public void OctEncryptDecryptSync()
{
TestEnvironment.AssertManagedHsm();
string managedHsmUrl = TestEnvironment.ManagedHsmUrl;
#region Snippet:OctKeysSample4CreateKey
var managedHsmClient = new KeyClient(new Uri(managedHsmUrl), new DefaultAzureCredential());
var octKeyOptions = new CreateOctKeyOptions($"CloudOctKey-{Guid.NewGuid()}")
{
KeySize = 256,
};
KeyVaultKey cloudOctKey = managedHsmClient.CreateOctKey(octKeyOptions);
#endregion
#region Snippet:OctKeySample4Encrypt
var cryptoClient = new CryptographyClient(cloudOctKey.Id, new DefaultAzureCredential());
byte[] plaintext = Encoding.UTF8.GetBytes("A single block of plaintext");
byte[] aad = Encoding.UTF8.GetBytes("additional authenticated data");
EncryptParameters encryptParams = EncryptParameters.A256GcmParameters(plaintext, aad);
EncryptResult encryptResult = cryptoClient.Encrypt(encryptParams);
#endregion
#region Snippet:OctKeySample4Decrypt
DecryptParameters decryptParams = DecryptParameters.A256GcmParameters(
encryptResult.Ciphertext,
encryptResult.Iv,
encryptResult.AuthenticationTag,
encryptResult.AdditionalAuthenticatedData);
DecryptResult decryptResult = cryptoClient.Decrypt(decryptParams);
#endregion
Assert.AreEqual(plaintext, decryptResult.Plaintext);
// Delete and purge the key.
DeleteKeyOperation operation = managedHsmClient.StartDeleteKey(octKeyOptions.Name);
// You only need to wait for completion if you want to purge or recover the key.
while (!operation.HasCompleted)
{
Thread.Sleep(2000);
operation.UpdateStatus();
}
managedHsmClient.PurgeDeletedKey(operation.Value.Name);
}
public async Task CreateOctKey()
{
string keyName = Recording.GenerateId();
CreateOctKeyOptions ecKey = new CreateOctKeyOptions(keyName, hardwareProtected: false);
KeyVaultKey keyNoHsm = await Client.CreateOctKeyAsync(ecKey);
RegisterForCleanup(keyNoHsm.Name);
KeyVaultKey keyReturned = await Client.GetKeyAsync(keyNoHsm.Name);
AssertKeyVaultKeysEqual(keyNoHsm, keyReturned);
}
public async Task CreateOctHsmKey()
{
string keyName = Recording.GenerateId();
CreateOctKeyOptions options = new CreateOctKeyOptions(keyName, hardwareProtected: true);
KeyVaultKey ecHsmkey = await Client.CreateOctKeyAsync(options);
RegisterForCleanup(keyName);
KeyVaultKey keyReturned = await Client.GetKeyAsync(keyName);
AssertKeyVaultKeysEqual(ecHsmkey, keyReturned);
}
public async Task OctEncryptDecryptAsync()
{
TestEnvironment.AssertManagedHsm();
string managedHsmUrl = TestEnvironment.ManagedHsmUrl;
var managedHsmClient = new KeyClient(new Uri(managedHsmUrl), new DefaultAzureCredential());
var octKeyOptions = new CreateOctKeyOptions($"CloudOctKey-{Guid.NewGuid()}")
{
KeySize = 256,
};
KeyVaultKey cloudOctKey = await managedHsmClient.CreateOctKeyAsync(octKeyOptions);
var cryptoClient = new CryptographyClient(cloudOctKey.Id, new DefaultAzureCredential());
byte[] plaintext = Encoding.UTF8.GetBytes("A single block of plaintext");
byte[] aad = Encoding.UTF8.GetBytes("additional authenticated data");
EncryptParameters encryptParams = EncryptParameters.A256GcmParameters(plaintext, aad);
EncryptResult encryptResult = await cryptoClient.EncryptAsync(encryptParams);
DecryptParameters decryptParams = DecryptParameters.A256GcmParameters(
encryptResult.Ciphertext,
encryptResult.Iv,
encryptResult.AuthenticationTag,
encryptResult.AdditionalAuthenticatedData);
DecryptResult decryptResult = await cryptoClient.DecryptAsync(decryptParams);
Assert.AreEqual(plaintext, decryptResult.Plaintext);
// Delete and purge the key.
DeleteKeyOperation operation = await managedHsmClient.StartDeleteKeyAsync(octKeyOptions.Name);
// You only need to wait for completion if you want to purge or recover the key.
await operation.WaitForCompletionAsync();
managedHsmClient.PurgeDeletedKey(operation.Value.Name);
}
