Class KeyEncryptionKeyClient

java.lang.Object
com.azure.security.keyvault.keys.cryptography.CryptographyClient
com.azure.security.keyvault.keys.cryptography.KeyEncryptionKeyClient
All Implemented Interfaces:
com.azure.core.cryptography.KeyEncryptionKey

public final class KeyEncryptionKeyClient extends CryptographyClient implements com.azure.core.cryptography.KeyEncryptionKey
A key client which is used to synchronously wrap or unwrap another key.

When a KeyEncryptionKeyClient gets created using a Azure Key Vault key identifier, the first time a cryptographic operation is attempted, the client will attempt to retrieve the key material from the service, cache it, and perform all future cryptographic operations locally, deferring to the service when that's not possible. If key retrieval and caching fails because of a non-retryable error, the client will not make any further attempts and will fall back to performing all cryptographic operations on the service side. Conversely, when a KeyEncryptionKeyClient created using a JSON Web Key, all cryptographic operations will be performed locally.

  • Method Details

    • getKeyId

      public String getKeyId()
      Get the identifier of the key to use for cryptography operations.
      Specified by:
      getKeyId in interface com.azure.core.cryptography.KeyEncryptionKey
      Returns:
      The key identifier.
    • wrapKey

      public byte[] wrapKey(String algorithm, byte[] key)
      Specified by:
      wrapKey in interface com.azure.core.cryptography.KeyEncryptionKey
    • unwrapKey

      public byte[] unwrapKey(String algorithm, byte[] encryptedKey)
      Specified by:
      unwrapKey in interface com.azure.core.cryptography.KeyEncryptionKey