = $"CloudRsaKey-{Guid.NewGuid()}"; var rsaKey = new CreateRsaKeyOptions(rsaKeyName, hardwareProtected: false) { KeySize = 2048, }; KeyVaultKey cloudRsaKey = keyClient.CreateRsaKey(rsaKey); Debug.WriteLine($"Key is returned with name {cloudRsaKey.Name} and type {cloudRsaKey.KeyType}"); #endregion string dir = Path.Combine(TestContext.CurrentContext.WorkDirectory, "samples", nameof(Sample7_SerializeJsonWebKey)); Directory.CreateDirectory(dir); string path = Path.Combine(dir, $"{nameof(SerializeJsonWebKeySync)}.json"); // Use `using` expression for clean sample, but scope it to close and dispose immediately. { #region Snippet:KeysSample7Serialize using FileStream file = File.Create(path); using (Utf8JsonWriter writer = new Utf8JsonWriter(file)) { JsonSerializer.Serialize(writer, cloudRsaKey.Key); } Debug.WriteLine($"Saved JWK to {path}"); #endregion } #region Snippet:KeysSamples7Deserialize byte[] buffer = File.ReadAllBytes(path); JsonWebKey jwk = JsonSerializer.Deserialize <JsonWebKey>(buffer); Debug.WriteLine($"Read JWK from {path} with ID {jwk.Id}"); #endregion string content = "plaintext"; #region Snippet:KeysSample7Encrypt var encryptClient = new CryptographyClient(jwk); byte[] plaintext = Encoding.UTF8.GetBytes(content); EncryptResult encrypted = encryptClient.Encrypt(EncryptParameters.RsaOaepParameters(plaintext)); Debug.WriteLine($"Encrypted: {Encoding.UTF8.GetString(plaintext)}"); #endregion byte[] ciphertext = encrypted.Ciphertext; #region Snippet:KeysSample7Decrypt CryptographyClient decryptClient = keyClient.GetCryptographyClient(cloudRsaKey.Name, cloudRsaKey.Properties.Version); DecryptResult decrypted = decryptClient.Decrypt(DecryptParameters.RsaOaepParameters(ciphertext)); Debug.WriteLine($"Decrypted: {Encoding.UTF8.GetString(decrypted.Plaintext)}"); #endregion DeleteKeyOperation operation = keyClient.StartDeleteKey(rsaKeyName); // You only need to wait for completion if you want to purge or recover the key. while (!operation.HasCompleted) { Thread.Sleep(2000); operation.UpdateStatus(); } // If the keyvault is soft-delete enabled, then for permanent deletion, deleted key needs to be purged. keyClient.PurgeDeletedKey(rsaKeyName); }