Class BlobEncryptionPolicy

Namespace

Microsoft.WindowsAzure.Storage.Blob

Assembly

Microsoft.WindowsAzure.Storage.dll

Represents an encryption policy for performing envelope encryption/decryption of Azure blobs.

public sealed class BlobEncryptionPolicy

Inheritance

object

BlobEncryptionPolicy

Inherited Members

object.GetType()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Constructors

BlobEncryptionPolicy(IKey, IKeyResolver)

Initializes a new instance of the BlobEncryptionPolicy class with the specified key and resolver.

public BlobEncryptionPolicy(IKey key, IKeyResolver keyResolver)

Parameters

key IKey

An object of type Microsoft.Azure.KeyVault.Core.IKey that is used to wrap/unwrap the content key during encryption.

keyResolver IKeyResolver

The key resolver used to select the correct key for decrypting existing blobs.

Remarks

If the generated policy is to be used for encryption, users are expected to provide a key at the minimum. The absence of key will cause an exception to be thrown during encryption.
If the generated policy is intended to be used for decryption, users can provide a key resolver. The client library will:
1. Invoke the key resolver, if specified, to get the key.
2. If resolver is not specified but a key is specified, the client library will match the key ID against the key and use the key.

Properties

Key

An object of type Microsoft.Azure.KeyVault.Core.IKey that is used to wrap/unwrap the content key during encryption.

public IKey Key { get; }

Property Value

IKey

KeyResolver

Gets or sets the key resolver used to select the correct key for decrypting existing blobs.

public IKeyResolver KeyResolver { get; }

Property Value

IKeyResolver

A resolver that returns an Microsoft.Azure.KeyVault.Core.IKey, given a key ID.