Skip to content

Commit 323a8c3

Browse files
vcolin7vcolin7
authored
Update some crypto documentation. (#19942)
Added a disclaimer about the use of CBC algorithms for decryption. Updated documentation to indicate initialization vectors should be cryptographically random and non-repeating.
1 parent 3d2904e commit 323a8c3

File tree

1 file changed

+2
-2
lines changed
  • specification/keyvault/data-plane/Microsoft.KeyVault/stable/7.3

1 file changed

+2
-2
lines changed

specification/keyvault/data-plane/Microsoft.KeyVault/stable/7.3/keys.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -567,7 +567,7 @@
567567
],
568568
"operationId": "decrypt",
569569
"summary": "Decrypts a single block of encrypted data.",
570-
"description": "The DECRYPT operation decrypts a well-formed block of ciphertext using the target encryption key and specified algorithm. This operation is the reverse of the ENCRYPT operation; only a single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to be used. The DECRYPT operation applies to asymmetric and symmetric keys stored in Azure Key Vault since it uses the private portion of the key. This operation requires the keys/decrypt permission.",
570+
"description": "The DECRYPT operation decrypts a well-formed block of ciphertext using the target encryption key and specified algorithm. This operation is the reverse of the ENCRYPT operation; only a single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to be used. The DECRYPT operation applies to asymmetric and symmetric keys stored in Azure Key Vault since it uses the private portion of the key. This operation requires the keys/decrypt permission. Microsoft recommends not to use CBC algorithms for decryption without first ensuring the integrity of the ciphertext using an HMAC, for example. See https://docs.microsoft.com/dotnet/standard/security/vulnerabilities-cbc-mode for more information.",
571571
"parameters": [
572572
{
573573
"name": "key-name",
@@ -1851,7 +1851,7 @@
18511851
"iv": {
18521852
"type": "string",
18531853
"format": "base64url",
1854-
"description": "Initialization vector for symmetric algorithms."
1854+
"description": "Cryptographically random, non-repeating initialization vector for symmetric algorithms."
18551855
},
18561856
"aad": {
18571857
"type": "string",

0 commit comments

Comments
 (0)