/// <summary>
/// Encrypts a plain text and then decrypts the encrypted text
/// </summary>
/// <param name="keyId"> a global key identifier of the key to get </param>
private static void EncryptDecrypt(KeyBundle key)
{
KeyOperationResult operationResult;
var algorithm = inputValidator.GetEncryptionAlgorithm();
var plainText = inputValidator.GetPlainText();
string keyVersion = inputValidator.GetKeyVersion();
if (keyVersion != string.Empty)
{
var vaultAddress = inputValidator.GetVaultAddress();
string keyName = inputValidator.GetKeyName(true);
// Encrypt the input data using the specified algorithm
operationResult = keyVaultClient.EncryptAsync(vaultAddress, keyName, keyVersion, algorithm, plainText).GetAwaiter().GetResult();
}
else
{
// If the key is not initialized get the key id from args
var keyId = (key != null) ? key.Key.Kid : inputValidator.GetKeyId();
// Encrypt the input data using the specified algorithm
operationResult = keyVaultClient.EncryptAsync(keyId, algorithm, plainText).GetAwaiter().GetResult();
}
Console.Out.WriteLine(string.Format("The text is encrypted using key id {0} and algorithm {1}", operationResult.Kid, algorithm));
// Decrypt the encrypted data
var decryptedText = keyVaultClient.DecryptAsync(operationResult.Kid, algorithm, operationResult.Result).GetAwaiter().GetResult();
Console.Out.WriteLine(string.Format("The decrypted text is {0}the same as the original key!",
plainText.SequenceEqual(decryptedText.Result) ? "" : "not "));
Console.Out.WriteLine(string.Format("The decrypted text is {0}",
Encoding.UTF8.GetString(decryptedText.Result)));
}
public async Task CreateSecret(VehiclePolicies policydata)
{
// Create the content for the Policy data to be stored as Secret
Insdata akvdata = new Insdata {
Id = policydata.Id, Inscompany = policydata.Inscompany,
Policyno = policydata.Policyno, Userid = policydata.Userid, Vehicleno = policydata.Vehicleno
};
//Create a JSON String of the Policy data to be stored as Secret
string insurancepolicysecret = JsonConvert.SerializeObject(akvdata);
byte[] datatoencrypt = System.Text.Encoding.UTF8.GetBytes(insurancepolicysecret);
string keyUri = string.Format("https://{0}.vault.azure.net/keys/{1}", _keyVaultName, _keyName);
string keyVaultUri = string.Format("https://{0}.vault.azure.net", _keyVaultName);
//Encrypt the data before it is stored as a Secret
KeyOperationResult result = await _keyVaultClient.EncryptAsync(keyUri, JsonWebKeyEncryptionAlgorithm.RSAOAEP256,
datatoencrypt);
byte[] encdata = result.Result;
string encrypteddata = Convert.ToBase64String(encdata);
//Set the Policy Start and Expiry Data to be added as attributes to the secret
SecretAttributes attribs = new SecretAttributes
{
Enabled = true,
Expires = DateTime.UtcNow.AddYears(1),
NotBefore = DateTime.UtcNow
};
IDictionary <string, string> alltags = new Dictionary <string, string>
{
{ "InsuranceCompany", policydata.Inscompany }
};
string contentType = "DigitalInsurance";
// Create a Secret with the encrypted Policy data
SecretBundle bundle = await _keyVaultClient.SetSecretAsync(keyVaultUri, policydata.Uidname,
encrypteddata, alltags, contentType, attribs);
string bundlestr = bundle.Value;
policydata.Version = bundle.SecretIdentifier.Version;
policydata.Lastmod = bundle.Attributes.Updated;
policydata.Startdate = bundle.Attributes.NotBefore;
policydata.Enddate = bundle.Attributes.Expires;
}
public async Task <byte[]> Encrypt(string keyName, string keyVersion, string algorithm,
byte[] value, CancellationToken cancellationToken)
{
var encrypt = await _keyVaultClient.EncryptAsync(_baseUrl, keyName, keyVersion, algorithm, value, cancellationToken);
return(encrypt.Result);
}
public async Task <byte[]> EncryptSecretUsingKeyVault(byte[] secret, string keyId)
{
var keyIdentifier = _keyVaultPath + "keys/" + keyId + "/";
var keyOpResult = await _keyVaultClient.EncryptAsync(keyIdentifier, JsonWebKeyEncryptionAlgorithm.RSAOAEP, secret);
return(keyOpResult.Result);
}
/// <summary>
/// Use symmetric encryption, then wrap the key using Key Vault
/// </summary>
/// <returns></returns>
private static async Task EncryptAndWrap()
{
// In real-world, these could be concatenated and stored.
byte[] iv;
byte[] wrappedKey;
Stream encryptedData = new MemoryStream();
string wrappingKeyIdentifier;
string keyWrappingEncryptionAlgorithm = JsonWebKeyEncryptionAlgorithm.RSA15;
// TODO: This (probably) doesn't use "AE" - update accordingly.
// This creates a random key and initialisation vector (IV) and encrypts the data
using (var encryptingAes = Aes.Create())
{
iv = encryptingAes.IV;
var encryptor = encryptingAes.CreateEncryptor();
using (var encryptingStream = new CryptoStream(encryptedData, encryptor, CryptoStreamMode.Write, true))
using (var writer = new StreamWriter(encryptingStream)) // NOTE: This is a text writer! Shouldn't do this if we're dealing with binary data!
{
writer.Write(inputText);
writer.Flush();
encryptingStream.Flush();
}
var wrappingResult = await keyVaultClient.WrapKeyAsync($"{keyVaultUrl}keys/{keyName}", keyWrappingEncryptionAlgorithm, encryptingAes.Key);
wrappedKey = wrappingResult.Result;
wrappingKeyIdentifier = wrappingResult.Kid;
// TODO: Test if "wrap" and "encrypt" produce the same resul;t
var encryptTest = await keyVaultClient.EncryptAsync($"{keyVaultUrl}keys/{keyName}", keyWrappingEncryptionAlgorithm, encryptingAes.Key);
}
encryptedData.Position = 0;
// Decrypt
var unwrapKeyResult = await keyVaultClient.UnwrapKeyAsync(wrappingKeyIdentifier, keyWrappingEncryptionAlgorithm, wrappedKey);
var symmetricKey = unwrapKeyResult.Result;
string decrypted;
using (var decryptingAes = Aes.Create())
{
decryptingAes.IV = iv;
decryptingAes.Key = symmetricKey;
var decryptor = decryptingAes.CreateDecryptor();
using (var decryptingStream = new CryptoStream(encryptedData, decryptor, CryptoStreamMode.Read))
using (var reader = new StreamReader(decryptingStream))
{
decrypted = reader.ReadToEnd();
}
}
if (inputText != decrypted)
{
throw new Exception("Decrypted does not match encrypted");
}
}
public static string EncryptKey(byte[] key)
{
if (kvc == null)
{
kvc = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetToken));
}
var rr = kvc.EncryptAsync(keyIdentifier, JsonWebKeyEncryptionAlgorithm.RSAOAEP, key).GetAwaiter().GetResult();
return(Convert.ToBase64String(rr.Result));
}
/// <summary>
/// Encrypte un message
/// </summary>
/// <param name="keyName">Nom de la clef d'encryptage</param>
/// <param name="message">Message à encrypter</param>
/// <returns></returns>
public async Task <string> EncryptAsync(string keyName, string message)
{
byte[] byteMessage = Encoding.Default.GetBytes(message);
KeyOperationResult result = await KeyVaultClient.EncryptAsync(
GetKeyUrl(keyName),
_encryptionAlgorithm,
byteMessage)
.ConfigureAwait(false);
return(Convert.ToBase64String(result.Result));
}
private static KeyOperationResult _encrypt(KeyBundle key, string keyVersion, string algorithm, byte[] plainText)
{
KeyOperationResult operationResult;
if (keyVersion != string.Empty)
{
var vaultAddress = inputValidator.GetVaultAddress();
string keyName = inputValidator.GetKeyName(true);
// Encrypt the input data using the specified algorithm
operationResult = keyVaultClient.EncryptAsync(vaultAddress, keyName, keyVersion, algorithm, plainText).GetAwaiter().GetResult();
}
else
{
// If the key is not initialized get the key id from args
var keyId = (key != null) ? key.Key.Kid : inputValidator.GetKeyId();
// Encrypt the input data using the specified algorithm
operationResult = keyVaultClient.EncryptAsync(keyId, algorithm, plainText).GetAwaiter().GetResult();
}
return(operationResult);
}
public void EncryptDecrypt(KeyVaultClient client, KeyIdentifier keyIdentifier, string algorithm)
{
var plainText = RandomBytes(10);
var encryptResult = client.EncryptAsync(keyIdentifier.BaseIdentifier, algorithm, plainText).GetAwaiter().GetResult();
Assert.NotNull(encryptResult);
Assert.NotNull(encryptResult.Kid);
var decryptResult = client.DecryptAsync(encryptResult.Kid, algorithm, encryptResult.Result).GetAwaiter().GetResult();
Assert.NotNull(decryptResult);
Assert.NotNull(decryptResult.Kid);
Assert.True(plainText.SequenceEqual(decryptResult.Result));
}
public async Task <ActionResult> EncryptAsync(string dataToEncrypt)
{
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
// Demonstrate how to get a key
KeyBundle key = await keyVaultClient.GetKeyAsync(keyVaultOptions.VaultBaseUrl, keyVaultOptions.KeyName);
// Here you can use the (public) key to do encryption which is faster
// Or encrypt on the Azure side using the EncryptAsync operation
// Note that you can call the EncryptAsync operation directly without calling the GetKeyAsync method above
KeyOperationResult keyOperationResult = await keyVaultClient.EncryptAsync(keyVaultOptions.VaultBaseUrl, key.KeyIdentifier.Name,
key.KeyIdentifier.Version,
JsonWebKeyEncryptionAlgorithm.RSAOAEP,
Encoding.UTF8.GetBytes(dataToEncrypt));
ViewData["Encrypted"] = Convert.ToBase64String(keyOperationResult.Result);
return(View("Index"));
}
/// <summary>
/// Encrypts a single block of data. The amount of data that may be encrypted is determined
/// by the target key type and the encryption algorithm.
/// </summary>
/// <param name="key">The web key to use for encryption</param>
/// <param name="algorithm">The encryption algorithm. For more information on possible algorithm types, see JsonWebKeyEncryptionAlgorithm.</param>
/// <param name="plaintext">The plain text to encrypt</param>
/// <returns></returns>
public static async Task <KeyOperationResult> EncryptDataAsync(this KeyVaultClient client, JsonWebKey key, string algorithm, byte[] plaintext)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
if (string.IsNullOrEmpty(algorithm))
{
throw new ArgumentNullException("algorithm");
}
if (plaintext == null)
{
throw new ArgumentNullException("plaintext");
}
return(await client.EncryptAsync(key.Kid, algorithm, plaintext).ConfigureAwait(false));
}
public async Task <byte[]> EncryptAsync(string keyId, byte[] dataToEncrypt)
{
if (string.IsNullOrEmpty(keyId))
{
throw new ArgumentNullException(keyId, "Key Id is Null.");
}
if (dataToEncrypt == null)
{
throw new ArgumentNullException(nameof(dataToEncrypt), "Data to Encrypt is Null.");
}
if (dataToEncrypt.Length == 0)
{
throw new ArgumentNullException(nameof(dataToEncrypt), "Data to Encrypt is Empty.");
}
var operationResult = await KeyVaultClient.EncryptAsync(keyId, JsonWebKeyEncryptionAlgorithm.RSAOAEP, dataToEncrypt);
return(operationResult.Result);
}
private static void KeyVaultEncryptionDemo()
{
// Use Certificate for authorization AccessToken
var keyVaultClient = new KeyVaultClient(GetAccessCertificateToken, new HttpClient());
Console.Write("Password:"******"KeyId"];
var encryptedPasswordBytes = keyVaultClient.EncryptAsync(keyId, JsonWebKeyEncryptionAlgorithm.RSAOAEP, System.Text.Encoding.UTF8.GetBytes(password))
.GetAwaiter()
.GetResult()
.Result;
Console.WriteLine("Encrypted password:{0}", System.Text.Encoding.UTF8.GetString(encryptedPasswordBytes));
Console.WriteLine("decrypting...");
var decryptedPasswordBytes = keyVaultClient.DecryptAsync(keyId, JsonWebKeyEncryptionAlgorithm.RSAOAEP, encryptedPasswordBytes)
.GetAwaiter()
.GetResult()
.Result;
Console.WriteLine("Decrypted password:{0}", System.Text.Encoding.UTF8.GetString(decryptedPasswordBytes));
}
static void Main(string[] args)
{
clientCredential = new ClientCredential(clientId, authClientSecret);
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetAccessToken));
// Obtaining the secret for our application
Console.WriteLine("#################### Secrets");
var results = keyVaultClient.GetSecretsAsync(vaultUrl).GetAwaiter().GetResult();
results.Value.ToList().ForEach(i => {
Console.WriteLine("Name: {0}, Identifier:{1}", i.Identifier.Name, i.Identifier.Identifier);
var secret = keyVaultClient.GetSecretAsync(i.Id).GetAwaiter().GetResult();
Console.WriteLine("-> Secret Value: {0} \n", secret.Value);
});
Console.ReadKey();
// Encryption and decryption of information
var keyId = "https://jangelfdez-key-vault.vault.azure.net:443/keys/softwareProtectedkey/901738e066144741944c274a192ad704";
var text = "Hello World!";
Console.WriteLine("#################### Encrypt ");
var encryptedText = keyVaultClient.EncryptAsync(keyId, JsonWebKeyEncryptionAlgorithm.RSA15, Encoding.UTF8.GetBytes(text)).GetAwaiter().GetResult();
Console.WriteLine("Text to encrypt: {0} , Encrypted (base64): {1} \n", text, Convert.ToBase64String(encryptedText.Result));
Console.ReadKey();
Console.WriteLine("#################### Decrypt");
var decryptedText = keyVaultClient.DecryptAsync(keyId, JsonWebKeyEncryptionAlgorithm.RSA15, encryptedText.Result).GetAwaiter().GetResult();
Console.WriteLine("Text to decrypt (base64): {0} , Decrypted: {1} \n", Convert.ToBase64String(encryptedText.Result), Encoding.UTF8.GetString(decryptedText.Result));
Console.ReadKey();
}
// Vytvořte Key Vault.
// Vytvořte v něm secret pojmenovaný "MySecret" s nějakou (ne zas tak tajnou :-) hodnotou).
// Vytvořte v něm klíč pojmenovaný "MyKey".
// Vytvořte v Azure Active Directory účet aplikace (WebAPI, nikoliv Native).
// Vytvořte pro aplikaci klíč.
// Zpět do Key Vault, přidělte aplikaci oprávnění práci se Secrets (Read) a Keys (Encrypt, Decrypt).
// Doplňte údaje do aplikace.
static async Task Main(string[] args)
{
string vaultAddress = "https://mykeyvaultrs.vault.azure.net/";
string secretName = "MySecretRS"; // Azure Key Vault Secret Name
string keyName = "MyKeyRS"; // Azure Key Vault Key Name
KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetAccessToken));
var secret = await keyVaultClient.GetSecretAsync(vaultAddress, secretName);
Console.WriteLine(secret /*.Value*/);
Console.WriteLine();
var encrypted = await keyVaultClient.EncryptAsync(vaultAddress, keyName, "", JsonWebKeyEncryptionAlgorithm.RSA15, System.Text.Encoding.UTF8.GetBytes("Live demo on MFF!"));
var decrypted = await keyVaultClient.DecryptAsync(vaultAddress, keyName, "", JsonWebKeyEncryptionAlgorithm.RSA15, encrypted.Result);
Console.WriteLine(String.Join(" ", encrypted.Result.Select(item => item.ToString("X2"))));
Console.WriteLine();
Console.WriteLine(String.Join("", System.Text.Encoding.UTF8.GetString(decrypted.Result)));
Console.WriteLine();
Console.ReadKey();
}
public async Task <byte[]> EncryptAsync(string keyId, byte[] dataToEncrypt)
{
var operationResult = await KeyVaultClient.EncryptAsync(keyId, JsonWebKeyEncryptionAlgorithm.RSAOAEP, dataToEncrypt);
return(operationResult.Result);
}
static void Main(string[] args)
{
string baseVaultAddress = "https://amethystevault.vault.azure.net";
// Azure AD
//KeyVaultClient keyVaultClient = new KeyVaultClient(
// new KeyVaultClient.AuthenticationCallback(GetAccessToken));
// Certificat
CertificateAccesTokenService cts = new CertificateAccesTokenService();
KeyVaultClient keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(cts.GetAccessToken));
#region Secret
Console.WriteLine("Liste des secrets du vault");
IPage <SecretItem> items = keyVaultClient
.GetSecretsAsync(baseVaultAddress)
.Result;
foreach (SecretItem item in items)
{
string name = item.Identifier.Name;
SecretBundle s = keyVaultClient
.GetSecretAsync(baseVaultAddress, name)
.Result;
Console.WriteLine("{0}: {1}", name, s.Value);
}
Console.WriteLine();
Console.WriteLine("Lecture d'un secret");
SecretBundle secret = keyVaultClient
.GetSecretAsync(baseVaultAddress + "/secrets/password")
.Result;
//SecretBundle secret = keyVaultClient
// .GetSecretAsync(vaultAddress, "password", version)
// .Result;
Console.WriteLine(secret.Value);
#endregion
#region Key
string keyName = "keyDemo";
string identifiant = baseVaultAddress + "/keys/" + keyName;
// proxy
KeyBundle key = keyVaultClient
.GetKeyAsync(baseVaultAddress, keyName)
.Result;
// encode un message
byte[] byteMessage = Encoding.Default.GetBytes("Salut le monde!");
KeyOperationResult result = keyVaultClient
.EncryptAsync(identifiant, JsonWebKeyEncryptionAlgorithm.RSAOAEP, byteMessage)
.Result;
string encoded = Convert.ToBase64String(result.Result);
Console.WriteLine("Message encodé: {0}", encoded);
// décode le message
byteMessage = Convert.FromBase64String(encoded);
result = keyVaultClient
.DecryptAsync(identifiant, JsonWebKeyEncryptionAlgorithm.RSAOAEP, byteMessage)
.Result;
string message = Encoding.Default.GetString(result.Result);
Console.WriteLine("Après décodage: {0}", message);
#endregion
#region Certificate
// proxy
CertificateBundle cert = keyVaultClient
.GetCertificateAsync(baseVaultAddress, "TestCertificate")
.Result;
Console.WriteLine(cert.X509Thumbprint.ToHexString());
// proxy
SecretBundle cert2 = keyVaultClient
.GetSecretAsync(baseVaultAddress + "/secrets/TestCertificate")
.Result;
byte[] privateKeyBytes = Convert.FromBase64String(cert2.Value);
X509Certificate2 pfx = new X509Certificate2(privateKeyBytes, (string)null, X509KeyStorageFlags.MachineKeySet);
Console.WriteLine(pfx.Thumbprint);
#endregion
}
private async Task KeysMigrationGuide()
{
#region Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_Create
AzureServiceTokenProvider provider = new AzureServiceTokenProvider();
KeyVaultClient client = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(provider.KeyVaultTokenCallback));
#endregion Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_Create
#region Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_CreateWithOptions
using (HttpClient httpClient = new HttpClient())
{
//@@AzureServiceTokenProvider provider = new AzureServiceTokenProvider();
/*@@*/ provider = new AzureServiceTokenProvider();
//@@KeyVaultClient client = new KeyVaultClient(
/*@@*/ client = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(provider.KeyVaultTokenCallback),
httpClient);
}
#endregion Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_CreateWithOptions
{
#region Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_CreateKey
// Create RSA key.
NewKeyParameters createRsaParameters = new NewKeyParameters
{
Kty = JsonWebKeyType.Rsa,
KeySize = 4096
};
KeyBundle rsaKey = await client.CreateKeyAsync("https://myvault.vault.azure.net", "rsa-key-name", createRsaParameters);
// Create Elliptic-Curve key.
NewKeyParameters createEcParameters = new NewKeyParameters
{
Kty = JsonWebKeyType.EllipticCurve,
CurveName = "P-256"
};
KeyBundle ecKey = await client.CreateKeyAsync("https://myvault.vault.azure.net", "ec-key-name", createEcParameters);
#endregion Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_CreateKey
}
{
#region Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_ListKeys
IPage <KeyItem> page = await client.GetKeysAsync("https://myvault.vault.azure.net");
foreach (KeyItem item in page)
{
KeyIdentifier keyId = item.Identifier;
KeyBundle key = await client.GetKeyAsync(keyId.Vault, keyId.Name);
}
while (page.NextPageLink != null)
{
page = await client.GetKeysNextAsync(page.NextPageLink);
foreach (KeyItem item in page)
{
KeyIdentifier keyId = item.Identifier;
KeyBundle key = await client.GetKeyAsync(keyId.Vault, keyId.Name);
}
}
#endregion Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_ListKeys
}
{
#region Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_DeleteKey
// Delete the key.
DeletedKeyBundle deletedKey = await client.DeleteKeyAsync("https://myvault.vault.azure.net", "key-name");
// Purge or recover the deleted key if soft delete is enabled.
if (deletedKey.RecoveryId != null)
{
DeletedKeyIdentifier deletedKeyId = deletedKey.RecoveryIdentifier;
// Deleting a key does not happen immediately. Wait a while and check if the deleted key exists.
while (true)
{
try
{
await client.GetDeletedKeyAsync(deletedKeyId.Vault, deletedKeyId.Name);
// Finally deleted.
break;
}
catch (KeyVaultErrorException ex) when(ex.Response.StatusCode == HttpStatusCode.NotFound)
{
// Not yet deleted...
}
}
// Purge the deleted key.
await client.PurgeDeletedKeyAsync(deletedKeyId.Vault, deletedKeyId.Name);
// You can also recover the deleted key using RecoverDeletedKeyAsync.
}
#endregion Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_DeleteKey
}
{
#region Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_Encrypt
// Encrypt a message. The plaintext must be small enough for the chosen algorithm.
byte[] plaintext = Encoding.UTF8.GetBytes("Small message to encrypt");
KeyOperationResult encrypted = await client.EncryptAsync("rsa-key-name", JsonWebKeyEncryptionAlgorithm.RSAOAEP256, plaintext);
// Decrypt the message.
KeyOperationResult decrypted = await client.DecryptAsync("rsa-key-name", JsonWebKeyEncryptionAlgorithm.RSAOAEP256, encrypted.Result);
string message = Encoding.UTF8.GetString(decrypted.Result);
#endregion Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_Encrypt
}
{
#region Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_Wrap
using (Aes aes = Aes.Create())
{
// Use a symmetric key to encrypt large amounts of data, possibly streamed...
// Now wrap the key and store the encrypted key and plaintext IV to later decrypt the key to decrypt the data.
KeyOperationResult wrapped = await client.WrapKeyAsync(
"https://myvault.vault.azure.net",
"rsa-key-name",
null,
JsonWebKeyEncryptionAlgorithm.RSAOAEP256,
aes.Key);
// Read the IV and the encrypted key from the payload, then unwrap the key.
KeyOperationResult unwrapped = await client.UnwrapKeyAsync(
"https://myvault.vault.azure.net",
"rsa-key-name",
null,
JsonWebKeyEncryptionAlgorithm.RSAOAEP256,
wrapped.Result);
aes.Key = unwrapped.Result;
// Decrypt the payload with the symmetric key.
}
#endregion Snippet:Microsoft_Azure_KeyVault_Keys_Snippets_MigrationGuide_Wrap
}
}
