使用Azure密钥库客户端旧密钥版本解密

jdzmm42g 于 2022-12-19 发布在其他

关注(0)|答案(1)|浏览(196)

我使用Azure密钥库客户端和加密客户端加密数据，我能够加密数据，现在我更改了密钥版本，并尝试解密数据，但新版本无法解密数据，

var keyName = "bcdfed";
var keyVaultUrl = "https://abcd.vault.azure.net";
var token = new DefaultAzureCredential();
var keyClient = new KeyClient(new Uri(keyVaultUrl), token);
var azureKey = await keyClient.GetKeyAsync(keyName);
var cryptographyClient = keyClient
    .GetCryptographyClient(azureKey.Value.Name, azureKey.Value.Properties.Version);
var inputValue = "input some value"; 
byte[] input = Encoding.UTF8.GetBytes(inputValue);

var encryptionResult = await cryptographyClient
    .EncryptAsync(EncryptionAlgorithm.RsaOaep, input);
var encryptedString = Convert.ToBase64String(encryptionResult.Ciphertext);
byte[] encryptedResultByte = Convert.FromBase64String(encryptedString); 
await cryptographyClient
    .DecryptAsync(EncryptionAlgorithm.RsaOaep, encryptedResultByte);

我尝试使用新版本解密数据

Azure

来源：https://stackoverflow.com/questions/74819508/decryption-using-azure-keyvault-client-old-key-version

1条答案

按热度按时间

tjrkku2a1#

1.* 在Azure中创建密钥保险库。*

1.* 使用下面提到的密钥策略创建密钥。*

检查 * policies * 以创建Azure密钥。*
在代码中使用key identifier和key name。*

var keyVaultKeyIdentifier = new KeyVaultKeyIdentifier(new Uri("KeyIdnetifier"));               var credential = new DefaultAzureCredential();
  
              var keyClient = new KeyClient(keyVaultKeyIdentifier.VaultUri, credential);
  
              var keyVaultKey = keyClient.GetKey(keyVaultKeyIdentifier.Name).Value;
  
              
              var cryptographyClient = keyClient.GetCryptographyClient(keyVaultKey.Name, keyVaultKey.Properties.Version);
  
              byte[] plaintext = Encoding.UTF8.GetBytes("Some plaintext");
  
              EncryptResult encryptResult = cryptographyClient.Encrypt(EncryptionAlgorithm.RsaOaep, plaintext);
  
              DecryptResult decryptResult = cryptographyClient.Decrypt(EncryptionAlgorithm.RsaOaep, encryptResult.Ciphertext);
  
              Console.WriteLine("Encrypt Result: " + Convert.ToBase64String(encryptResult.Ciphertext));
              Console.WriteLine();
              Console.WriteLine("Decrypt Result: " + Encoding.Default.GetString(decryptResult.Plaintext));