CryptographyClient class

Pacote:: @azure/keyvault-keys

Um cliente usado para executar operações criptográficas em uma chave do Azure Key Vault ou em um JsonWebKeylocal.

Construtores

Constrói uma nova instância do cliente cryptography para a chave fornecida no modo local.

Uso de exemplo:

import { CryptographyClient } from "@azure/keyvault-keys";

const jsonWebKey = {
  kty: "RSA",
  kid: "test-key-123",
  use: "sig",
  alg: "RS256",
  n: new Uint8Array([112, 34, 56, 98, 123, 244, 200, 99]),
  e: new Uint8Array([1, 0, 1]),
  d: new Uint8Array([45, 67, 89, 23, 144, 200, 76, 233]),
  p: new Uint8Array([34, 89, 100, 77, 204, 56, 29, 77]),
  q: new Uint8Array([78, 99, 201, 45, 188, 34, 67, 90]),
  dp: new Uint8Array([23, 45, 78, 56, 200, 144, 32, 67]),
  dq: new Uint8Array([12, 67, 89, 144, 99, 56, 23, 45]),
  qi: new Uint8Array([78, 90, 45, 201, 34, 67, 120, 55]),
};
const client = new CryptographyClient(jsonWebKey);

CryptographyClient(string | KeyVaultKey, TokenCredential, CryptographyClientOptions)

Constrói uma nova instância do cliente cryptography para a chave fornecida

Uso de exemplo:

import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";

const credential = new DefaultAzureCredential();

const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;

const client = new KeyClient(url, credential);

// Create or retrieve a key from the keyvault
const myKey = await client.createKey("MyKey", "RSA");

// Lastly, create our cryptography client and connect to the service
const cryptographyClient = new CryptographyClient(myKey, credential);

Propriedades

keyID	A ID da chave usada para executar operações criptográficas para o cliente.
vaultUrl	A URL base para o cofre. Se um local JsonWebKey for usado vaultUrl estará vazio.

Métodos

decrypt(DecryptParameters, DecryptOptions)	Descriptografa o texto criptografado especificado com os parâmetros de descriptografia especificados. Dependendo do algoritmo usado nos parâmetros de descriptografia, o conjunto de possíveis parâmetros de descriptografia será alterado. A Microsoft recomenda que você não use CBC sem primeiro garantir a integridade do texto criptografado usando, por exemplo, um HMAC. Consulte https://learn.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode para obter mais informações. Uso de exemplo: import { DefaultAzureCredential } from "@azure/identity"; import { KeyClient, CryptographyClient } from "@azure/keyvault-keys"; const credential = new DefaultAzureCredential(); const vaultName = "<YOUR KEYVAULT NAME>"; const url = `https://${vaultName}.vault.azure.net`; const client = new KeyClient(url, credential); const myKey = await client.createKey("MyKey", "RSA"); const cryptographyClient = new CryptographyClient(myKey.id, credential); const encryptResult = await cryptographyClient.encrypt({ algorithm: "RSA1_5", plaintext: Buffer.from("My Message"), }); console.log("encrypt result: ", encryptResult.result); const decryptResult = await cryptographyClient.decrypt({ algorithm: "RSA1_5", ciphertext: encryptResult.result, }); console.log("decrypt result: ", decryptResult.result.toString());
decrypt(string, Uint8Array, DecryptOptions)	Descriptografa o texto criptografado fornecido com o algoritmo de criptografia especificado Uso de exemplo: import { DefaultAzureCredential } from "@azure/identity"; import { KeyClient, CryptographyClient } from "@azure/keyvault-keys"; const credential = new DefaultAzureCredential(); const vaultName = "<YOUR KEYVAULT NAME>"; const url = `https://${vaultName}.vault.azure.net`; const client = new KeyClient(url, credential); const myKey = await client.createKey("MyKey", "RSA"); const cryptographyClient = new CryptographyClient(myKey.id, credential); const encryptResult = await cryptographyClient.encrypt({ algorithm: "RSA1_5", plaintext: Buffer.from("My Message"), }); console.log("encrypt result: ", encryptResult.result); const decryptResult = await cryptographyClient.decrypt({ algorithm: "RSA1_5", ciphertext: encryptResult.result, }); console.log("decrypt result: ", decryptResult.result.toString()); A Microsoft recomenda que você não use CBC sem primeiro garantir a integridade do texto criptografado usando, por exemplo, um HMAC. Consulte https://learn.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode para obter mais informações.
encrypt(EncryptParameters, EncryptOptions)	Criptografa o texto sem formatação especificado com os parâmetros de criptografia especificados. Dependendo do conjunto de algoritmos nos parâmetros de criptografia, o conjunto de possíveis parâmetros de criptografia será alterado. Uso de exemplo: import { DefaultAzureCredential } from "@azure/identity"; import { KeyClient, CryptographyClient } from "@azure/keyvault-keys"; const credential = new DefaultAzureCredential(); const vaultName = "<YOUR KEYVAULT NAME>"; const url = `https://${vaultName}.vault.azure.net`; const client = new KeyClient(url, credential); const myKey = await client.createKey("MyKey", "RSA"); const cryptographyClient = new CryptographyClient(myKey.id, credential); const encryptResult = await cryptographyClient.encrypt({ algorithm: "RSA1_5", plaintext: Buffer.from("My Message"), }); console.log("encrypt result: ", encryptResult.result);
encrypt(string, Uint8Array, EncryptOptions)	Criptografa o texto sem formatação fornecido com o algoritmo de criptografia especificado Uso de exemplo: import { DefaultAzureCredential } from "@azure/identity"; import { KeyClient, CryptographyClient } from "@azure/keyvault-keys"; const credential = new DefaultAzureCredential(); const vaultName = "<YOUR KEYVAULT NAME>"; const url = `https://${vaultName}.vault.azure.net`; const client = new KeyClient(url, credential); const myKey = await client.createKey("MyKey", "RSA"); const cryptographyClient = new CryptographyClient(myKey.id, credential); const encryptResult = await cryptographyClient.encrypt({ algorithm: "RSA1_5", plaintext: Buffer.from("My Message"), }); console.log("encrypt result: ", encryptResult.result);
sign(string, Uint8Array, SignOptions)	Assinar criptograficamente o resumo de uma mensagem Uso de exemplo: import { DefaultAzureCredential } from "@azure/identity"; import { KeyClient, CryptographyClient } from "@azure/keyvault-keys"; import { createHash } from "node:crypto"; const credential = new DefaultAzureCredential(); const vaultName = "<YOUR KEYVAULT NAME>"; const url = `https://${vaultName}.vault.azure.net`; const client = new KeyClient(url, credential); let myKey = await client.createKey("MyKey", "RSA"); const cryptographyClient = new CryptographyClient(myKey, credential); const signatureValue = "MySignature"; const hash = createHash("sha256"); const digest = hash.update(signatureValue).digest(); console.log("digest: ", digest); const signResult = await cryptographyClient.sign("RS256", digest); console.log("sign result: ", signResult.result);
signData(string, Uint8Array, SignOptions)	Assinar criptograficamente um bloco de dados Uso de exemplo: import { DefaultAzureCredential } from "@azure/identity"; import { KeyClient, CryptographyClient } from "@azure/keyvault-keys"; const credential = new DefaultAzureCredential(); const vaultName = "<YOUR KEYVAULT NAME>"; const url = `https://${vaultName}.vault.azure.net`; const client = new KeyClient(url, credential); const myKey = await client.createKey("MyKey", "RSA"); const cryptographyClient = new CryptographyClient(myKey, credential); const signResult = await cryptographyClient.signData("RS256", Buffer.from("My Message")); console.log("sign result: ", signResult.result);
unwrapKey(KeyWrapAlgorithm, Uint8Array, UnwrapKeyOptions)	Desembrulha a chave encapsulada fornecida usando o algoritmo de criptografia especificado Uso de exemplo: import { DefaultAzureCredential } from "@azure/identity"; import { KeyClient, CryptographyClient } from "@azure/keyvault-keys"; const credential = new DefaultAzureCredential(); const vaultName = "<YOUR KEYVAULT NAME>"; const url = `https://${vaultName}.vault.azure.net`; const client = new KeyClient(url, credential); const myKey = await client.createKey("MyKey", "RSA"); const cryptographyClient = new CryptographyClient(myKey, credential); const wrapResult = await cryptographyClient.wrapKey("RSA-OAEP", Buffer.from("My Key")); console.log("wrap result:", wrapResult.result); const unwrapResult = await cryptographyClient.unwrapKey("RSA-OAEP", wrapResult.result); console.log("unwrap result: ", unwrapResult.result);
verify(string, Uint8Array, Uint8Array, VerifyOptions)	Verificar o resumo da mensagem assinada Uso de exemplo: import { DefaultAzureCredential } from "@azure/identity"; import { KeyClient, CryptographyClient } from "@azure/keyvault-keys"; import { createHash } from "node:crypto"; const credential = new DefaultAzureCredential(); const vaultName = "<YOUR KEYVAULT NAME>"; const url = `https://${vaultName}.vault.azure.net`; const client = new KeyClient(url, credential); const myKey = await client.createKey("MyKey", "RSA"); const cryptographyClient = new CryptographyClient(myKey, credential); const hash = createHash("sha256"); hash.update("My Message"); const digest = hash.digest(); const signResult = await cryptographyClient.sign("RS256", digest); console.log("sign result: ", signResult.result); const verifyResult = await cryptographyClient.verify("RS256", digest, signResult.result); console.log("verify result: ", verifyResult.result);
verifyData(string, Uint8Array, Uint8Array, VerifyOptions)	Verificar o bloco de dados assinado Uso de exemplo: import { DefaultAzureCredential } from "@azure/identity"; import { KeyClient, CryptographyClient } from "@azure/keyvault-keys"; const credential = new DefaultAzureCredential(); const vaultName = "<YOUR KEYVAULT NAME>"; const url = `https://${vaultName}.vault.azure.net`; const client = new KeyClient(url, credential); const myKey = await client.createKey("MyKey", "RSA"); const cryptographyClient = new CryptographyClient(myKey, credential); const buffer = Buffer.from("My Message"); const signResult = await cryptographyClient.signData("RS256", buffer); console.log("sign result: ", signResult.result); const verifyResult = await cryptographyClient.verifyData("RS256", buffer, signResult.result); console.log("verify result: ", verifyResult.result);
wrapKey(KeyWrapAlgorithm, Uint8Array, WrapKeyOptions)	Encapsula a chave fornecida usando o algoritmo de criptografia especificado Uso de exemplo: import { DefaultAzureCredential } from "@azure/identity"; import { KeyClient, CryptographyClient } from "@azure/keyvault-keys"; const credential = new DefaultAzureCredential(); const vaultName = "<YOUR KEYVAULT NAME>"; const url = `https://${vaultName}.vault.azure.net`; const client = new KeyClient(url, credential); const myKey = await client.createKey("MyKey", "RSA"); const cryptographyClient = new CryptographyClient(myKey, credential); const wrapResult = await cryptographyClient.wrapKey("RSA-OAEP", Buffer.from("My Key")); console.log("wrap result:", wrapResult.result);

Detalhes do construtor

CryptographyClient(JsonWebKey)

Constrói uma nova instância do cliente cryptography para a chave fornecida no modo local.

Uso de exemplo:

import { CryptographyClient } from "@azure/keyvault-keys";

const jsonWebKey = {
  kty: "RSA",
  kid: "test-key-123",
  use: "sig",
  alg: "RS256",
  n: new Uint8Array([112, 34, 56, 98, 123, 244, 200, 99]),
  e: new Uint8Array([1, 0, 1]),
  d: new Uint8Array([45, 67, 89, 23, 144, 200, 76, 233]),
  p: new Uint8Array([34, 89, 100, 77, 204, 56, 29, 77]),
  q: new Uint8Array([78, 99, 201, 45, 188, 34, 67, 90]),
  dp: new Uint8Array([23, 45, 78, 56, 200, 144, 32, 67]),
  dq: new Uint8Array([12, 67, 89, 144, 99, 56, 23, 45]),
  qi: new Uint8Array([78, 90, 45, 201, 34, 67, 120, 55]),
};
const client = new CryptographyClient(jsonWebKey);

new CryptographyClient(key: JsonWebKey)

Parâmetros

key: JsonWebKey

O JsonWebKey a ser usado durante operações de criptografia.

CryptographyClient(string | KeyVaultKey, TokenCredential, CryptographyClientOptions)

Constrói uma nova instância do cliente cryptography para a chave fornecida

Uso de exemplo:

import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";

const credential = new DefaultAzureCredential();

const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;

const client = new KeyClient(url, credential);

// Create or retrieve a key from the keyvault
const myKey = await client.createKey("MyKey", "RSA");

// Lastly, create our cryptography client and connect to the service
const cryptographyClient = new CryptographyClient(myKey, credential);

new CryptographyClient(key: string | KeyVaultKey, credential: TokenCredential, pipelineOptions?: CryptographyClientOptions)

Parâmetros

key: string | KeyVaultKey

A chave a ser usada durante as tarefas de criptografia. Você também pode passar o identificador da chave, ou seja, sua URL aqui.

credential: TokenCredential

Um objeto que implementa a interface TokenCredential usada para autenticar solicitações no serviço. Use o pacote @azure/identity para criar uma credencial que atenda às suas necessidades.

pipelineOptions: CryptographyClientOptions

Opções de pipeline usadas para configurar solicitações de API do Key Vault. Omita esse parâmetro para usar a configuração de pipeline padrão.

Detalhes da propriedade

keyID

A ID da chave usada para executar operações criptográficas para o cliente.

undefined | string keyID

Valor da propriedade

undefined | string

vaultUrl

A URL base para o cofre. Se um local JsonWebKey for usado vaultUrl estará vazio.

string vaultUrl

Valor da propriedade

string

Detalhes do método

decrypt(DecryptParameters, DecryptOptions)

Descriptografa o texto criptografado especificado com os parâmetros de descriptografia especificados. Dependendo do algoritmo usado nos parâmetros de descriptografia, o conjunto de possíveis parâmetros de descriptografia será alterado.

A Microsoft recomenda que você não use CBC sem primeiro garantir a integridade do texto criptografado usando, por exemplo, um HMAC. Consulte https://learn.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode para obter mais informações.

Uso de exemplo:

import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";

const credential = new DefaultAzureCredential();

const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;

const client = new KeyClient(url, credential);

const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey.id, credential);

const encryptResult = await cryptographyClient.encrypt({
  algorithm: "RSA1_5",
  plaintext: Buffer.from("My Message"),
});
console.log("encrypt result: ", encryptResult.result);

const decryptResult = await cryptographyClient.decrypt({
  algorithm: "RSA1_5",
  ciphertext: encryptResult.result,
});
console.log("decrypt result: ", decryptResult.result.toString());

function decrypt(decryptParameters: DecryptParameters, options?: DecryptOptions): Promise<DecryptResult>

Parâmetros

decryptParameters: DecryptParameters

Os parâmetros de descriptografia.

options: DecryptOptions

Opções adicionais.

Retornos

Promise<DecryptResult>

decrypt(string, Uint8Array, DecryptOptions)

Aviso

Essa API foi preterida.

Use decrypt({ algorithm, ciphertext }, options) instead.

Descriptografa o texto criptografado fornecido com o algoritmo de criptografia especificado

Uso de exemplo:

import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";

const credential = new DefaultAzureCredential();

const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;

const client = new KeyClient(url, credential);

const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey.id, credential);

const encryptResult = await cryptographyClient.encrypt({
  algorithm: "RSA1_5",
  plaintext: Buffer.from("My Message"),
});
console.log("encrypt result: ", encryptResult.result);

const decryptResult = await cryptographyClient.decrypt({
  algorithm: "RSA1_5",
  ciphertext: encryptResult.result,
});
console.log("decrypt result: ", decryptResult.result.toString());

function decrypt(algorithm: string, ciphertext: Uint8Array, options?: DecryptOptions): Promise<DecryptResult>

Parâmetros

algorithm: string

O algoritmo a ser usado.

ciphertext: Uint8Array

O texto a ser descriptografado.

options: DecryptOptions

Opções adicionais.

Retornos

Promise<DecryptResult>

encrypt(EncryptParameters, EncryptOptions)

Criptografa o texto sem formatação especificado com os parâmetros de criptografia especificados. Dependendo do conjunto de algoritmos nos parâmetros de criptografia, o conjunto de possíveis parâmetros de criptografia será alterado.

Uso de exemplo:

import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";

const credential = new DefaultAzureCredential();

const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;

const client = new KeyClient(url, credential);

const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey.id, credential);

const encryptResult = await cryptographyClient.encrypt({
  algorithm: "RSA1_5",
  plaintext: Buffer.from("My Message"),
});
console.log("encrypt result: ", encryptResult.result);

function encrypt(encryptParameters: EncryptParameters, options?: EncryptOptions): Promise<EncryptResult>

Parâmetros

encryptParameters: EncryptParameters

Os parâmetros de criptografia, inseridos no algoritmo de criptografia escolhido.

options: EncryptOptions

Opções adicionais.

Retornos

Promise<EncryptResult>

encrypt(string, Uint8Array, EncryptOptions)

Aviso

Essa API foi preterida.

Use encrypt({ algorithm, plaintext }, options) instead.

Criptografa o texto sem formatação fornecido com o algoritmo de criptografia especificado

Uso de exemplo:

import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";

const credential = new DefaultAzureCredential();

const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;

const client = new KeyClient(url, credential);

const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey.id, credential);

const encryptResult = await cryptographyClient.encrypt({
  algorithm: "RSA1_5",
  plaintext: Buffer.from("My Message"),
});
console.log("encrypt result: ", encryptResult.result);

function encrypt(algorithm: string, plaintext: Uint8Array, options?: EncryptOptions): Promise<EncryptResult>

Parâmetros

algorithm: string

O algoritmo a ser usado.

plaintext: Uint8Array

O texto a ser criptografado.

options: EncryptOptions

Opções adicionais.

Retornos

Promise<EncryptResult>

sign(string, Uint8Array, SignOptions)

Assinar criptograficamente o resumo de uma mensagem

Uso de exemplo:

import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
import { createHash } from "node:crypto";

const credential = new DefaultAzureCredential();

const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;

const client = new KeyClient(url, credential);

let myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey, credential);

const signatureValue = "MySignature";
const hash = createHash("sha256");

const digest = hash.update(signatureValue).digest();
console.log("digest: ", digest);

const signResult = await cryptographyClient.sign("RS256", digest);
console.log("sign result: ", signResult.result);

function sign(algorithm: string, digest: Uint8Array, options?: SignOptions): Promise<SignResult>

Parâmetros

algorithm: string

O algoritmo de assinatura a ser usado.

digest: Uint8Array

O resumo dos dados a serem assinados.

options: SignOptions

Opções adicionais.

Retornos

Promise<SignResult>

signData(string, Uint8Array, SignOptions)

Assinar criptograficamente um bloco de dados

Uso de exemplo:

import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";

const credential = new DefaultAzureCredential();

const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;

const client = new KeyClient(url, credential);

const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey, credential);

const signResult = await cryptographyClient.signData("RS256", Buffer.from("My Message"));
console.log("sign result: ", signResult.result);

function signData(algorithm: string, data: Uint8Array, options?: SignOptions): Promise<SignResult>

Parâmetros

algorithm: string

O algoritmo de assinatura a ser usado.

data: Uint8Array

Os dados a serem assinados.

options: SignOptions

Opções adicionais.

Retornos

Promise<SignResult>

unwrapKey(KeyWrapAlgorithm, Uint8Array, UnwrapKeyOptions)

Desembrulha a chave encapsulada fornecida usando o algoritmo de criptografia especificado

Uso de exemplo:

import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";

const credential = new DefaultAzureCredential();

const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;

const client = new KeyClient(url, credential);

const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey, credential);

const wrapResult = await cryptographyClient.wrapKey("RSA-OAEP", Buffer.from("My Key"));
console.log("wrap result:", wrapResult.result);

const unwrapResult = await cryptographyClient.unwrapKey("RSA-OAEP", wrapResult.result);
console.log("unwrap result: ", unwrapResult.result);

function unwrapKey(algorithm: KeyWrapAlgorithm, encryptedKey: Uint8Array, options?: UnwrapKeyOptions): Promise<UnwrapResult>

Parâmetros

algorithm: KeyWrapAlgorithm

O algoritmo de descriptografia a ser usado para desembrulhar a chave.

encryptedKey: Uint8Array

A chave criptografada a ser desembrulhada.

options: UnwrapKeyOptions

Opções adicionais.

Retornos

Promise<UnwrapResult>

verify(string, Uint8Array, Uint8Array, VerifyOptions)

Verificar o resumo da mensagem assinada

Uso de exemplo:

import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
import { createHash } from "node:crypto";

const credential = new DefaultAzureCredential();

const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;

const client = new KeyClient(url, credential);

const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey, credential);

const hash = createHash("sha256");
hash.update("My Message");
const digest = hash.digest();

const signResult = await cryptographyClient.sign("RS256", digest);
console.log("sign result: ", signResult.result);

const verifyResult = await cryptographyClient.verify("RS256", digest, signResult.result);
console.log("verify result: ", verifyResult.result);

function verify(algorithm: string, digest: Uint8Array, signature: Uint8Array, options?: VerifyOptions): Promise<VerifyResult>

Parâmetros

algorithm: string

O algoritmo de assinatura a ser usado para verificar.

digest: Uint8Array

O resumo a ser verificado.

signature: Uint8Array

A assinatura na qual verificar o resumo.

options: VerifyOptions

Opções adicionais.

Retornos

Promise<VerifyResult>

verifyData(string, Uint8Array, Uint8Array, VerifyOptions)

Verificar o bloco de dados assinado

Uso de exemplo:

import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";

const credential = new DefaultAzureCredential();

const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;

const client = new KeyClient(url, credential);

const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey, credential);

const buffer = Buffer.from("My Message");

const signResult = await cryptographyClient.signData("RS256", buffer);
console.log("sign result: ", signResult.result);

const verifyResult = await cryptographyClient.verifyData("RS256", buffer, signResult.result);
console.log("verify result: ", verifyResult.result);

function verifyData(algorithm: string, data: Uint8Array, signature: Uint8Array, options?: VerifyOptions): Promise<VerifyResult>

Parâmetros

algorithm: string

O algoritmo a ser usado para verificar.

data: Uint8Array

O bloco de dados assinado a ser verificado.

signature: Uint8Array

A assinatura com a qual verificar o bloco.

options: VerifyOptions

Opções adicionais.

Retornos

Promise<VerifyResult>

wrapKey(KeyWrapAlgorithm, Uint8Array, WrapKeyOptions)

Encapsula a chave fornecida usando o algoritmo de criptografia especificado

Uso de exemplo:

import { DefaultAzureCredential } from "@azure/identity";
import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";

const credential = new DefaultAzureCredential();

const vaultName = "<YOUR KEYVAULT NAME>";
const url = `https://${vaultName}.vault.azure.net`;

const client = new KeyClient(url, credential);

const myKey = await client.createKey("MyKey", "RSA");
const cryptographyClient = new CryptographyClient(myKey, credential);

const wrapResult = await cryptographyClient.wrapKey("RSA-OAEP", Buffer.from("My Key"));
console.log("wrap result:", wrapResult.result);

function wrapKey(algorithm: KeyWrapAlgorithm, key: Uint8Array, options?: WrapKeyOptions): Promise<WrapResult>

Parâmetros

algorithm: KeyWrapAlgorithm

O algoritmo de criptografia a ser usado para encapsular a chave fornecida.

key: Uint8Array

A chave a ser encapsulada.

options: WrapKeyOptions

Opções adicionais.

Retornos

Promise<WrapResult>

Compartilhar via

CryptographyClient class

Construtores

Propriedades

Métodos

Detalhes do construtor

CryptographyClient(JsonWebKey)

Parâmetros

CryptographyClient(string | KeyVaultKey, TokenCredential, CryptographyClientOptions)

Parâmetros

Detalhes da propriedade

keyID

Valor da propriedade

vaultUrl

Valor da propriedade

Detalhes do método

decrypt(DecryptParameters, DecryptOptions)

Parâmetros

Retornos

decrypt(string, Uint8Array, DecryptOptions)

Parâmetros

Retornos

encrypt(EncryptParameters, EncryptOptions)

Parâmetros

Retornos

encrypt(string, Uint8Array, EncryptOptions)

Parâmetros

Retornos

sign(string, Uint8Array, SignOptions)

Parâmetros

Retornos

signData(string, Uint8Array, SignOptions)

Parâmetros

Retornos

unwrapKey(KeyWrapAlgorithm, Uint8Array, UnwrapKeyOptions)

Parâmetros

Retornos

verify(string, Uint8Array, Uint8Array, VerifyOptions)

Parâmetros

Retornos

verifyData(string, Uint8Array, Uint8Array, VerifyOptions)

Parâmetros

Retornos

wrapKey(KeyWrapAlgorithm, Uint8Array, WrapKeyOptions)

Parâmetros

Retornos