public void OctEncryptDecryptSync() { TestEnvironment.AssertManagedHsm(); string managedHsmUrl = TestEnvironment.ManagedHsmUrl; #region Snippet:OctKeysSample4CreateKey var managedHsmClient = new KeyClient(new Uri(managedHsmUrl), new DefaultAzureCredential()); var octKeyOptions = new CreateOctKeyOptions($"CloudOctKey-{Guid.NewGuid()}") { KeySize = 256, }; KeyVaultKey cloudOctKey = managedHsmClient.CreateOctKey(octKeyOptions); #endregion #region Snippet:OctKeySample4Encrypt var cryptoClient = new CryptographyClient(cloudOctKey.Id, new DefaultAzureCredential()); byte[] plaintext = Encoding.UTF8.GetBytes("A single block of plaintext"); byte[] aad = Encoding.UTF8.GetBytes("additional authenticated data"); EncryptParameters encryptParams = EncryptParameters.A256GcmParameters(plaintext, aad); EncryptResult encryptResult = cryptoClient.Encrypt(encryptParams); #endregion #region Snippet:OctKeySample4Decrypt DecryptParameters decryptParams = DecryptParameters.A256GcmParameters( encryptResult.Ciphertext, encryptResult.Iv, encryptResult.AuthenticationTag, encryptResult.AdditionalAuthenticatedData); DecryptResult decryptResult = cryptoClient.Decrypt(decryptParams); #endregion Assert.AreEqual(plaintext, decryptResult.Plaintext); // Delete and purge the key. DeleteKeyOperation operation = managedHsmClient.StartDeleteKey(octKeyOptions.Name); // You only need to wait for completion if you want to purge or recover the key. while (!operation.HasCompleted) { Thread.Sleep(2000); operation.UpdateStatus(); } managedHsmClient.PurgeDeletedKey(operation.Value.Name); }