/// <inheritdoc /> public override async Task <EncryptionKeyWrapResult> WrapKeyAsync( byte[] key, EncryptionKeyWrapMetadata metadata, CancellationToken cancellationToken) { if (metadata.Type != AzureKeyVaultKeyWrapMetadata.TypeConstant) { throw new ArgumentException("Invalid metadata", nameof(metadata)); } if (!KeyVaultKeyUriProperties.TryParse(new Uri(metadata.Value), out KeyVaultKeyUriProperties keyVaultUriProperties)) { throw new ArgumentException("KeyVault Key Uri {0} is invalid.", metadata.Value); } if (!await this.keyVaultAccessClient.ValidatePurgeProtectionAndSoftDeleteSettingsAsync(keyVaultUriProperties, cancellationToken)) { throw new ArgumentException(string.Format("Key Vault {0} provided must have soft delete and purge protection enabled.", keyVaultUriProperties.KeyUri)); } byte[] result = await this.keyVaultAccessClient.WrapKeyAsync(key, keyVaultUriProperties, cancellationToken); EncryptionKeyWrapMetadata responseMetadata = new EncryptionKeyWrapMetadata( type: metadata.Type, value: metadata.Value, algorithm: KeyVaultConstants.RsaOaep256); return(new EncryptionKeyWrapResult(result, responseMetadata)); }
/// <inheritdoc /> public override async Task <EncryptionKeyUnwrapResult> UnwrapKeyAsync( byte[] wrappedKey, EncryptionKeyWrapMetadata metadata, CancellationToken cancellationToken) { if (metadata.Type != AzureKeyVaultKeyWrapMetadata.TypeConstant) { throw new ArgumentException("Invalid metadata", nameof(metadata)); } if (metadata.Algorithm != KeyVaultConstants.RsaOaep256) { throw new ArgumentException( string.Format("Unknown encryption key wrap algorithm {0}", metadata.Algorithm), nameof(metadata)); } if (!KeyVaultKeyUriProperties.TryParse(new Uri(metadata.Value), out KeyVaultKeyUriProperties keyVaultUriProperties)) { throw new ArgumentException("KeyVault Key Uri {0} is invalid.", metadata.Value); } byte[] result = await this.keyVaultAccessClient.UnwrapKeyAsync(wrappedKey, keyVaultUriProperties, cancellationToken); return(new EncryptionKeyUnwrapResult(result, this.rawDekCacheTimeToLive)); }