1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
# ------------------------------------
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# ------------------------------------
from azure.keyvault.keys.crypto import CryptographyClient
from devtools_testutils import ResourceGroupPreparer, KeyVaultPreparer
from _shared.test_case import KeyVaultTestCase
from crypto_client_preparer import CryptoClientPreparer
class TestCryptoExamples(KeyVaultTestCase):
def __init__(self, *args, **kwargs):
kwargs["match_body"] = False
super(TestCryptoExamples, self).__init__(*args, **kwargs)
# pylint:disable=unused-variable
@ResourceGroupPreparer(random_name_enabled=True)
@KeyVaultPreparer()
@CryptoClientPreparer()
def test_encrypt_decrypt(self, key_client, credential, **kwargs):
key_name = self.get_resource_name("crypto-test-encrypt-key")
key_client.create_rsa_key(key_name)
# [START create_client]
# create a CryptographyClient using a KeyVaultKey instance
key = key_client.get_key(key_name)
crypto_client = CryptographyClient(key, credential)
# or a key's id, which must include a version
key_id = "https://<your vault>.vault.azure.net/keys/<key name>/fe4fdcab688c479a9aa80f01ffeac26"
crypto_client = CryptographyClient(key_id, credential)
# [END create_client]
client = CryptographyClient(key, credential)
# [START encrypt]
from azure.keyvault.keys.crypto import EncryptionAlgorithm
# the result holds the ciphertext and identifies the encryption key and algorithm used
result = client.encrypt(EncryptionAlgorithm.rsa_oaep, b"plaintext")
ciphertext = result.ciphertext
print(result.key_id)
print(result.algorithm)
# [END encrypt]
# [START decrypt]
from azure.keyvault.keys.crypto import EncryptionAlgorithm
result = client.decrypt(EncryptionAlgorithm.rsa_oaep, ciphertext)
print(result.plaintext)
# [END decrypt]
@ResourceGroupPreparer(random_name_enabled=True)
@KeyVaultPreparer()
@CryptoClientPreparer()
def test_wrap_unwrap(self, key_client, credential, **kwargs):
key_name = self.get_resource_name("crypto-test-wrapping-key")
key = key_client.create_rsa_key(key_name)
client = CryptographyClient(key, credential)
key_bytes = b"5063e6aaa845f150200547944fd199679c98ed6f99da0a0b2dafeaf1f4684496fd532c1c229968cb9dee44957fcef7ccef59ceda0b362e56bcd78fd3faee5781c623c0bb22b35beabde0664fd30e0e824aba3dd1b0afffc4a3d955ede20cf6a854d52cfd"
# [START wrap_key]
from azure.keyvault.keys.crypto import KeyWrapAlgorithm
# the result holds the encrypted key and identifies the encryption key and algorithm used
result = client.wrap_key(KeyWrapAlgorithm.rsa_oaep, key_bytes)
encrypted_key = result.encrypted_key
print(result.key_id)
print(result.algorithm)
# [END wrap_key]
# [START unwrap_key]
from azure.keyvault.keys.crypto import KeyWrapAlgorithm
result = client.unwrap_key(KeyWrapAlgorithm.rsa_oaep, encrypted_key)
key = result.key
# [END unwrap_key]
@ResourceGroupPreparer(random_name_enabled=True)
@KeyVaultPreparer()
@CryptoClientPreparer()
def test_sign_verify(self, key_client, credential, **kwargs):
key_name = self.get_resource_name("crypto-test-wrapping-key")
key = key_client.create_rsa_key(key_name)
client = CryptographyClient(key, credential)
# [START sign]
import hashlib
from azure.keyvault.keys.crypto import SignatureAlgorithm
digest = hashlib.sha256(b"plaintext").digest()
# sign returns the signature and the metadata required to verify it
result = client.sign(SignatureAlgorithm.rs256, digest)
print(result.key_id)
print(result.algorithm)
signature = result.signature
# [END sign]
# [START verify]
from azure.keyvault.keys.crypto import SignatureAlgorithm
result = client.verify(SignatureAlgorithm.rs256, digest, signature)
assert result.is_valid
# [END verify]
|
