public override byte[] WrapKey(string encryptionKeyId, Data.Encryption.Cryptography.KeyEncryptionKeyAlgorithm algorithm, byte[] key) { return(this.encryptionKeyWrapProvider.WrapKeyAsync(encryptionKeyId, algorithm.ToString(), key) .ConfigureAwait(false) .GetAwaiter() .GetResult()); }
/// <summary> /// This function uses the asymmetric key specified by the key path /// and encrypts an unencrypted data encryption key with RSA encryption algorithm. /// </summary> /// <param name="encryptionKeyId">Identifier of an asymmetric key in Azure Key Vault. </param> /// <param name="cosmosKeyEncryptionKeyAlgorithm">The key encryption algorithm.</param> /// <param name="key">The plaintext key.</param> /// <returns>Encrypted data encryption key. </returns> public override Task <byte[]> WrapKeyAsync(string encryptionKeyId, string cosmosKeyEncryptionKeyAlgorithm, byte[] key) { Data.Encryption.Cryptography.KeyEncryptionKeyAlgorithm keyEncryptionKeyAlgorithm = cosmosKeyEncryptionKeyAlgorithm switch { KeyEncryptionKeyAlgorithm.RsaOaep => Data.Encryption.Cryptography.KeyEncryptionKeyAlgorithm.RSA_OAEP, _ => throw new NotSupportedException("This specified KeyEncryptionAlgorithm is not supported. Please refer to https://aka.ms/CosmosClientEncryption for more details. "), }; return(Task.FromResult(this.azureKeyVaultKeyStoreProvider.WrapKey(encryptionKeyId, keyEncryptionKeyAlgorithm, key))); }
public override byte[] UnwrapKey(string encryptionKeyId, Data.Encryption.Cryptography.KeyEncryptionKeyAlgorithm algorithm, byte[] encryptedKey) { // since we do not expose GetOrCreateDataEncryptionKey we first look up the cache. // Cache miss results in call to UnWrapCore which updates the cache after UnwrapKeyAsync is called. return(this.GetOrCreateDataEncryptionKey(encryptedKey.ToHexString(), UnWrapKeyCore)); // delegate that is called by GetOrCreateDataEncryptionKey, which unwraps the key and updates the cache in case of cache miss. byte[] UnWrapKeyCore() { return(this.encryptionKeyWrapProvider.UnwrapKeyAsync(encryptionKeyId, algorithm.ToString(), encryptedKey) .ConfigureAwait(false) .GetAwaiter() .GetResult()); } }