From 2514dd17df78195d8225102cd9097a7fd8892dd0 Mon Sep 17 00:00:00 2001
From: Victor Colin Amador <vicolina@microsoft.com>
Date: Wed, 4 Nov 2020 22:17:51 -0800
Subject: [PATCH 01/15] Added support for encryption AES encryption algorithms.

---
 .../keys/cryptography/Aes128CbcPad.java       |  13 ++
 .../keyvault/keys/cryptography/Aes128Gcm.java |  13 ++
 .../{AesKw128.java => Aes128Kw.java}          |   4 +-
 .../keys/cryptography/Aes192CbcPad.java       |  13 ++
 .../keyvault/keys/cryptography/Aes192Gcm.java |  13 ++
 .../{AesKw192.java => Aes192Kw.java}          |   4 +-
 .../keys/cryptography/Aes256CbcPad.java       |  13 ++
 .../keyvault/keys/cryptography/Aes256Gcm.java |  13 ++
 .../{AesKw256.java => Aes256Kw.java}          |   4 +-
 .../keyvault/keys/cryptography/AesCbc.java    |  57 ++++-----
 .../keyvault/keys/cryptography/AesCbcPad.java | 113 ++++++++++++++++++
 .../keyvault/keys/cryptography/AesGcm.java    | 113 ++++++++++++++++++
 .../keys/cryptography/AlgorithmResolver.java  |  20 +++-
 .../SymmetricEncryptionAlgorithm.java         |  98 +++++++--------
 .../SymmetricKeyCryptographyClient.java       | 105 +++++++++++++---
 .../models/EncryptionAlgorithm.java           |  69 +++++++++--
 16 files changed, 537 insertions(+), 128 deletions(-)
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes128CbcPad.java
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes128Gcm.java
 rename sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/{AesKw128.java => Aes128Kw.java} (96%)
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes192CbcPad.java
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes192Gcm.java
 rename sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/{AesKw192.java => Aes192Kw.java} (96%)
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes256CbcPad.java
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes256Gcm.java
 rename sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/{AesKw256.java => Aes256Kw.java} (96%)
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcPad.java
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java

diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes128CbcPad.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes128CbcPad.java
new file mode 100644
index 0000000000000..c8522e89170a6
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes128CbcPad.java
@@ -0,0 +1,13 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+class Aes128CbcPad extends AesCbcPad {
+    private static final int KEY_SIZE = 128;
+    public static final String ALGORITHM_NAME = "A128CBCPAD";
+
+    Aes128CbcPad() {
+        super(ALGORITHM_NAME, KEY_SIZE);
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes128Gcm.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes128Gcm.java
new file mode 100644
index 0000000000000..0b43ea22afaa9
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes128Gcm.java
@@ -0,0 +1,13 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+public class Aes128Gcm extends AesGcm {
+    private static final int KEY_SIZE = 128;
+    public static final String ALGORITHM_NAME = "A128GCM";
+
+    Aes128Gcm() {
+        super(ALGORITHM_NAME, KEY_SIZE);
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw128.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes128Kw.java
similarity index 96%
rename from sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw128.java
rename to sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes128Kw.java
index 62043a73194ce..7da65997b4613 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw128.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes128Kw.java
@@ -10,13 +10,13 @@
 import java.security.Provider;
 import java.util.Arrays;
 
-class AesKw128 extends AesKw {
+class Aes128Kw extends AesKw {
 
     public static final String ALGORITHM_NAME = "A128KW";
 
     static final int KEY_SIZE_IN_BYTES = 128 >> 3;
 
-    AesKw128() {
+    Aes128Kw() {
         super(ALGORITHM_NAME);
     }
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes192CbcPad.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes192CbcPad.java
new file mode 100644
index 0000000000000..a68ae47f5713f
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes192CbcPad.java
@@ -0,0 +1,13 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+class Aes192CbcPad extends AesCbcPad {
+    private static final int KEY_SIZE = 192;
+    public static final String ALGORITHM_NAME = "A192CBCPAD";
+
+    Aes192CbcPad() {
+        super(ALGORITHM_NAME, KEY_SIZE);
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes192Gcm.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes192Gcm.java
new file mode 100644
index 0000000000000..3a4d89301a3e0
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes192Gcm.java
@@ -0,0 +1,13 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+public class Aes192Gcm extends AesGcm {
+    private static final int KEY_SIZE = 192;
+    public static final String ALGORITHM_NAME = "A192GCM";
+
+    Aes192Gcm() {
+        super(ALGORITHM_NAME, KEY_SIZE);
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw192.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes192Kw.java
similarity index 96%
rename from sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw192.java
rename to sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes192Kw.java
index 0af9bd7207dd8..cfe8388a14328 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw192.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes192Kw.java
@@ -10,13 +10,13 @@
 import java.security.Provider;
 import java.util.Arrays;
 
-class AesKw192 extends AesKw {
+class Aes192Kw extends AesKw {
 
     public static final String ALGORITHM_NAME = "A192KW";
 
     static final int KEY_SIZE_IN_BYTES = 192 >> 3;
 
-    AesKw192() {
+    Aes192Kw() {
         super(ALGORITHM_NAME);
     }
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes256CbcPad.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes256CbcPad.java
new file mode 100644
index 0000000000000..ac8c4478161d2
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes256CbcPad.java
@@ -0,0 +1,13 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+class Aes256CbcPad extends AesCbcPad {
+    private static final int KEY_SIZE = 256;
+    public static final String ALGORITHM_NAME = "A256CBCPAD";
+
+    Aes256CbcPad() {
+        super(ALGORITHM_NAME, KEY_SIZE);
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes256Gcm.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes256Gcm.java
new file mode 100644
index 0000000000000..193b468bb3694
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes256Gcm.java
@@ -0,0 +1,13 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+public class Aes256Gcm extends AesGcm {
+    private static final int KEY_SIZE = 256;
+    public static final String ALGORITHM_NAME = "A256GCM";
+
+    Aes256Gcm() {
+        super(ALGORITHM_NAME, KEY_SIZE);
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw256.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes256Kw.java
similarity index 96%
rename from sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw256.java
rename to sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes256Kw.java
index 3448b82490f42..d26a198be251c 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw256.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes256Kw.java
@@ -10,13 +10,13 @@
 import java.security.Provider;
 import java.util.Arrays;
 
-class AesKw256 extends AesKw {
+class Aes256Kw extends AesKw {
 
     public static final String ALGORITHM_NAME = "A256KW";
 
     static final int KEY_SIZE_IN_BYTES = 256 >> 3;
 
-    AesKw256() {
+    Aes256Kw() {
         super(ALGORITHM_NAME);
     }
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbc.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbc.java
index dc3816dbe4df5..a122849be8b56 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbc.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbc.java
@@ -16,25 +16,30 @@
 import java.util.Arrays;
 
 abstract class AesCbc extends SymmetricEncryptionAlgorithm {
-
     final int keySizeInBytes;
     final int keySize;
-    static class AesCbcDecryptor implements ICryptoTransform {
 
+    protected AesCbc(String name, int size) {
+        super(name);
+
+        keySize = size;
+        keySizeInBytes = size >> 3;
+    }
+
+    static class AesCbcEncryptor implements ICryptoTransform {
         private final Cipher cipher;
 
-        AesCbcDecryptor(byte[] key, byte[] iv, Provider provider)
-            throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
-            InvalidAlgorithmParameterException {
+        AesCbcEncryptor(byte[] key, byte[] iv, Provider provider) throws NoSuchAlgorithmException,
+            NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
 
             // Create the cipher using the Provider if specified
             if (provider == null) {
-                cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+                cipher = Cipher.getInstance("AES/CBC/NoPadding");
             } else {
-                cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", provider);
+                cipher = Cipher.getInstance("AES/CBC/NoPadding", provider);
             }
 
-            cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv));
+            cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv));
         }
 
         @Override
@@ -43,22 +48,20 @@ public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPad
         }
     }
 
-    static class AesCbcEncryptor implements ICryptoTransform {
-
+    static class AesCbcDecryptor implements ICryptoTransform {
         private final Cipher cipher;
 
-        AesCbcEncryptor(byte[] key, byte[] iv, Provider provider)
-            throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
-            InvalidAlgorithmParameterException {
+        AesCbcDecryptor(byte[] key, byte[] iv, Provider provider) throws NoSuchAlgorithmException,
+            NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
 
             // Create the cipher using the Provider if specified
             if (provider == null) {
-                cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+                cipher = Cipher.getInstance("AES/CBC/NoPadding");
             } else {
-                cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", provider);
+                cipher = Cipher.getInstance("AES/CBC/NoPadding", provider);
             }
 
-            cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv));
+            cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv));
         }
 
         @Override
@@ -67,22 +70,12 @@ public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPad
         }
     }
 
-    protected AesCbc(String name, int size) {
-        super(name);
-        keySize = size;
-        keySizeInBytes = size >> 3;
-    }
-
     @Override
     public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
 
-        if (key == null || key.length < keySizeInBytes) {
-            throw new InvalidKeyException("key must be at least " + keySize + " bits in length");
-        }
-
-        return new AesCbcEncryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, null);
+        return createEncryptor(key, iv, authenticationData, null);
     }
 
     @Override
@@ -91,7 +84,7 @@ public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authentica
         InvalidAlgorithmParameterException {
 
         if (key == null || key.length < keySizeInBytes) {
-            throw new InvalidKeyException("key must be at least " + keySize + " bits in length");
+            throw new InvalidKeyException("Key must be at least " + keySize + " bits in length.");
         }
 
         return new AesCbcEncryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, provider);
@@ -102,11 +95,7 @@ public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authentica
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
 
-        if (key == null || key.length < keySizeInBytes) {
-            throw new InvalidKeyException("key must be at least " + keySize + " bits in length");
-        }
-
-        return new AesCbcDecryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, null);
+        return createDecryptor(key, iv, authenticationData, authenticationTag, null);
     }
 
     @Override
@@ -116,7 +105,7 @@ public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authentica
         InvalidAlgorithmParameterException {
 
         if (key == null || key.length < keySizeInBytes) {
-            throw new InvalidKeyException("key must be at least " + keySize + " bits in length");
+            throw new InvalidKeyException("Key must be at least " + keySize + " bits in length.");
         }
 
         return new AesCbcDecryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, provider);
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcPad.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcPad.java
new file mode 100644
index 0000000000000..d62153e713765
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcPad.java
@@ -0,0 +1,113 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.util.Arrays;
+
+abstract class AesCbcPad extends SymmetricEncryptionAlgorithm {
+    final int keySizeInBytes;
+    final int keySize;
+
+    protected AesCbcPad(String name, int size) {
+        super(name);
+
+        keySize = size;
+        keySizeInBytes = size >> 3;
+    }
+
+    static class AesCbcPadEncryptor implements ICryptoTransform {
+        private final Cipher cipher;
+
+        AesCbcPadEncryptor(byte[] key, byte[] iv, Provider provider) throws NoSuchAlgorithmException,
+            NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
+
+            // Create the cipher using the Provider if specified
+            if (provider == null) {
+                cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+            } else {
+                cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", provider);
+            }
+
+            cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv));
+        }
+
+        @Override
+        public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException {
+            return cipher.doFinal(plaintext);
+        }
+    }
+
+    static class AesCbcPadDecryptor implements ICryptoTransform {
+        private final Cipher cipher;
+
+        AesCbcPadDecryptor(byte[] key, byte[] iv, Provider provider) throws NoSuchAlgorithmException,
+            NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
+
+            // Create the cipher using the Provider if specified
+            if (provider == null) {
+                cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+            } else {
+                cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", provider);
+            }
+
+            cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv));
+        }
+
+        @Override
+        public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException {
+            return cipher.doFinal(plaintext);
+        }
+    }
+
+    @Override
+    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData)
+        throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
+        InvalidAlgorithmParameterException {
+
+        return createEncryptor(key, iv, authenticationData, null);
+    }
+
+    @Override
+    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData, Provider provider)
+        throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
+        InvalidAlgorithmParameterException {
+
+        if (key == null || key.length < keySizeInBytes) {
+            throw new InvalidKeyException("key must be at least " + keySize + " bits in length");
+        }
+
+        return new AesCbcPadEncryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, provider);
+    }
+
+    @Override
+    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag)
+        throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
+        InvalidAlgorithmParameterException {
+
+        return createDecryptor(key, iv, authenticationData, authenticationTag, null);
+    }
+
+    @Override
+    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag,
+                                            Provider provider)
+        throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
+        InvalidAlgorithmParameterException {
+
+        if (key == null || key.length < keySizeInBytes) {
+            throw new InvalidKeyException("key must be at least " + keySize + " bits in length");
+        }
+
+        return new AesCbcPadDecryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, provider);
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java
new file mode 100644
index 0000000000000..b0946128cf9d3
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java
@@ -0,0 +1,113 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.util.Arrays;
+
+abstract class AesGcm extends SymmetricEncryptionAlgorithm {
+    final int keySizeInBytes;
+    final int keySize;
+
+    protected AesGcm(String name, int size) {
+        super(name);
+
+        keySize = size;
+        keySizeInBytes = size >> 3;
+    }
+
+    static class AesGcmEncryptor implements ICryptoTransform {
+        private final Cipher cipher;
+
+        AesGcmEncryptor(byte[] key, byte[] iv, Provider provider) throws NoSuchAlgorithmException,
+            NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
+
+            // Create the cipher using the Provider if specified
+            if (provider == null) {
+                cipher = Cipher.getInstance("AES/CBC/NoPadding");
+            } else {
+                cipher = Cipher.getInstance("AES/CBC/NoPadding", provider);
+            }
+
+            cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv));
+        }
+
+        @Override
+        public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException {
+            return cipher.doFinal(plaintext);
+        }
+    }
+
+    static class AesGcmDecryptor implements ICryptoTransform {
+        private final Cipher cipher;
+
+        AesGcmDecryptor(byte[] key, byte[] iv, Provider provider) throws NoSuchAlgorithmException,
+            NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
+
+            // Create the cipher using the Provider if specified
+            if (provider == null) {
+                cipher = Cipher.getInstance("AES/GCM/NoPadding");
+            } else {
+                cipher = Cipher.getInstance("AES/GCM/NoPadding", provider);
+            }
+
+            cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv));
+        }
+
+        @Override
+        public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException {
+            return cipher.doFinal(plaintext);
+        }
+    }
+
+    @Override
+    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData)
+        throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
+        InvalidAlgorithmParameterException {
+
+        return createEncryptor(key, iv, authenticationData, null);
+    }
+
+    @Override
+    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData, Provider provider)
+        throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
+        InvalidAlgorithmParameterException {
+
+        if (key == null || key.length < keySizeInBytes) {
+            throw new InvalidKeyException("key must be at least " + keySize + " bits in length");
+        }
+
+        return new AesGcmEncryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, provider);
+    }
+
+    @Override
+    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag)
+        throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
+        InvalidAlgorithmParameterException {
+
+        return createDecryptor(key, iv, authenticationData, authenticationTag, null);
+    }
+
+    @Override
+    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag,
+                                            Provider provider)
+        throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
+        InvalidAlgorithmParameterException {
+
+        if (key == null || key.length < keySizeInBytes) {
+            throw new InvalidKeyException("key must be at least " + keySize + " bits in length");
+        }
+
+        return new AesGcmDecryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, provider);
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AlgorithmResolver.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AlgorithmResolver.java
index ad703e5c170a9..8d9bcb1263dbf 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AlgorithmResolver.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AlgorithmResolver.java
@@ -11,17 +11,25 @@ class AlgorithmResolver {
     public static final AlgorithmResolver Default = new AlgorithmResolver();
 
     static {
+        Default.put(Aes128Cbc.ALGORITHM_NAME, new Aes128Cbc());
+        Default.put(Aes192Cbc.ALGORITHM_NAME, new Aes192Cbc());
+        Default.put(Aes256Cbc.ALGORITHM_NAME, new Aes256Cbc());
+
+        Default.put(Aes128CbcPad.ALGORITHM_NAME, new Aes128CbcPad());
+        Default.put(Aes192CbcPad.ALGORITHM_NAME, new Aes192CbcPad());
+        Default.put(Aes256CbcPad.ALGORITHM_NAME, new Aes256CbcPad());
+
         Default.put(Aes128CbcHmacSha256.ALGORITHM_NAME, new Aes128CbcHmacSha256());
         Default.put(Aes192CbcHmacSha384.ALGORITHM_NAME, new Aes192CbcHmacSha384());
         Default.put(Aes256CbcHmacSha512.ALGORITHM_NAME, new Aes256CbcHmacSha512());
 
-        Default.put(Aes128Cbc.ALGORITHM_NAME, new Aes128Cbc());
-        Default.put(Aes192Cbc.ALGORITHM_NAME, new Aes192Cbc());
-        Default.put(Aes256Cbc.ALGORITHM_NAME, new Aes256Cbc());
+        Default.put(Aes128Gcm.ALGORITHM_NAME, new Aes128Gcm());
+        Default.put(Aes192Gcm.ALGORITHM_NAME, new Aes192Gcm());
+        Default.put(Aes256Gcm.ALGORITHM_NAME, new Aes256Gcm());
 
-        Default.put(AesKw128.ALGORITHM_NAME, new AesKw128());
-        Default.put(AesKw192.ALGORITHM_NAME, new AesKw192());
-        Default.put(AesKw256.ALGORITHM_NAME, new AesKw256());
+        Default.put(Aes128Kw.ALGORITHM_NAME, new Aes128Kw());
+        Default.put(Aes192Kw.ALGORITHM_NAME, new Aes192Kw());
+        Default.put(Aes256Kw.ALGORITHM_NAME, new Aes256Kw());
 
         Default.put(Rsa15.ALGORITHM_NAME, new Rsa15());
         Default.put(RsaOaep.ALGORITHM_NAME, new RsaOaep());
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricEncryptionAlgorithm.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricEncryptionAlgorithm.java
index 4bb18a0afc31e..4e469e2b25948 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricEncryptionAlgorithm.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricEncryptionAlgorithm.java
@@ -11,11 +11,14 @@
 
 /**
  * Abstract base class for all symmetric encryption implementation.
- *
  */
 abstract class SymmetricEncryptionAlgorithm extends LocalEncryptionAlgorithm {
+    /**
+     * The block size for AES algorithms.
+     */
+    static final int BLOCK_SIZE = 128;
 
-    /*
+    /**
      * Constructor.
      *
      * @param name The name of the algorithm.
@@ -24,80 +27,67 @@ abstract class SymmetricEncryptionAlgorithm extends LocalEncryptionAlgorithm {
         super(name);
     }
 
-    /*
-     * Creates a {@link ICryptoTransform} implementation for encryption
-     * using the supplied initialization vector and the specific provider for the Java Security API.
-     * @param key
-     *          The key material to be used.
-     * @param iv
-     *          The initialization vector to be used.
-     * @param authenticationData
-     *          The authentication data to be used with authenticating encryption implementation (ignored for
-     * non-authenticating implementation)
-     * @return A {@link ICryptoTransform} implementation
+    /**
+     * Creates a {@link ICryptoTransform} implementation for encryption using the supplied initialization vector and the
+     * specific provider for the Java Security API.
+     *
+     * @param key The key material to be used.
+     * @param iv The initialization vector to be used.
+     * @param authenticationData The authentication data to be used with authenticating encryption implementation
+     * (ignored for non-authenticating implementation).
+     * @return A {@link ICryptoTransform} implementation.
      */
     abstract ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException;
 
-    /*
+    /**
      * Creates a {@link ICryptoTransform} implementation for encryption
      * using the supplied initialization vector and the specific provider for the Java Security API.
-     * @param key
-     *          The key material to be used.
-     * @param iv
-     *          The initialization vector to be used.
-     * @param authenticationData
-     *          The authentication data to be used with authenticating encryption implementation (ignored for
-     * non-authenticating implementation)
-     * @param provider
-     *          The provider to use.
-     * @return A {@link ICryptoTransform} implementation
+     *
+     * @param key The key material to be used.
+     * @param iv The initialization vector to be used.
+     * @param authenticationData The authentication data to be used with authenticating encryption implementation
+     * (ignored for non-authenticating implementation).
+     * @param provider The provider to use.
+     * @return A {@link ICryptoTransform} implementation.
      */
     abstract ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData, Provider provider)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException;
 
-    /*
-     * Creates a {@link ICryptoTransform} implementation for decryption
-     * using the supplied initialization vector and the specific provider for the Java Security API.
-     * @param key
-     *          The key material to be used.
-     * @param iv
-     *          The initialization vector to be used.
-     * @param authenticationData
-     *          The authentication data to be used with authenticating encryption implementation (ignored for
-     * non-authenticating implementation)
-     * @param authenticationTag
-     *          The authentication tag to verify when using authenticating encryption implementation (ignored for
-     * non-authenticating implementation)
-     * @return A {@link ICryptoTransform} implementation
+    /**
+     * Creates a {@link ICryptoTransform} implementation for decryption using the supplied initialization vector and the
+     * specific provider for the Java Security API.
+     *
+     * @param key The key material to be used.
+     * @param iv The initialization vector to be used.
+     * @param authenticationData The authentication data to be used with authenticating encryption implementation
+     * (ignored for non-authenticating implementation).
+     * @param authenticationTag  The authentication tag to verify when using authenticating encryption implementation
+     * (ignored for non-authenticating implementation).
+     * @return A {@link ICryptoTransform} implementation.
      */
     abstract ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenticationData,
                                               byte[] authenticationTag)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException;
 
-    /*
-     * Creates a {@link ICryptoTransform} implementation for decryption
-     * using the supplied initialization vector and the specific provider for the Java Security API.
-     * @param key
-     *          The key material to be used.
-     * @param iv
-     *          The initialization vector to be used.
-     * @param authenticationData
-     *          The authentication data to be used with authenticating encryption implementation (ignored for
-     * non-authenticating implementation)
-     * @param authenticationTag
-     *          The authentication tag to verify when using authenticating encryption implementation (ignored for
-     * non-authenticating implementation)
-     * @param provider
-     *          The provider to use.
+    /**
+     * Creates a {@link ICryptoTransform} implementation for decryption using the supplied initialization vector and the
+     * specific provider for the Java Security API.
+     *
+     * @param key The key material to be used.
+     * @param iv The initialization vector to be used.
+     * @param authenticationData The authentication data to be used with authenticating encryption implementation
+     * (ignored for non-authenticating implementation).
+     * @param authenticationTag  The authentication tag to verify when using authenticating encryption implementation
+     * (ignored for non-authenticating implementation).
+     * @param provider The provider to use.
      * @return A {@link ICryptoTransform} implementation
      */
     abstract ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenticationData,
                                               byte[] authenticationTag, Provider provider)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException;
-
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
index 8f01438692608..911d613891daf 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
@@ -18,16 +18,19 @@
 import reactor.core.publisher.Mono;
 
 import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+import static com.azure.security.keyvault.keys.cryptography.SymmetricEncryptionAlgorithm.BLOCK_SIZE;
 
 class SymmetricKeyCryptographyClient extends LocalKeyCryptographyClient {
     private final ClientLogger logger = new ClientLogger(SymmetricKeyCryptographyClient.class);
 
     private byte[] key;
 
-    /*
-     * Creates a RsaKeyCryptographyClient that uses {@code serviceClient) to service requests
+    /**
+     * Creates a {@link SymmetricKeyCryptographyClient} to perform local cryptography operations.
      *
-     * @param key the key pair to use for cryptography operations.
+     * @param serviceClient The client to route the requests through.
      */
     SymmetricKeyCryptographyClient(CryptographyServiceClient serviceClient) {
         super(serviceClient);
@@ -46,14 +49,85 @@ private byte[] getKey(JsonWebKey key) {
     }
 
     @Override
-    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, Context context, JsonWebKey jsonWebKey) {
-        return Mono.error(new UnsupportedOperationException("encrypt operation not supported for AES/OCT/Symmetric key"));
+    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, Context context,
+                                     JsonWebKey jsonWebKey) {
+        this.key = getKey(jsonWebKey);
+
+        if (key == null || key.length == 0) {
+            throw logger.logExceptionAsError(new IllegalArgumentException("Key is empty."));
+        }
+
+        // Interpret the algorithm
+        Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm.toString());
+
+        if (!(baseAlgorithm instanceof SymmetricEncryptionAlgorithm)) {
+            return Mono.error(new NoSuchAlgorithmException(algorithm.toString()));
+        }
+
+        SymmetricEncryptionAlgorithm symmetricEncryptionAlgorithm = (SymmetricEncryptionAlgorithm) baseAlgorithm;
+
+        ICryptoTransform transform;
+
+        SecureRandom secureRandom = new SecureRandom();
+        byte[] iv = new byte[BLOCK_SIZE];
+        secureRandom.nextBytes(iv);
+
+        try {
+            transform = symmetricEncryptionAlgorithm.createEncryptor(this.key, iv, null);
+        } catch (Exception e) {
+            return Mono.error(e);
+        }
+
+        byte[] encrypted;
+
+        try {
+            encrypted = transform.doFinal(plaintext);
+        } catch (Exception e) {
+            return Mono.error(e);
+        }
+
+        return Mono.just(new EncryptResult(encrypted, algorithm, jsonWebKey.getId()));
     }
 
     @Override
     Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, Context context,
                                      JsonWebKey jsonWebKey) {
-        return Mono.error(new UnsupportedOperationException("decrypt operation not supported for AES/OCT/Symmetric key"));
+        this.key = getKey(jsonWebKey);
+
+        if (key == null || key.length == 0) {
+            throw logger.logExceptionAsError(new IllegalArgumentException("Key is empty."));
+        }
+
+        // Interpret the algorithm
+        Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm.toString());
+
+        if (!(baseAlgorithm instanceof SymmetricEncryptionAlgorithm)) {
+            return Mono.error(new NoSuchAlgorithmException(algorithm.toString()));
+        }
+
+        SymmetricEncryptionAlgorithm symmetricEncryptionAlgorithm = (SymmetricEncryptionAlgorithm) baseAlgorithm;
+
+        ICryptoTransform transform;
+
+        SecureRandom secureRandom = new SecureRandom();
+        byte[] iv = new byte[BLOCK_SIZE];
+        secureRandom.nextBytes(iv);
+
+        try {
+            transform = symmetricEncryptionAlgorithm.createDecryptor(this.key, iv, null, null);
+        } catch (Exception e) {
+            return Mono.error(e);
+        }
+
+        byte[] decrypted;
+
+        try {
+            decrypted = transform.doFinal(cipherText);
+        } catch (Exception e) {
+            return Mono.error(e);
+        }
+
+        return Mono.just(new DecryptResult(decrypted, algorithm, jsonWebKey.getId()));
     }
 
     @Override
@@ -69,7 +143,6 @@ Mono<VerifyResult> verifyAsync(SignatureAlgorithm algorithm, byte[] digest, byte
 
     @Override
     Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Context context, JsonWebKey jsonWebKey) {
-
         this.key = getKey(jsonWebKey);
 
         if (key == null || key.length == 0) {
@@ -79,21 +152,21 @@ Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Context co
         // Interpret the algorithm
         Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm.toString());
 
-        if (baseAlgorithm == null || !(baseAlgorithm instanceof LocalKeyWrapAlgorithm)) {
+        if (!(baseAlgorithm instanceof LocalKeyWrapAlgorithm)) {
             return Mono.error(new NoSuchAlgorithmException(algorithm.toString()));
         }
 
-        LocalKeyWrapAlgorithm algo = (LocalKeyWrapAlgorithm) baseAlgorithm;
+        LocalKeyWrapAlgorithm localKeyWrapAlgorithm = (LocalKeyWrapAlgorithm) baseAlgorithm;
 
-        ICryptoTransform transform = null;
+        ICryptoTransform transform;
 
         try {
-            transform = algo.createEncryptor(this.key, null, null);
+            transform = localKeyWrapAlgorithm.createEncryptor(this.key, null, null);
         } catch (Exception e) {
             return Mono.error(e);
         }
 
-        byte[] encrypted = null;
+        byte[] encrypted;
 
         try {
             encrypted = transform.doFinal(key);
@@ -107,20 +180,20 @@ Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Context co
     @Override
     Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, Context context,
                                       JsonWebKey jsonWebKey) {
-        key = getKey(jsonWebKey);
+        this.key = getKey(jsonWebKey);
 
         Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm.toString());
 
-        if (baseAlgorithm == null || !(baseAlgorithm instanceof LocalKeyWrapAlgorithm)) {
+        if (!(baseAlgorithm instanceof LocalKeyWrapAlgorithm)) {
             return Mono.error(new NoSuchAlgorithmException(algorithm.toString()));
         }
 
-        LocalKeyWrapAlgorithm algo = (LocalKeyWrapAlgorithm) baseAlgorithm;
+        LocalKeyWrapAlgorithm localKeyWrapAlgorithm = (LocalKeyWrapAlgorithm) baseAlgorithm;
 
         ICryptoTransform transform;
 
         try {
-            transform = algo.createDecryptor(key, null, null);
+            transform = localKeyWrapAlgorithm.createDecryptor(key, null, null);
         } catch (Exception e) {
             return Mono.error(e);
         }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/models/EncryptionAlgorithm.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/models/EncryptionAlgorithm.java
index c59f1b0d3e53c..ba21cb8ce3f57 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/models/EncryptionAlgorithm.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/models/EncryptionAlgorithm.java
@@ -27,11 +27,36 @@ public final class EncryptionAlgorithm extends ExpandableStringEnum<EncryptionAl
      * Static value RSA1_5 for EncryptionAlgorithm.
      */
     public static final EncryptionAlgorithm RSA1_5 = fromString("RSA1_5");
-    
+
     /**
-     * Static value A256CBC_HS512 for EncryptionAlgorithm.
+     * Static value A128CBC for EncryptionAlgorithm.
      */
-    public static final EncryptionAlgorithm A256CBC_HS512 = fromString("A256CBC-HS512");
+    public static final EncryptionAlgorithm A128CBC = fromString("A128CBC");
+
+    /**
+     * Static value A192CBC for EncryptionAlgorithm.
+     */
+    public static final EncryptionAlgorithm A192CBC = fromString("A192CBC");
+
+    /**
+     * Static value A256CBC for EncryptionAlgorithm.
+     */
+    public static final EncryptionAlgorithm A256CBC = fromString("A256CBC");
+
+    /**
+     * Static value A128CBCPAD for EncryptionAlgorithm.
+     */
+    public static final EncryptionAlgorithm A128CBCPAD = fromString("A128CBCPAD");
+
+    /**
+     * Static value A192CBCPAD for EncryptionAlgorithm.
+     */
+    public static final EncryptionAlgorithm A192CBCPAD = fromString("A192CBCPAD");
+
+    /**
+     * Static value A256CBCPAD for EncryptionAlgorithm.
+     */
+    public static final EncryptionAlgorithm A256CBCPAD = fromString("A256CBCPAD");
 
     /**
      * Static value A128CBC_HS256 for EncryptionAlgorithm.
@@ -42,21 +67,41 @@ public final class EncryptionAlgorithm extends ExpandableStringEnum<EncryptionAl
      * Static value A192CBC_HS384 for EncryptionAlgorithm.
      */
     public static final EncryptionAlgorithm A192CBC_HS384 = fromString("A192CBC-HS384");
-    
+
     /**
-     * Static value A256CBC for EncryptionAlgorithm.
+     * Static value A256CBC_HS512 for EncryptionAlgorithm.
      */
-    public static final EncryptionAlgorithm A256CBC = fromString("A256CBC");
-    
+    public static final EncryptionAlgorithm A256CBC_HS512 = fromString("A256CBC-HS512");
+
     /**
-     * Static value A192CBC for EncryptionAlgorithm.
+     * Static value A128GCM for EncryptionAlgorithm.
      */
-    public static final EncryptionAlgorithm A192CBC = fromString("A192CBC"); 
-    
+    public static final EncryptionAlgorithm A128GCM = fromString("A128GCM");
+
     /**
-     * Static value A128CBC for EncryptionAlgorithm.
+     * Static value A192GCM for EncryptionAlgorithm.
      */
-    public static final EncryptionAlgorithm A128CBC = fromString("A128CBC");
+    public static final EncryptionAlgorithm A192GCM = fromString("A192GCM");
+
+    /**
+     * Static value A256GCM for EncryptionAlgorithm.
+     */
+    public static final EncryptionAlgorithm A256GCM = fromString("A256GCM");
+
+    /**
+     * Static value A128KW for EncryptionAlgorithm.
+     */
+    public static final EncryptionAlgorithm A128KW = fromString("A128KW");
+
+    /**
+     * Static value A192KW for EncryptionAlgorithm.
+     */
+    public static final EncryptionAlgorithm A192KW = fromString("A192KW");
+
+    /**
+     * Static value A256KW for EncryptionAlgorithm.
+     */
+    public static final EncryptionAlgorithm A256KW = fromString("A256KW");
 
     /**
      * Creates or finds a EncryptionAlgorithm from its string representation.

From c48a75a5b0e05932cd02c874825e61eb3e193bb4 Mon Sep 17 00:00:00 2001
From: Victor Colin Amador <vicolina@microsoft.com>
Date: Wed, 4 Nov 2020 23:31:19 -0800
Subject: [PATCH 02/15] Added CryptographyOptions and ensured the
 initialization vector is populated before attempting to perform any local
 cryptography operations on symmetric keys.

---
 .../cryptography/CryptographyAsyncClient.java | 257 ++++++++++++++----
 .../cryptography/CryptographyOptions.java     |  91 +++++++
 .../CryptographyServiceClient.java            |  43 ++-
 .../cryptography/EcKeyCryptographyClient.java |  14 +-
 .../cryptography/KeyOperationParameters.java  |  77 ++++++
 .../cryptography/KeyWrapUnwrapRequest.java    |  77 ++++++
 .../LocalKeyCryptographyClient.java           |  15 +-
 .../RsaKeyCryptographyClient.java             |  34 ++-
 .../SymmetricKeyCryptographyClient.java       |  61 +++--
 .../cryptography/CryptographyClientTest.java  |  11 +-
 10 files changed, 565 insertions(+), 115 deletions(-)
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyOptions.java

diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
index e758d5fff1217..76de90e2153ff 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
@@ -201,9 +201,12 @@ Mono<JsonWebKey> getSecretKey() {
      * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
      *
      * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
-     * {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256}, {@link EncryptionAlgorithm#A192CBC A192CBC},
-     * {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384}, {@link EncryptionAlgorithm#A256CBC A256CBC} and
-     * {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512}</p>
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
      *
      * <p><strong>Code Samples</strong></p>
      * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
@@ -213,35 +216,74 @@ Mono<JsonWebKey> getSecretKey() {
      * @param algorithm The algorithm to be used for encryption.
      * @param plaintext The content to be encrypted.
      * @return A {@link Mono} containing a {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text}
-     *     contains the encrypted content.
-     * @throws ResourceNotFoundException if the key cannot be found for encryption.
-     * @throws UnsupportedOperationException if the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or  {@code plainText} is null.
+     * contains the encrypted content.
+     * @throws ResourceNotFoundException If the key cannot be found for encryption.
+     * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
+        return encrypt(algorithm, plaintext, null);
+    }
+
+    /**
+     * Encrypts an arbitrary sequence of bytes using the configured key. Note that the encrypt operation only supports a
+     * single block of data, the size of which is dependent on the target key and the encryption algorithm to be used.
+     * The encrypt operation is supported for both symmetric keys and asymmetric keys. In case of asymmetric keys public
+     * portion of the key is used for encryption. This operation requires the keys/encrypt permission.
+     *
+     * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for encrypting the
+     * specified {@code plaintext}. Possible values for assymetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
+     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
+     *
+     * <p><strong>Code Samples</strong></p>
+     * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
+     * a response has been received.</p>
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte}
+     *
+     * @param algorithm The algorithm to be used for encryption.
+     * @param plaintext The content to be encrypted.
+     * @param options Optional parameters for the encryption operation.
+     * @return A {@link Mono} containing a {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text}
+     * contains the encrypted content.
+     * @throws ResourceNotFoundException If the key cannot be found for encryption.
+     * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
+     */
+    @ServiceMethod(returns = ReturnType.SINGLE)
+    public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options) {
         try {
-            return withContext(context -> encrypt(algorithm, plaintext, context));
+            return withContext(context -> encrypt(algorithm, plaintext, options, context));
         } catch (RuntimeException ex) {
             return monoError(logger, ex);
         }
     }
 
 
-    Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Context context) {
+    Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options, Context context) {
         Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null.");
         Objects.requireNonNull(plaintext, "Plain text content to be encrypted cannot be null.");
 
         return ensureValidKeyAvailable().flatMap(available -> {
             if (!available) {
-                return cryptographyServiceClient.encrypt(algorithm, plaintext, context);
+                return cryptographyServiceClient.encrypt(algorithm, plaintext, options, context);
             }
 
             if (!checkKeyPermissions(this.key.getKeyOps(), KeyOperation.ENCRYPT)) {
-                return Mono.error(logger.logExceptionAsError(new UnsupportedOperationException(String.format("Encrypt Operation is missing "
-                                                                                                                 + "permission/not supported for key with id %s", key.getId()))));
+                return Mono.error(logger.logExceptionAsError(new UnsupportedOperationException(String.format(
+                    "Encrypt Operation is missing permission/not supported for key with id %s", key.getId()))));
             }
-            return localKeyCryptographyClient.encryptAsync(algorithm, plaintext, context, key);
+
+            return localKeyCryptographyClient.encryptAsync(algorithm, plaintext, options, context, key);
         });
     }
 
@@ -257,9 +299,12 @@ Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Con
      * EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
      *
      * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
-     * {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256}, {@link EncryptionAlgorithm#A192CBC A192CBC},
-     * {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384}, {@link
-     * EncryptionAlgorithm#A256CBC A256CBC} and {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} </p>
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
      *
      * <p><strong>Code Samples</strong></p>
      * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
@@ -269,32 +314,72 @@ Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Con
      * @param algorithm The algorithm to be used for decryption.
      * @param cipherText The content to be decrypted.
      * @return A {@link Mono} containing the decrypted blob.
-     * @throws ResourceNotFoundException if the key cannot be found for decryption.
-     * @throws UnsupportedOperationException if the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or {@code cipherText} is null.
+     * @throws ResourceNotFoundException If the key cannot be found for decryption.
+     * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
+        return decrypt(algorithm, cipherText, null);
+    }
+
+    /**
+     * Decrypts a single block of encrypted data using the configured key and specified algorithm. Note that only a
+     * single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to
+     * be used. The decrypt operation is supported for both asymmetric and symmetric keys. This operation requires the
+     * keys/decrypt permission.
+     *
+     * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for decrypting the
+     * specified encrypted content. Possible values for assymetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and {@link
+     * EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
+     *
+     * <p><strong>Code Samples</strong></p>
+     * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
+     * details when a response has been received.</p>
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte}
+     *
+     * @param algorithm The algorithm to be used for decryption.
+     * @param cipherText The content to be decrypted.
+     * @param options Optional parameters for the decryption operation.
+     * @return A {@link Mono} containing the decrypted blob.
+     * @throws ResourceNotFoundException If the key cannot be found for decryption.
+     * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
+     */
+    @ServiceMethod(returns = ReturnType.SINGLE)
+    public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options) {
         try {
-            return withContext(context -> decrypt(algorithm, cipherText, context));
+            return withContext(context -> decrypt(algorithm, cipherText, options, context));
         } catch (RuntimeException ex) {
             return monoError(logger, ex);
         }
     }
 
-    Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, Context context) {
+    Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options,
+                                Context context) {
         Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null.");
         Objects.requireNonNull(cipherText, "Cipher text content to be decrypted cannot be null.");
+
         return ensureValidKeyAvailable().flatMap(available -> {
             if (!available) {
-                return cryptographyServiceClient.decrypt(algorithm, cipherText, context);
+                return cryptographyServiceClient.decrypt(algorithm, cipherText, options, context);
             }
 
             if (!checkKeyPermissions(this.key.getKeyOps(), KeyOperation.DECRYPT)) {
-                return Mono.error(logger.logExceptionAsError(new UnsupportedOperationException(String.format("Decrypt Operation is not allowed for "
-                                                                                                                 + "key with id %s", key.getId()))));
+                return Mono.error(logger.logExceptionAsError(new UnsupportedOperationException(String.format(
+                    "Decrypt Operation is not allowed for key with id %s", key.getId()))));
             }
-            return localKeyCryptographyClient.decryptAsync(algorithm, cipherText, context, key);
+
+            return localKeyCryptographyClient.decryptAsync(algorithm, cipherText, options, context, key);
         });
     }
 
@@ -407,7 +492,10 @@ Mono<VerifyResult> verify(SignatureAlgorithm algorithm, byte[] digest, byte[] si
      * <p>The {@link KeyWrapAlgorithm wrap algorithm} indicates the type of algorithm to use for wrapping the specified
      * key content. Possible values include:
      * {@link KeyWrapAlgorithm#RSA1_5 RSA1_5}, {@link KeyWrapAlgorithm#RSA_OAEP RSA_OAEP} and {@link
-     * KeyWrapAlgorithm#RSA_OAEP_256 RSA_OAEP_256}</p>
+     * KeyWrapAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128KW A128KW},
+     * {@link EncryptionAlgorithm#A192KW A192KW} and {@link EncryptionAlgorithm#A256KW A256KW}.</p>
      *
      * <p><strong>Code Samples</strong></p>
      * <p>Wraps the key content. Subscribes to the call asynchronously and prints out the wrapped key details when a
@@ -415,51 +503,83 @@ Mono<VerifyResult> verify(SignatureAlgorithm algorithm, byte[] digest, byte[] si
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.wrapKey#KeyWrapAlgorithm-byte}
      *
      * @param algorithm The encryption algorithm to use for wrapping the key.
-     * @param key The key content to be wrapped
-     * @return A {@link Mono} containing a {@link WrapResult} whose {@link WrapResult#getEncryptedKey() encrypted
-     *     key} contains the wrapped key result.
-     * @throws ResourceNotFoundException if the key cannot be found for wrap operation.
-     * @throws UnsupportedOperationException if the wrap operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or {@code key} is null.
+     * @param key The key content to be wrapped.
+     * @return A {@link Mono} containing a {@link WrapResult} whose {@link WrapResult#getEncryptedKey() encrypted key}
+     * contains the wrapped key result.
+     * @throws ResourceNotFoundException If the key cannot be found for wrap operation.
+     * @throws UnsupportedOperationException If the wrap operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code key} are {@code null}.
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key) {
+        return wrapKey(algorithm, key, null);
+    }
+
+    /**
+     * Wraps a symmetric key using the configured key. The wrap operation supports wrapping a symmetric key with both
+     * symmetric and asymmetric keys. This operation requires the keys/wrapKey permission.
+     *
+     * <p>The {@link KeyWrapAlgorithm wrap algorithm} indicates the type of algorithm to use for wrapping the specified
+     * key content. Possible values include:
+     * {@link KeyWrapAlgorithm#RSA1_5 RSA1_5}, {@link KeyWrapAlgorithm#RSA_OAEP RSA_OAEP} and {@link
+     * KeyWrapAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128KW A128KW},
+     * {@link EncryptionAlgorithm#A192KW A192KW} and {@link EncryptionAlgorithm#A256KW A256KW}.</p>
+     *
+     * <p><strong>Code Samples</strong></p>
+     * <p>Wraps the key content. Subscribes to the call asynchronously and prints out the wrapped key details when a
+     * response has been received.</p>
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.wrapKey#KeyWrapAlgorithm-byte}
+     *
+     * @param algorithm The encryption algorithm to use for wrapping the key.
+     * @param key The key content to be wrapped.
+     * @param options Optional parameters for the wrap operation.
+     * @return A {@link Mono} containing a {@link WrapResult} whose {@link WrapResult#getEncryptedKey() encrypted key}
+     * contains the wrapped key result.
+     * @throws ResourceNotFoundException If the key cannot be found for wrap operation.
+     * @throws UnsupportedOperationException If the wrap operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code key} are {@code null}.
+     */
+    @ServiceMethod(returns = ReturnType.SINGLE)
+    public Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options) {
         try {
-            return withContext(context -> wrapKey(algorithm, key, context));
+            return withContext(context -> wrapKey(algorithm, key, options, context));
         } catch (RuntimeException ex) {
             return monoError(logger, ex);
         }
     }
 
-    Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, Context context) {
+    Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options, Context context) {
         Objects.requireNonNull(algorithm, "Key Wrap algorithm cannot be null.");
         Objects.requireNonNull(key, "Key content to be wrapped cannot be null.");
+
         return ensureValidKeyAvailable().flatMap(available -> {
             if (!available) {
-                return cryptographyServiceClient.wrapKey(algorithm, key, context);
+                return cryptographyServiceClient.wrapKey(algorithm, key, options, context);
             }
 
             if (!checkKeyPermissions(this.key.getKeyOps(), KeyOperation.WRAP_KEY)) {
-                return Mono.error(logger.logExceptionAsError(new UnsupportedOperationException(String.format("Wrap Key Operation is not allowed for "
-                                                                                                                 + "key with id %s", this.key.getId()))));
+                return Mono.error(logger.logExceptionAsError(new UnsupportedOperationException(String.format(
+                    "Wrap Key Operation is not allowed for key with id %s", this.key.getId()))));
             }
 
-            return localKeyCryptographyClient.wrapKeyAsync(algorithm, key, context, this.key);
+            return localKeyCryptographyClient.wrapKeyAsync(algorithm, key, options, context, this.key);
         });
     }
 
     /**
      * Unwraps a symmetric key using the configured key that was initially used for wrapping that key. This operation is
-     * the reverse of the wrap operation.
-     * The unwrap operation supports asymmetric and symmetric keys to unwrap. This operation requires the keys/unwrapKey
-     * permission.
+     * the reverse of the wrap operation. The unwrap operation supports asymmetric and symmetric keys to unwrap. This
+     * operation requires the keys/unwrapKey permission.
      *
      * <p>The {@link KeyWrapAlgorithm wrap algorithm} indicates the type of algorithm to use for unwrapping the
      * specified encrypted key content. Possible values for asymmetric keys include:
      * {@link KeyWrapAlgorithm#RSA1_5 RSA1_5}, {@link KeyWrapAlgorithm#RSA_OAEP RSA_OAEP} and {@link
      * KeyWrapAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
-     * Possible values for symmetric keys include: {@link KeyWrapAlgorithm#A128KW A128KW}, {@link
-     * KeyWrapAlgorithm#A192KW A192KW} and {@link KeyWrapAlgorithm#A256KW A256KW}</p>
+     *
+     * Possible values for symmetric keys include: {@link KeyWrapAlgorithm#A128KW A128KW},
+     * {@link KeyWrapAlgorithm#A192KW A192KW} and {@link KeyWrapAlgorithm#A256KW A256KW}.</p>
      *
      * <p><strong>Code Samples</strong></p>
      * <p>Unwraps the key content. Subscribes to the call asynchronously and prints out the unwrapped key details when a
@@ -469,33 +589,66 @@ Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, Context context
      * @param algorithm The encryption algorithm to use for wrapping the key.
      * @param encryptedKey The encrypted key content to unwrap.
      * @return A {@link Mono} containing a the unwrapped key content.
-     * @throws ResourceNotFoundException if the key cannot be found for wrap operation.
-     * @throws UnsupportedOperationException if the unwrap operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or {@code encryptedKey} is null.
+     * @throws ResourceNotFoundException If the key cannot be found for wrap operation.
+     * @throws UnsupportedOperationException If the unwrap operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code encryptedKey} is null.
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey) {
+        return unwrapKey(algorithm, encryptedKey, null);
+    }
+
+    /**
+     * Unwraps a symmetric key using the configured key that was initially used for wrapping that key. This operation is
+     * the reverse of the wrap operation. The unwrap operation supports asymmetric and symmetric keys to unwrap. This
+     * operation requires the keys/unwrapKey permission.
+     *
+     * <p>The {@link KeyWrapAlgorithm wrap algorithm} indicates the type of algorithm to use for unwrapping the
+     * specified encrypted key content. Possible values for asymmetric keys include:
+     * {@link KeyWrapAlgorithm#RSA1_5 RSA1_5}, {@link KeyWrapAlgorithm#RSA_OAEP RSA_OAEP} and {@link
+     * KeyWrapAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link KeyWrapAlgorithm#A128KW A128KW},
+     * {@link KeyWrapAlgorithm#A192KW A192KW} and {@link KeyWrapAlgorithm#A256KW A256KW}.</p>
+     *
+     * <p><strong>Code Samples</strong></p>
+     * <p>Unwraps the key content. Subscribes to the call asynchronously and prints out the unwrapped key details when a
+     * response has been received.</p>
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.unwrapKey#KeyWrapAlgorithm-byte}
+     *
+     * @param algorithm The encryption algorithm to use for wrapping the key.
+     * @param encryptedKey The encrypted key content to unwrap.
+     * @param options Optional parameters for the unwrap operation.
+     * @return A {@link Mono} containing a the unwrapped key content.
+     * @throws ResourceNotFoundException If the key cannot be found for wrap operation.
+     * @throws UnsupportedOperationException If the unwrap operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code encryptedKey} is null.
+     */
+    @ServiceMethod(returns = ReturnType.SINGLE)
+    public Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CryptographyOptions options) {
         try {
-            return withContext(context -> unwrapKey(algorithm, encryptedKey, context));
+            return withContext(context -> unwrapKey(algorithm, encryptedKey, options, context));
         } catch (RuntimeException ex) {
             return monoError(logger, ex);
         }
     }
 
-    Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, Context context) {
+    Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CryptographyOptions options,
+                                 Context context) {
         Objects.requireNonNull(algorithm, "Key Wrap algorithm cannot be null.");
         Objects.requireNonNull(encryptedKey, "Encrypted key content to be unwrapped cannot be null.");
 
         return ensureValidKeyAvailable().flatMap(available -> {
             if (!available) {
-                return cryptographyServiceClient.unwrapKey(algorithm, encryptedKey, context);
+                return cryptographyServiceClient.unwrapKey(algorithm, encryptedKey, options, context);
             }
 
             if (!checkKeyPermissions(this.key.getKeyOps(), KeyOperation.UNWRAP_KEY)) {
-                return Mono.error(logger.logExceptionAsError(new UnsupportedOperationException(String.format("Unwrap Key Operation is not allowed "
-                                                                                                                 + "for key with id %s", this.key.getId()))));
+                return Mono.error(logger.logExceptionAsError(new UnsupportedOperationException(String.format(
+                    "Unwrap Key Operation is not allowed for key with id %s", this.key.getId()))));
             }
-            return localKeyCryptographyClient.unwrapKeyAsync(algorithm, encryptedKey, context, key);
+
+            return localKeyCryptographyClient.unwrapKeyAsync(algorithm, encryptedKey, options, context, key);
         });
     }
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyOptions.java
new file mode 100644
index 0000000000000..952147bd1b4a8
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyOptions.java
@@ -0,0 +1,91 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+import com.azure.core.annotation.Fluent;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+/**
+ * Represents optional parameters for cryptographic operations.
+ */
+@Fluent
+public class CryptographyOptions {
+    /**
+     * Initialization vector for symmetric algorithms.
+     */
+    @JsonProperty(value = "iv")
+    private byte[] initializationVector;
+
+    /**
+     * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
+     */
+    @JsonProperty(value = "aad")
+    private byte[] additionalAuthenticatedData;
+
+    /**
+     * The tag to authenticate when performing decryption with an authenticated algorithm.
+     */
+    @JsonProperty(value = "tag")
+    private byte[] tag;
+
+    /**
+     * Get the initialization vector to be used in the cryptographic operation using a symmetric algorithm.
+     *
+     * @return The initialization vector.
+     */
+    public byte[] getInitializationVector() {
+        return initializationVector;
+    }
+
+    /**
+     * Set the initialization vector to be used in the cryptographic operation using a symmetric algorithm.
+     *
+     * @param initializationVector The initialization vector to set.
+     * @return The updated {@link CryptographyOptions} object.
+     */
+    public CryptographyOptions setInitializationVector(byte[] initializationVector) {
+        this.initializationVector = initializationVector;
+        return this;
+    }
+
+    /**
+     * Get additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
+     *
+     * @return The additional authenticated data.
+     */
+    public byte[] getAdditionalAuthenticatedData() {
+        return additionalAuthenticatedData;
+    }
+
+    /**
+     * Set additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
+     *
+     * @param additionalAuthenticatedData The additional authenticated data.
+     * @return The updated {@link CryptographyOptions} object.
+     */
+    public CryptographyOptions setAdditionalAuthenticatedData(byte[] additionalAuthenticatedData) {
+        this.additionalAuthenticatedData = additionalAuthenticatedData;
+        return this;
+    }
+
+    /**
+     * Get the tag to authenticate when performing decryption with an authenticated algorithm.
+     *
+     * @return The tag.
+     */
+    public byte[] getTag() {
+        return tag;
+    }
+
+    /**
+     * Set the tag to authenticate when performing decryption with an authenticated algorithm.
+     *
+     * @param tag The tag to set.
+     * @return The updated {@link CryptographyOptions} object.
+     */
+    public CryptographyOptions setTag(byte[] tag) {
+        this.tag = tag;
+        return this;
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
index ed4eb2bc3047b..5748631b77564 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
@@ -125,10 +125,15 @@ JsonWebKey transformSecretKey(SecretKey secretKey) throws JsonProcessingExceptio
         return mapper.readValue(jsonString, JsonWebKey.class);
     }
 
-    Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Context context) {
-
-        KeyOperationParameters parameters = new KeyOperationParameters().setAlgorithm(algorithm).setValue(plaintext);
+    Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options,
+                                Context context) {
+        KeyOperationParameters parameters = new KeyOperationParameters()
+            .setAlgorithm(algorithm)
+            .setValue(plaintext)
+            .setInitializationVector(options.getInitializationVector())
+            .setAdditionalAuthenticatedData(options.getAdditionalAuthenticatedData());
         context = context == null ? Context.NONE : context;
+
         return service.encrypt(vaultUrl, keyName, version, apiVersion, ACCEPT_LANGUAGE, parameters,
             CONTENT_TYPE_HEADER_VALUE, context.addData(AZ_TRACING_NAMESPACE_KEY, KEYVAULT_TRACING_NAMESPACE_VALUE))
             .doOnRequest(ignored -> logger.info("Encrypting content with algorithm - {}", algorithm.toString()))
@@ -140,9 +145,16 @@ Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Con
                 Mono.just(new EncryptResult(keyOperationResultResponse.getValue().getResult(), algorithm, keyId)));
     }
 
-    Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, Context context) {
-        KeyOperationParameters parameters = new KeyOperationParameters().setAlgorithm(algorithm).setValue(cipherText);
+    Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options,
+                                Context context) {
+        KeyOperationParameters parameters = new KeyOperationParameters()
+            .setAlgorithm(algorithm)
+            .setValue(cipherText)
+            .setInitializationVector(options.getInitializationVector())
+            .setAdditionalAuthenticatedData(options.getAdditionalAuthenticatedData())
+            .setTag(options.getTag());
         context = context == null ? Context.NONE : context;
+
         return service.decrypt(vaultUrl, keyName, version, apiVersion, ACCEPT_LANGUAGE, parameters,
             CONTENT_TYPE_HEADER_VALUE, context.addData(AZ_TRACING_NAMESPACE_KEY, KEYVAULT_TRACING_NAMESPACE_VALUE))
             .doOnRequest(ignored -> logger.info("Decrypting content with algorithm - {}", algorithm.toString()))
@@ -182,10 +194,14 @@ Mono<VerifyResult> verify(SignatureAlgorithm algorithm, byte[] digest, byte[] si
                 Mono.just(new VerifyResult(response.getValue().getValue(), algorithm, keyId)));
     }
 
-    Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, Context context) {
-
-        KeyWrapUnwrapRequest parameters = new KeyWrapUnwrapRequest().setAlgorithm(algorithm).setValue(key);
+    Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options, Context context) {
+        KeyWrapUnwrapRequest parameters = new KeyWrapUnwrapRequest()
+            .setAlgorithm(algorithm)
+            .setValue(key)
+            .setInitializationVector(options.getInitializationVector())
+            .setAdditionalAuthenticatedData(options.getAdditionalAuthenticatedData());
         context = context == null ? Context.NONE : context;
+
         return service.wrapKey(vaultUrl, keyName, version, apiVersion, ACCEPT_LANGUAGE, parameters,
             CONTENT_TYPE_HEADER_VALUE, context.addData(AZ_TRACING_NAMESPACE_KEY, KEYVAULT_TRACING_NAMESPACE_VALUE))
             .doOnRequest(ignored -> logger.info("Wrapping key content with algorithm - {}", algorithm.toString()))
@@ -197,10 +213,15 @@ Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, Context context
                 Mono.just(new WrapResult(keyOperationResultResponse.getValue().getResult(), algorithm, keyId)));
     }
 
-    Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, Context context) {
-
-        KeyWrapUnwrapRequest parameters = new KeyWrapUnwrapRequest().setAlgorithm(algorithm).setValue(encryptedKey);
+    Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CryptographyOptions options,
+                                 Context context) {
+        KeyWrapUnwrapRequest parameters = new KeyWrapUnwrapRequest()
+            .setAlgorithm(algorithm)
+            .setValue(encryptedKey)
+            .setInitializationVector(options.getInitializationVector())
+            .setAdditionalAuthenticatedData(options.getAdditionalAuthenticatedData());
         context = context == null ? Context.NONE : context;
+
         return service.unwrapKey(vaultUrl, keyName, version, apiVersion, ACCEPT_LANGUAGE, parameters,
             CONTENT_TYPE_HEADER_VALUE, context.addData(AZ_TRACING_NAMESPACE_KEY, KEYVAULT_TRACING_NAMESPACE_VALUE))
             .doOnRequest(ignored -> logger.info("Unwrapping key content with algorithm - {}", algorithm.toString()))
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java
index 10119b94b6ec7..db54c1ec93dda 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java
@@ -56,14 +56,15 @@ private KeyPair getKeyPair(JsonWebKey key) {
     }
 
     @Override
-    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, Context context, JsonWebKey key) {
+    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options,
+                                     Context context, JsonWebKey key) {
         throw logger.logExceptionAsError(new UnsupportedOperationException(
             "Encrypt operation is not supported for EC key"));
     }
 
     @Override
-    Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, Context context,
-                                     JsonWebKey key) {
+    Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options,
+                                     Context context, JsonWebKey key) {
         throw logger.logExceptionAsError(new UnsupportedOperationException(
             "Decrypt operation is not supported for EC key"));
     }
@@ -151,13 +152,14 @@ Mono<VerifyResult> verifyAsync(SignatureAlgorithm algorithm, byte[] digest, byte
     }
 
     @Override
-    Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Context context, JsonWebKey webKey) {
+    Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options, Context context,
+                                  JsonWebKey webKey) {
         return Mono.error(new UnsupportedOperationException("Wrap key operation is not supported for EC key"));
     }
 
     @Override
-    Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, Context context,
-                                      JsonWebKey key) {
+    Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CryptographyOptions options,
+                                      Context context, JsonWebKey key) {
         throw logger.logExceptionAsError(new UnsupportedOperationException(
             "Unwrap key operation is not supported for Ec key"));
     }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyOperationParameters.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyOperationParameters.java
index 261d592039937..bf4ae912ccb79 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyOperationParameters.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyOperationParameters.java
@@ -24,6 +24,24 @@ class KeyOperationParameters {
     @JsonProperty(value = "value", required = true)
     private Base64Url value;
 
+    /**
+     * Initialization vector for symmetric algorithms.
+     */
+    @JsonProperty(value = "iv")
+    private byte[] initializationVector;
+
+    /**
+     * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
+     */
+    @JsonProperty(value = "aad")
+    private byte[] additionalAuthenticatedData;
+
+    /**
+     * The tag to authenticate when performing decryption with an authenticated algorithm.
+     */
+    @JsonProperty(value = "tag")
+    private byte[] tag;
+
     /**
      * Get the algorithm value.
      *
@@ -71,4 +89,63 @@ public KeyOperationParameters setValue(byte[] value) {
         return this;
     }
 
+    /**
+     * Get the initialization vector to be used in the cryptographic operation using a symmetric algorithm.
+     *
+     * @return The initialization vector.
+     */
+    public byte[] getInitializationVector() {
+        return initializationVector;
+    }
+
+    /**
+     * Set the initialization vector to be used in the cryptographic operation using a symmetric algorithm.
+     *
+     * @param initializationVector The initialization vector to set.
+     * @return The updated {@link KeyOperationParameters} object.
+     */
+    public KeyOperationParameters setInitializationVector(byte[] initializationVector) {
+        this.initializationVector = initializationVector;
+        return this;
+    }
+
+    /**
+     * Get additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
+     *
+     * @return The additional authenticated data.
+     */
+    public byte[] getAdditionalAuthenticatedData() {
+        return additionalAuthenticatedData;
+    }
+
+    /**
+     * Set additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
+     *
+     * @param additionalAuthenticatedData The additional authenticated data.
+     * @return The updated {@link KeyOperationParameters} object.
+     */
+    public KeyOperationParameters setAdditionalAuthenticatedData(byte[] additionalAuthenticatedData) {
+        this.additionalAuthenticatedData = additionalAuthenticatedData;
+        return this;
+    }
+
+    /**
+     * Get the tag to authenticate when performing decryption with an authenticated algorithm.
+     *
+     * @return The tag.
+     */
+    public byte[] getTag() {
+        return tag;
+    }
+
+    /**
+     * Set the tag to authenticate when performing decryption with an authenticated algorithm.
+     *
+     * @param tag The tag to set.
+     * @return The updated {@link KeyOperationParameters} object.
+     */
+    public KeyOperationParameters setTag(byte[] tag) {
+        this.tag = tag;
+        return this;
+    }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyWrapUnwrapRequest.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyWrapUnwrapRequest.java
index 31a2e1f8d86a3..54ddc13ef86a2 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyWrapUnwrapRequest.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyWrapUnwrapRequest.java
@@ -24,6 +24,24 @@ class KeyWrapUnwrapRequest {
     @JsonProperty(value = "value", required = true)
     private Base64Url value;
 
+    /**
+     * Initialization vector for symmetric algorithms.
+     */
+    @JsonProperty(value = "iv")
+    private byte[] initializationVector;
+
+    /**
+     * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
+     */
+    @JsonProperty(value = "aad")
+    private byte[] additionalAuthenticatedData;
+
+    /**
+     * The tag to authenticate when performing decryption with an authenticated algorithm.
+     */
+    @JsonProperty(value = "tag")
+    private byte[] tag;
+
     /**
      * Get the algorithm value.
      *
@@ -71,4 +89,63 @@ public KeyWrapUnwrapRequest setValue(byte[] value) {
         return this;
     }
 
+    /**
+     * Get the initialization vector to be used in the cryptographic operation using a symmetric algorithm.
+     *
+     * @return The initialization vector.
+     */
+    public byte[] getInitializationVector() {
+        return initializationVector;
+    }
+
+    /**
+     * Set the initialization vector to be used in the cryptographic operation using a symmetric algorithm.
+     *
+     * @param initializationVector The initialization vector to set.
+     * @return The updated {@link KeyWrapUnwrapRequest} object.
+     */
+    public KeyWrapUnwrapRequest setInitializationVector(byte[] initializationVector) {
+        this.initializationVector = initializationVector;
+        return this;
+    }
+
+    /**
+     * Get additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
+     *
+     * @return The additional authenticated data.
+     */
+    public byte[] getAdditionalAuthenticatedData() {
+        return additionalAuthenticatedData;
+    }
+
+    /**
+     * Set additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
+     *
+     * @param additionalAuthenticatedData The additional authenticated data.
+     * @return The updated {@link KeyWrapUnwrapRequest} object.
+     */
+    public KeyWrapUnwrapRequest setAdditionalAuthenticatedData(byte[] additionalAuthenticatedData) {
+        this.additionalAuthenticatedData = additionalAuthenticatedData;
+        return this;
+    }
+
+    /**
+     * Get the tag to authenticate when performing decryption with an authenticated algorithm.
+     *
+     * @return The tag.
+     */
+    public byte[] getTag() {
+        return tag;
+    }
+
+    /**
+     * Set the tag to authenticate when performing decryption with an authenticated algorithm.
+     *
+     * @param tag The tag to set.
+     * @return The updated {@link KeyWrapUnwrapRequest} object.
+     */
+    public KeyWrapUnwrapRequest setTag(byte[] tag) {
+        this.tag = tag;
+        return this;
+    }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java
index 281d40cf5bb5c..90c1d5cc67992 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java
@@ -27,21 +27,22 @@ abstract class LocalKeyCryptographyClient {
         this.serviceClient = serviceClient;
     }
 
-    abstract Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, Context context, JsonWebKey jsonWebKey);
+    abstract Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext,
+                                              CryptographyOptions options, Context context, JsonWebKey jsonWebKey);
 
-    abstract Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, Context context,
-                                              JsonWebKey jsonWebKey);
+    abstract Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText,
+                                              CryptographyOptions options, Context context, JsonWebKey jsonWebKey);
 
     abstract Mono<SignResult> signAsync(SignatureAlgorithm algorithm, byte[] digest, Context context, JsonWebKey key);
 
     abstract Mono<VerifyResult> verifyAsync(SignatureAlgorithm algorithm, byte[] digest, byte[] signature,
                                             Context context, JsonWebKey key);
 
-    abstract Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Context context,
-                                           JsonWebKey jsonWebKey);
+    abstract Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options,
+                                           Context context, JsonWebKey jsonWebKey);
 
-    abstract Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, Context context,
-                                               JsonWebKey jsonWebKey);
+    abstract Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey,
+                                               CryptographyOptions options, Context context, JsonWebKey jsonWebKey);
 
     abstract Mono<SignResult> signDataAsync(SignatureAlgorithm algorithm, byte[] data, Context context, JsonWebKey key);
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
index c1dec49478df6..8829f3ba6846e 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
@@ -52,8 +52,8 @@ private KeyPair getKeyPair(JsonWebKey key) {
     }
 
     @Override
-    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, Context context,
-                                     JsonWebKey jsonWebKey) {
+    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options,
+                                     Context context, JsonWebKey jsonWebKey) {
         keyPair = getKeyPair(jsonWebKey);
 
         // Interpret the requested algorithm
@@ -61,7 +61,7 @@ Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext
 
         if (baseAlgorithm == null) {
             if (serviceCryptoAvailable()) {
-                return serviceClient.encrypt(algorithm, plaintext, context);
+                return serviceClient.encrypt(algorithm, plaintext, options, context);
             }
             return Mono.error(new NoSuchAlgorithmException(algorithm.toString()));
         } else if (!(baseAlgorithm instanceof AsymmetricEncryptionAlgorithm)) {
@@ -70,7 +70,7 @@ Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext
 
         if (keyPair.getPublic() == null) {
             if (serviceCryptoAvailable()) {
-                return serviceClient.encrypt(algorithm, plaintext, context);
+                return serviceClient.encrypt(algorithm, plaintext, options, context);
             }
             return Mono.error(new IllegalArgumentException(
                 "Public portion of the key not available to perform encrypt operation"));
@@ -93,16 +93,15 @@ Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext
     }
 
     @Override
-    Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, Context context,
-                                     JsonWebKey jsonWebKey) {
-
+    Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options,
+                                     Context context, JsonWebKey jsonWebKey) {
         keyPair = getKeyPair(jsonWebKey);
 
         Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm.toString());
 
         if (baseAlgorithm == null) {
             if (serviceCryptoAvailable()) {
-                return serviceClient.decrypt(algorithm, cipherText, context);
+                return serviceClient.decrypt(algorithm, cipherText, options, context);
             }
             return Mono.error(new NoSuchAlgorithmException(algorithm.toString()));
         } else if (!(baseAlgorithm instanceof AsymmetricEncryptionAlgorithm)) {
@@ -111,7 +110,7 @@ Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherTex
 
         if (keyPair.getPrivate() == null) {
             if (serviceCryptoAvailable()) {
-                return serviceClient.decrypt(algorithm, cipherText, context);
+                return serviceClient.decrypt(algorithm, cipherText, options, context);
             }
             return Mono.error(new IllegalArgumentException(
                 "Private portion of the key not available to perform decrypt operation"));
@@ -155,15 +154,15 @@ Mono<VerifyResult> verifyAsync(SignatureAlgorithm algorithm, byte[] digest, byte
     }
 
     @Override
-    Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Context context, JsonWebKey jsonWebKey) {
-
+    Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options, Context context,
+                                  JsonWebKey jsonWebKey) {
         keyPair = getKeyPair(jsonWebKey);
 
         Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm.toString());
 
         if (baseAlgorithm == null) {
             if (serviceCryptoAvailable()) {
-                return serviceClient.wrapKey(algorithm, key, context);
+                return serviceClient.wrapKey(algorithm, key, options, context);
             }
             return Mono.error(new NoSuchAlgorithmException(algorithm.toString()));
         } else if (!(baseAlgorithm instanceof AsymmetricEncryptionAlgorithm)) {
@@ -172,7 +171,7 @@ Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Context co
 
         if (keyPair.getPublic() == null) {
             if (serviceCryptoAvailable()) {
-                return serviceClient.wrapKey(algorithm, key, context);
+                return serviceClient.wrapKey(algorithm, key, options, context);
             }
             return Mono.error(new IllegalArgumentException(
                 "Public portion of the key not available to perform wrap key operation"));
@@ -195,9 +194,8 @@ Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Context co
     }
 
     @Override
-    Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, Context context,
-                                      JsonWebKey jsonWebKey) {
-
+    Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CryptographyOptions options,
+                                      Context context, JsonWebKey jsonWebKey) {
         keyPair = getKeyPair(jsonWebKey);
 
         // Interpret the requested algorithm
@@ -205,7 +203,7 @@ Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKe
 
         if (baseAlgorithm == null) {
             if (serviceCryptoAvailable()) {
-                return serviceClient.unwrapKey(algorithm, encryptedKey, context);
+                return serviceClient.unwrapKey(algorithm, encryptedKey, options, context);
             }
             return Mono.error(new NoSuchAlgorithmException(algorithm.toString()));
         } else if (!(baseAlgorithm instanceof AsymmetricEncryptionAlgorithm)) {
@@ -214,7 +212,7 @@ Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKe
 
         if (keyPair.getPrivate() == null) {
             if (serviceCryptoAvailable()) {
-                return serviceClient.unwrapKey(algorithm, encryptedKey, context);
+                return serviceClient.unwrapKey(algorithm, encryptedKey, options, context);
             }
             return Mono.error(new IllegalArgumentException(
                 "Private portion of the key not available to perform unwrap operation"));
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
index 911d613891daf..a64eee3092d1f 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
@@ -49,8 +49,8 @@ private byte[] getKey(JsonWebKey key) {
     }
 
     @Override
-    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, Context context,
-                                     JsonWebKey jsonWebKey) {
+    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options,
+                                     Context context, JsonWebKey jsonWebKey) {
         this.key = getKey(jsonWebKey);
 
         if (key == null || key.length == 0) {
@@ -68,12 +68,17 @@ Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext
 
         ICryptoTransform transform;
 
-        SecureRandom secureRandom = new SecureRandom();
-        byte[] iv = new byte[BLOCK_SIZE];
-        secureRandom.nextBytes(iv);
+        byte[] iv = options.getInitializationVector();
+
+        if (iv == null) {
+            SecureRandom secureRandom = new SecureRandom();
+            iv = new byte[BLOCK_SIZE];
+            secureRandom.nextBytes(iv);
+        }
 
         try {
-            transform = symmetricEncryptionAlgorithm.createEncryptor(this.key, iv, null);
+            transform = symmetricEncryptionAlgorithm.createEncryptor(this.key, iv,
+                options.getAdditionalAuthenticatedData(), null);
         } catch (Exception e) {
             return Mono.error(e);
         }
@@ -90,8 +95,8 @@ Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext
     }
 
     @Override
-    Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, Context context,
-                                     JsonWebKey jsonWebKey) {
+    Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options,
+                                     Context context, JsonWebKey jsonWebKey) {
         this.key = getKey(jsonWebKey);
 
         if (key == null || key.length == 0) {
@@ -109,12 +114,17 @@ Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherTex
 
         ICryptoTransform transform;
 
-        SecureRandom secureRandom = new SecureRandom();
-        byte[] iv = new byte[BLOCK_SIZE];
-        secureRandom.nextBytes(iv);
+        byte[] iv = options.getInitializationVector();
+
+        if (iv == null) {
+            SecureRandom secureRandom = new SecureRandom();
+            iv = new byte[BLOCK_SIZE];
+            secureRandom.nextBytes(iv);
+        }
 
         try {
-            transform = symmetricEncryptionAlgorithm.createDecryptor(this.key, iv, null, null);
+            transform = symmetricEncryptionAlgorithm.createDecryptor(this.key, iv,
+                options.getAdditionalAuthenticatedData(), options.getTag());
         } catch (Exception e) {
             return Mono.error(e);
         }
@@ -142,7 +152,8 @@ Mono<VerifyResult> verifyAsync(SignatureAlgorithm algorithm, byte[] digest, byte
     }
 
     @Override
-    Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Context context, JsonWebKey jsonWebKey) {
+    Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options, Context context,
+                                  JsonWebKey jsonWebKey) {
         this.key = getKey(jsonWebKey);
 
         if (key == null || key.length == 0) {
@@ -160,8 +171,16 @@ Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Context co
 
         ICryptoTransform transform;
 
+        byte[] iv = options.getInitializationVector();
+
+        if (iv == null) {
+            SecureRandom secureRandom = new SecureRandom();
+            iv = new byte[BLOCK_SIZE];
+            secureRandom.nextBytes(iv);
+        }
+
         try {
-            transform = localKeyWrapAlgorithm.createEncryptor(this.key, null, null);
+            transform = localKeyWrapAlgorithm.createEncryptor(this.key, iv, null);
         } catch (Exception e) {
             return Mono.error(e);
         }
@@ -178,8 +197,8 @@ Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Context co
     }
 
     @Override
-    Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, Context context,
-                                      JsonWebKey jsonWebKey) {
+    Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CryptographyOptions options,
+                                      Context context, JsonWebKey jsonWebKey) {
         this.key = getKey(jsonWebKey);
 
         Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm.toString());
@@ -192,8 +211,16 @@ Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKe
 
         ICryptoTransform transform;
 
+        byte[] iv = options.getInitializationVector();
+
+        if (iv == null) {
+            SecureRandom secureRandom = new SecureRandom();
+            iv = new byte[BLOCK_SIZE];
+            secureRandom.nextBytes(iv);
+        }
+
         try {
-            transform = localKeyWrapAlgorithm.createDecryptor(key, null, null);
+            transform = localKeyWrapAlgorithm.createDecryptor(key, iv, null);
         } catch (Exception e) {
             return Mono.error(e);
         }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java
index 132438756ce30..e0377b6868d39 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java
@@ -71,11 +71,12 @@ public void encryptDecryptRsa(HttpClient httpClient, CryptographyServiceVersion
                 byte[] plainText = new byte[100];
                 new Random(0x1234567L).nextBytes(plainText);
                 byte[] cipherText = cryptoClient.encrypt(algorithm, plainText).getCipherText();
-                byte[] decryptedText = serviceClient.decrypt(algorithm, cipherText, Context.NONE).block().getPlainText();
+                byte[] decryptedText =
+                    serviceClient.decrypt(algorithm, cipherText, null, Context.NONE).block().getPlainText();
 
                 assertArrayEquals(decryptedText, plainText);
 
-                cipherText = serviceClient.encrypt(algorithm, plainText, Context.NONE).block().getCipherText();
+                cipherText = serviceClient.encrypt(algorithm, plainText, null, Context.NONE).block().getCipherText();
                 decryptedText = cryptoClient.decrypt(algorithm, cipherText).getPlainText();
 
                 assertArrayEquals(decryptedText, plainText);
@@ -101,11 +102,13 @@ public void wrapUnwraptRsa(HttpClient httpClient, CryptographyServiceVersion ser
                 byte[] plainText = new byte[100];
                 new Random(0x1234567L).nextBytes(plainText);
                 byte[] encryptedKey = cryptoClient.wrapKey(algorithm, plainText).getEncryptedKey();
-                byte[] decryptedKey = serviceClient.unwrapKey(algorithm, encryptedKey, Context.NONE).block().getKey();
+                byte[] decryptedKey =
+                    serviceClient.unwrapKey(algorithm, encryptedKey, null, Context.NONE).block().getKey();
 
                 assertArrayEquals(decryptedKey, plainText);
 
-                encryptedKey = serviceClient.wrapKey(algorithm, plainText, Context.NONE).block().getEncryptedKey();
+                encryptedKey =
+                    serviceClient.wrapKey(algorithm, plainText, null, Context.NONE).block().getEncryptedKey();
                 decryptedKey = cryptoClient.unwrapKey(algorithm, encryptedKey).getKey();
 
                 assertArrayEquals(decryptedKey, plainText);

From 7d030d0a5627312d4abe867498ce69aec4b7609f Mon Sep 17 00:00:00 2001
From: Victor Colin Amador <vicolina@microsoft.com>
Date: Thu, 5 Nov 2020 00:01:41 -0800
Subject: [PATCH 03/15] Added APIs that accept CryptographyOptions to
 CryptographyClient.

---
 .../cryptography/CryptographyAsyncClient.java |   7 +-
 .../keys/cryptography/CryptographyClient.java | 317 +++++++++++++-----
 2 files changed, 243 insertions(+), 81 deletions(-)

diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
index 76de90e2153ff..00bad7aa5d0cd 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
@@ -269,7 +269,8 @@ public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainte
     }
 
 
-    Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options, Context context) {
+    Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options,
+                                Context context) {
         Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null.");
         Objects.requireNonNull(plaintext, "Plain text content to be encrypted cannot be null.");
 
@@ -591,7 +592,7 @@ Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOpt
      * @return A {@link Mono} containing a the unwrapped key content.
      * @throws ResourceNotFoundException If the key cannot be found for wrap operation.
      * @throws UnsupportedOperationException If the unwrap operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code encryptedKey} is null.
+     * @throws NullPointerException If {@code algorithm} or {@code encryptedKey} are {@code null}.
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey) {
@@ -622,7 +623,7 @@ public Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encrypted
      * @return A {@link Mono} containing a the unwrapped key content.
      * @throws ResourceNotFoundException If the key cannot be found for wrap operation.
      * @throws UnsupportedOperationException If the unwrap operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code encryptedKey} is null.
+     * @throws NullPointerException If {@code algorithm} or {@code encryptedKey} are {@code null}.
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CryptographyOptions options) {
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
index fbd5a989d526c..2047754c2fde5 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
@@ -81,18 +81,20 @@ public Response<KeyVaultKey> getKeyWithResponse(Context context) {
      * Encrypts an arbitrary sequence of bytes using the configured key. Note that the encrypt operation only supports a
      * single block of data, the size of which is dependent on the target key and the encryption algorithm to be used.
      * The encrypt operation is supported for both symmetric keys and asymmetric keys. In case of asymmetric keys public
-     * portion of the key is used
-     * for encryption. This operation requires the keys/encrypt permission.
+     * portion of the key is used for encryption. This operation requires the keys/encrypt permission.
      *
      * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for decrypting the
-     * specified encrypted content. Possible values for assymetric keys include:
+     * specified encrypted content. Possible values for asymmetric keys include:
      * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
      * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
      *
-     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC}, {@link
-     * EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256}, {@link EncryptionAlgorithm#A192CBC A192CBC},
-     * {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384}, {@link EncryptionAlgorithm#A256CBC A256CBC} and
-     * {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} </p>
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
      *
      * <p><strong>Code Samples</strong></p>
      * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
@@ -104,12 +106,12 @@ public Response<KeyVaultKey> getKeyWithResponse(Context context) {
      * @param context Additional context that is passed through the Http pipeline during the service call.
      * @return A {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text} contains the encrypted
      * content.
-     * @throws ResourceNotFoundException if the key cannot be found for encryption.
-     * @throws UnsupportedOperationException if the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or  {@code plainText} is null.
+     * @throws ResourceNotFoundException If the key cannot be found for encryption.
+     * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
      */
     public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Context context) {
-        return client.encrypt(algorithm, plaintext, context).block();
+        return encrypt(algorithm, plaintext, null, context);
     }
 
     /**
@@ -119,13 +121,17 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Co
      * portion of the key is used for encryption. This operation requires the keys/encrypt permission.
      *
      * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for decrypting the
-     * specified encrypted content. Possible values
-     * for assymetric keys include: {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP
-     * RSA_OAEP} and {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
-     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC}, {@link
-     * EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
-     * {@link EncryptionAlgorithm#A192CBC A192CBC}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384}, {@link
-     * EncryptionAlgorithm#A256CBC A256CBC} and {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} </p>
+     * specified encrypted content. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
+     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
      *
      * <p><strong>Code Samples</strong></p>
      * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
@@ -135,15 +141,54 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Co
      * @param algorithm The algorithm to be used for encryption.
      * @param plaintext The content to be encrypted.
      * @return The {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text} contains the encrypted
-     *     content.
-     * @throws ResourceNotFoundException if the key cannot be found for encryption.
-     * @throws UnsupportedOperationException if the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or  {@code plainText} is null.
+     * content.
+     * @throws ResourceNotFoundException If the key cannot be found for encryption.
+     * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
      */
     public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
         return encrypt(algorithm, plaintext, Context.NONE);
     }
 
+    /**
+     * Encrypts an arbitrary sequence of bytes using the configured key. Note that the encrypt operation only supports a
+     * single block of data, the size of which is dependent on the target key and the encryption algorithm to be used.
+     * The encrypt operation is supported for both symmetric keys and asymmetric keys. In case of asymmetric keys public
+     * portion of the key is used for encryption. This operation requires the keys/encrypt permission.
+     *
+     * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for decrypting the
+     * specified encrypted content. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
+     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
+     *
+     * <p><strong>Code Samples</strong></p>
+     * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
+     * a response has been received.</p>
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte}
+     *
+     * @param algorithm The algorithm to be used for encryption.
+     * @param plaintext The content to be encrypted.
+     * @param options Optional parameters for the encryption operation.
+     * @param context Additional context that is passed through the Http pipeline during the service call.
+     * @return The {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text} contains the encrypted
+     * content.
+     * @throws ResourceNotFoundException If the key cannot be found for encryption.
+     * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
+     */
+    public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options,
+                                 Context context) {
+        return client.encrypt(algorithm, plaintext, options, context).block();
+    }
+
     /**
      * Decrypts a single block of encrypted data using the configured key and specified algorithm. Note that only a
      * single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to
@@ -151,13 +196,17 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
      * keys/decrypt permission.
      *
      * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for decrypting the
-     * specified encrypted content. Possible values
-     * for assymetric keys include: {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP
-     * RSA_OAEP} and {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
-     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC}, {@link
-     * EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
-     * {@link EncryptionAlgorithm#A192CBC A192CBC}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384}, {@link
-     * EncryptionAlgorithm#A256CBC A256CBC} and {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} </p>
+     * specified encrypted content. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
+     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
      *
      * <p><strong>Code Samples</strong></p>
      * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
@@ -168,12 +217,12 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
      * @param cipherText The content to be decrypted.
      * @param context Additional context that is passed through the Http pipeline during the service call.
      * @return The decrypted blob.
-     * @throws ResourceNotFoundException if the key cannot be found for decryption.
-     * @throws UnsupportedOperationException if the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or {@code cipherText} is null.
+     * @throws ResourceNotFoundException If the key cannot be found for encryption.
+     * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
     public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, Context context) {
-        return client.decrypt(algorithm, cipherText, context).block();
+        return decrypt(algorithm, cipherText, null, context);
     }
 
     /**
@@ -183,13 +232,17 @@ public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, C
      * keys/decrypt permission.
      *
      * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for decrypting the
-     * specified encrypted content. Possible values
-     * for assymetric keys include: {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP
-     * RSA_OAEP} and {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
-     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC}, {@link
-     * EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
-     * {@link EncryptionAlgorithm#A192CBC A192CBC}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384}, {@link
-     * EncryptionAlgorithm#A256CBC A256CBC} and {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} </p>
+     * specified encrypted content. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
+     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
      *
      * <p><strong>Code Samples</strong></p>
      * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
@@ -199,14 +252,52 @@ public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, C
      * @param algorithm The algorithm to be used for decryption.
      * @param cipherText The content to be decrypted.
      * @return The decrypted blob.
-     * @throws ResourceNotFoundException if the key cannot be found for decryption.
-     * @throws UnsupportedOperationException if the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or {@code cipherText} is null.
+     * @throws ResourceNotFoundException If the key cannot be found for encryption.
+     * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
     public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
         return decrypt(algorithm, cipherText, Context.NONE);
     }
 
+    /**
+     * Decrypts a single block of encrypted data using the configured key and specified algorithm. Note that only a
+     * single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to
+     * be used. The decrypt operation is supported for both asymmetric and symmetric keys. This operation requires the
+     * keys/decrypt permission.
+     *
+     * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for decrypting the
+     * specified encrypted content. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
+     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
+     *
+     * <p><strong>Code Samples</strong></p>
+     * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
+     * details when a response has been received.</p>
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-Context}
+     *
+     * @param algorithm The algorithm to be used for decryption.
+     * @param cipherText The content to be decrypted.
+     * @param options Optional parameters for the decryption operation.
+     * @param context Additional context that is passed through the Http pipeline during the service call.
+     * @return The decrypted blob.
+     * @throws ResourceNotFoundException If the key cannot be found for encryption.
+     * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
+     */
+    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options,
+                                 Context context) {
+        return client.decrypt(algorithm, cipherText, options, context).block();
+    }
+
     /**
      * Creates a signature from a digest using the configured key. The sign operation supports both asymmetric and
      * symmetric keys. This operation requires the keys/sign permission.
@@ -332,9 +423,12 @@ public VerifyResult verify(SignatureAlgorithm algorithm, byte[] digest, byte[] s
      * symmetric and asymmetric keys. This operation requires the keys/wrapKey permission.
      *
      * <p>The {@link KeyWrapAlgorithm wrap algorithm} indicates the type of algorithm to use for wrapping the specified
-     * key content. Possible values include:
-     * {@link KeyWrapAlgorithm#RSA1_5 RSA1_5}, {@link KeyWrapAlgorithm#RSA_OAEP RSA_OAEP} and {@link
-     * KeyWrapAlgorithm#RSA_OAEP_256 RSA_OAEP_256}</p>
+     * key content. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
+     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128KW A128KW},
+     * {@link EncryptionAlgorithm#A192KW A192KW} and {@link EncryptionAlgorithm#A256KW A256KW}.</p>
      *
      * <p><strong>Code Samples</strong></p>
      * <p>Wraps the key content. Subscribes to the call asynchronously and prints out the wrapped key details when a
@@ -342,12 +436,12 @@ public VerifyResult verify(SignatureAlgorithm algorithm, byte[] digest, byte[] s
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.wrapKey#KeyWrapAlgorithm-byte}
      *
      * @param algorithm The encryption algorithm to use for wrapping the key.
-     * @param key The key content to be wrapped
+     * @param key The key content to be wrapped.
      * @return The {@link WrapResult} whose {@link WrapResult#getEncryptedKey() encrypted key} contains the wrapped
-     *     key result.
-     * @throws ResourceNotFoundException if the key cannot be found for wrap operation.
-     * @throws UnsupportedOperationException if the wrap operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or {@code key} is null.
+     * key result.
+     * @throws ResourceNotFoundException If the key cannot be found for encryption.
+     * @throws UnsupportedOperationException If the wrap operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code key} are {@code null}.
      */
     public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key) {
         return wrapKey(algorithm, key, Context.NONE);
@@ -358,9 +452,12 @@ public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key) {
      * symmetric and asymmetric keys. This operation requires the keys/wrapKey permission.
      *
      * <p>The {@link KeyWrapAlgorithm wrap algorithm} indicates the type of algorithm to use for wrapping the specified
-     * key content. Possible values include:
-     * {@link KeyWrapAlgorithm#RSA1_5 RSA1_5}, {@link KeyWrapAlgorithm#RSA_OAEP RSA_OAEP} and {@link
-     * KeyWrapAlgorithm#RSA_OAEP_256 RSA_OAEP_256}</p>
+     * key content. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
+     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128KW A128KW},
+     * {@link EncryptionAlgorithm#A192KW A192KW} and {@link EncryptionAlgorithm#A256KW A256KW}.</p>
      *
      * <p><strong>Code Samples</strong></p>
      * <p>Wraps the key content. Subscribes to the call asynchronously and prints out the wrapped key details when a
@@ -368,16 +465,47 @@ public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key) {
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.wrapKey#KeyWrapAlgorithm-byte-Context}
      *
      * @param algorithm The encryption algorithm to use for wrapping the key.
-     * @param key The key content to be wrapped
+     * @param key The key content to be wrapped.
      * @param context Additional context that is passed through the Http pipeline during the service call.
      * @return The {@link WrapResult} whose {@link WrapResult#getEncryptedKey() encrypted key} contains the wrapped
-     *     key result.
-     * @throws ResourceNotFoundException if the key cannot be found for wrap operation.
-     * @throws UnsupportedOperationException if the wrap operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or {@code key} is null.
+     * key result.
+     * @throws ResourceNotFoundException If the key cannot be found for encryption.
+     * @throws UnsupportedOperationException If the wrap operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code key} are {@code null}.
      */
     public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key, Context context) {
-        return client.wrapKey(algorithm, key, context).block();
+        return wrapKey(algorithm, key, null, context);
+    }
+
+    /**
+     * Wraps a symmetric key using the configured key. The wrap operation supports wrapping a symmetric key with both
+     * symmetric and asymmetric keys. This operation requires the keys/wrapKey permission.
+     *
+     * <p>The {@link KeyWrapAlgorithm wrap algorithm} indicates the type of algorithm to use for wrapping the specified
+     * key content. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
+     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128KW A128KW},
+     * {@link EncryptionAlgorithm#A192KW A192KW} and {@link EncryptionAlgorithm#A256KW A256KW}.</p>
+     *
+     * <p><strong>Code Samples</strong></p>
+     * <p>Wraps the key content. Subscribes to the call asynchronously and prints out the wrapped key details when a
+     * response has been received.</p>
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.wrapKey#KeyWrapAlgorithm-byte-Context}
+     *
+     * @param algorithm The encryption algorithm to use for wrapping the key.
+     * @param key The key content to be wrapped.
+     * @param options Optional parameters for the wrap operation.
+     * @param context Additional context that is passed through the Http pipeline during the service call.
+     * @return The {@link WrapResult} whose {@link WrapResult#getEncryptedKey() encrypted key} contains the wrapped
+     * key result.
+     * @throws ResourceNotFoundException If the key cannot be found for encryption.
+     * @throws UnsupportedOperationException If the wrap operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code key} are {@code null}.
+     */
+    public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options, Context context) {
+        return client.wrapKey(algorithm, key, options, context).block();
     }
 
     /**
@@ -387,10 +515,11 @@ public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key, Context contex
      *
      * <p>The {@link KeyWrapAlgorithm wrap algorithm} indicates the type of algorithm to use for wrapping the specified
      * key content. Possible values for asymmetric keys include:
-     * {@link KeyWrapAlgorithm#RSA1_5 RSA1_5}, {@link KeyWrapAlgorithm#RSA_OAEP RSA_OAEP} and {@link
-     * KeyWrapAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
-     * Possible values for symmetric keys include: {@link KeyWrapAlgorithm#A128KW A128KW}, {@link
-     * KeyWrapAlgorithm#A192KW A192KW} and {@link KeyWrapAlgorithm#A256KW A256KW}</p>
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
+     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128KW A128KW},
+     * {@link EncryptionAlgorithm#A192KW A192KW} and {@link EncryptionAlgorithm#A256KW A256KW}.</p>
      *
      * <p><strong>Code Samples</strong></p>
      * <p>Unwraps the key content. Subscribes to the call asynchronously and prints out the unwrapped key details when a
@@ -400,9 +529,9 @@ public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key, Context contex
      * @param algorithm The encryption algorithm to use for wrapping the key.
      * @param encryptedKey The encrypted key content to unwrap.
      * @return The unwrapped key content.
-     * @throws ResourceNotFoundException if the key cannot be found for wrap operation.
-     * @throws UnsupportedOperationException if the unwrap operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or {@code encryptedKey} is null.
+     * @throws ResourceNotFoundException If the key cannot be found for wrap operation.
+     * @throws UnsupportedOperationException If the unwrap operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code encryptedKey} are {@code null}.
      */
     public UnwrapResult unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey) {
         return unwrapKey(algorithm, encryptedKey, Context.NONE);
@@ -410,16 +539,16 @@ public UnwrapResult unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey) {
 
     /**
      * Unwraps a symmetric key using the configured key that was initially used for wrapping that key. This operation is
-     * the reverse of the wrap operation.
-     * The unwrap operation supports asymmetric and symmetric keys to unwrap. This operation requires the keys/unwrapKey
-     * permission.
+     * the reverse of the wrap operation. The unwrap operation supports asymmetric and symmetric keys to unwrap. This
+     * operation requires the keys/unwrapKey permission.
      *
      * <p>The {@link KeyWrapAlgorithm wrap algorithm} indicates the type of algorithm to use for wrapping the specified
      * key content. Possible values for asymmetric keys include:
-     * {@link KeyWrapAlgorithm#RSA1_5 RSA1_5}, {@link KeyWrapAlgorithm#RSA_OAEP RSA_OAEP} and {@link
-     * KeyWrapAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
-     * Possible values for symmetric keys include: {@link KeyWrapAlgorithm#A128KW A128KW}, {@link
-     * KeyWrapAlgorithm#A192KW A192KW} and {@link KeyWrapAlgorithm#A256KW A256KW}</p>
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
+     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128KW A128KW},
+     * {@link EncryptionAlgorithm#A192KW A192KW} and {@link EncryptionAlgorithm#A256KW A256KW}.</p>
      *
      * <p><strong>Code Samples</strong></p>
      * <p>Unwraps the key content. Subscribes to the call asynchronously and prints out the unwrapped key details when a
@@ -430,12 +559,44 @@ public UnwrapResult unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey) {
      * @param encryptedKey The encrypted key content to unwrap.
      * @param context Additional context that is passed through the Http pipeline during the service call.
      * @return The unwrapped key content.
-     * @throws ResourceNotFoundException if the key cannot be found for wrap operation.
-     * @throws UnsupportedOperationException if the unwrap operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or {@code encryptedKey} is null.
+     * @throws ResourceNotFoundException If the key cannot be found for wrap operation.
+     * @throws UnsupportedOperationException If the unwrap operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code encryptedKey} are {@code null}.
      */
     public UnwrapResult unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, Context context) {
-        return client.unwrapKey(algorithm, encryptedKey, context).block();
+        return unwrapKey(algorithm, encryptedKey, null, context);
+    }
+
+    /**
+     * Unwraps a symmetric key using the configured key that was initially used for wrapping that key. This operation is
+     * the reverse of the wrap operation. The unwrap operation supports asymmetric and symmetric keys to unwrap. This
+     * operation requires the keys/unwrapKey permission.
+     *
+     * <p>The {@link KeyWrapAlgorithm wrap algorithm} indicates the type of algorithm to use for wrapping the specified
+     * key content. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
+     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128KW A128KW},
+     * {@link EncryptionAlgorithm#A192KW A192KW} and {@link EncryptionAlgorithm#A256KW A256KW}.</p>
+     *
+     * <p><strong>Code Samples</strong></p>
+     * <p>Unwraps the key content. Subscribes to the call asynchronously and prints out the unwrapped key details when a
+     * response has been received.</p>
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.unwrapKey#KeyWrapAlgorithm-byte-Context}
+     *
+     * @param algorithm The encryption algorithm to use for wrapping the key.
+     * @param encryptedKey The encrypted key content to unwrap.
+     * @param options Optional parameters for the unwrap operation.
+     * @param context Additional context that is passed through the Http pipeline during the service call.
+     * @return The unwrapped key content.
+     * @throws ResourceNotFoundException If the key cannot be found for wrap operation.
+     * @throws UnsupportedOperationException If the unwrap operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code encryptedKey} are {@code null}.
+     */
+    public UnwrapResult unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CryptographyOptions options,
+                                  Context context) {
+        return client.unwrapKey(algorithm, encryptedKey, options, context).block();
     }
 
     /**

From 67e837c456306c2aaeecdc1326169dabef66ef2f Mon Sep 17 00:00:00 2001
From: Victor Colin Amador <vicolina@microsoft.com>
Date: Thu, 5 Nov 2020 00:50:15 -0800
Subject: [PATCH 04/15] Fixed Javadoc issues.

---
 .../cryptography/SymmetricEncryptionAlgorithm.java   | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricEncryptionAlgorithm.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricEncryptionAlgorithm.java
index 4e469e2b25948..fa713f58de670 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricEncryptionAlgorithm.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricEncryptionAlgorithm.java
@@ -13,12 +13,12 @@
  * Abstract base class for all symmetric encryption implementation.
  */
 abstract class SymmetricEncryptionAlgorithm extends LocalEncryptionAlgorithm {
-    /**
+    /*
      * The block size for AES algorithms.
      */
     static final int BLOCK_SIZE = 128;
 
-    /**
+    /*
      * Constructor.
      *
      * @param name The name of the algorithm.
@@ -27,7 +27,7 @@ abstract class SymmetricEncryptionAlgorithm extends LocalEncryptionAlgorithm {
         super(name);
     }
 
-    /**
+    /*
      * Creates a {@link ICryptoTransform} implementation for encryption using the supplied initialization vector and the
      * specific provider for the Java Security API.
      *
@@ -41,7 +41,7 @@ abstract ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenti
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException;
 
-    /**
+    /*
      * Creates a {@link ICryptoTransform} implementation for encryption
      * using the supplied initialization vector and the specific provider for the Java Security API.
      *
@@ -56,7 +56,7 @@ abstract ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenti
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException;
 
-    /**
+    /*
      * Creates a {@link ICryptoTransform} implementation for decryption using the supplied initialization vector and the
      * specific provider for the Java Security API.
      *
@@ -73,7 +73,7 @@ abstract ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenti
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException;
 
-    /**
+    /*
      * Creates a {@link ICryptoTransform} implementation for decryption using the supplied initialization vector and the
      * specific provider for the Java Security API.
      *

From 17b8e1b07cc0b0dd4645685a5b0f2fa657032c19 Mon Sep 17 00:00:00 2001
From: Victor Colin Amador <vicolina@microsoft.com>
Date: Thu, 5 Nov 2020 02:00:32 -0800
Subject: [PATCH 05/15] Fixed checkstyle issues. Added samples.

---
 .../keyvault/keys/cryptography/Aes128Gcm.java |   2 +-
 .../keyvault/keys/cryptography/Aes192Gcm.java |   2 +-
 .../keyvault/keys/cryptography/Aes256Gcm.java |   2 +-
 .../cryptography/CryptographyAsyncClient.java |   8 +-
 .../keys/cryptography/CryptographyClient.java |   8 +-
 ...ographyAsyncClientJavaDocCodeSnippets.java | 151 ++++++++++++--
 ...CryptographyClientJavaDocCodeSnippets.java | 186 ++++++++++++++++--
 7 files changed, 310 insertions(+), 49 deletions(-)

diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes128Gcm.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes128Gcm.java
index 0b43ea22afaa9..12fa7834e6ea3 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes128Gcm.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes128Gcm.java
@@ -3,7 +3,7 @@
 
 package com.azure.security.keyvault.keys.cryptography;
 
-public class Aes128Gcm extends AesGcm {
+class Aes128Gcm extends AesGcm {
     private static final int KEY_SIZE = 128;
     public static final String ALGORITHM_NAME = "A128GCM";
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes192Gcm.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes192Gcm.java
index 3a4d89301a3e0..6ea8049a0f41b 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes192Gcm.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes192Gcm.java
@@ -3,7 +3,7 @@
 
 package com.azure.security.keyvault.keys.cryptography;
 
-public class Aes192Gcm extends AesGcm {
+class Aes192Gcm extends AesGcm {
     private static final int KEY_SIZE = 192;
     public static final String ALGORITHM_NAME = "A192GCM";
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes256Gcm.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes256Gcm.java
index 193b468bb3694..39ff27b5d40d6 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes256Gcm.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Aes256Gcm.java
@@ -3,7 +3,7 @@
 
 package com.azure.security.keyvault.keys.cryptography;
 
-public class Aes256Gcm extends AesGcm {
+class Aes256Gcm extends AesGcm {
     private static final int KEY_SIZE = 256;
     public static final String ALGORITHM_NAME = "A256GCM";
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
index 00bad7aa5d0cd..7cd3b967f1aeb 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
@@ -248,7 +248,7 @@ public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainte
      * <p><strong>Code Samples</strong></p>
      * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
      * a response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-CryptographyOptions}
      *
      * @param algorithm The algorithm to be used for encryption.
      * @param plaintext The content to be encrypted.
@@ -346,7 +346,7 @@ public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherT
      * <p><strong>Code Samples</strong></p>
      * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
      * details when a response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-CryptographyOptions}
      *
      * @param algorithm The algorithm to be used for decryption.
      * @param cipherText The content to be decrypted.
@@ -531,7 +531,7 @@ public Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key) {
      * <p><strong>Code Samples</strong></p>
      * <p>Wraps the key content. Subscribes to the call asynchronously and prints out the wrapped key details when a
      * response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.wrapKey#KeyWrapAlgorithm-byte}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.wrapKey#KeyWrapAlgorithm-byte-CryptographyOptions}
      *
      * @param algorithm The encryption algorithm to use for wrapping the key.
      * @param key The key content to be wrapped.
@@ -615,7 +615,7 @@ public Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encrypted
      * <p><strong>Code Samples</strong></p>
      * <p>Unwraps the key content. Subscribes to the call asynchronously and prints out the unwrapped key details when a
      * response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.unwrapKey#KeyWrapAlgorithm-byte}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.unwrapKey#KeyWrapAlgorithm-byte-CryptographyOptions}
      *
      * @param algorithm The encryption algorithm to use for wrapping the key.
      * @param encryptedKey The encrypted key content to unwrap.
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
index 2047754c2fde5..cd384f7021d40 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
@@ -172,7 +172,7 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
      * <p><strong>Code Samples</strong></p>
      * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
      * a response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-CryptographyOptions-Context}
      *
      * @param algorithm The algorithm to be used for encryption.
      * @param plaintext The content to be encrypted.
@@ -282,7 +282,7 @@ public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
      * <p><strong>Code Samples</strong></p>
      * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
      * details when a response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-Context}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-CryptographyOptions-Context}
      *
      * @param algorithm The algorithm to be used for decryption.
      * @param cipherText The content to be decrypted.
@@ -492,7 +492,7 @@ public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key, Context contex
      * <p><strong>Code Samples</strong></p>
      * <p>Wraps the key content. Subscribes to the call asynchronously and prints out the wrapped key details when a
      * response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.wrapKey#KeyWrapAlgorithm-byte-Context}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.wrapKey#KeyWrapAlgorithm-byte-CryptographyOptions-Context}
      *
      * @param algorithm The encryption algorithm to use for wrapping the key.
      * @param key The key content to be wrapped.
@@ -583,7 +583,7 @@ public UnwrapResult unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, C
      * <p><strong>Code Samples</strong></p>
      * <p>Unwraps the key content. Subscribes to the call asynchronously and prints out the unwrapped key details when a
      * response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.unwrapKey#KeyWrapAlgorithm-byte-Context}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.unwrapKey#KeyWrapAlgorithm-byte-CryptographyOptions-Context}
      *
      * @param algorithm The encryption algorithm to use for wrapping the key.
      * @param encryptedKey The encrypted key content to unwrap.
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
index c850d06544a4e..4b4f1c7e3a535 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
@@ -106,42 +106,98 @@ public void getKeySnippets() {
 
 
     /**
-     * Generates a code sample for using {@link CryptographyAsyncClient#encrypt(EncryptionAlgorithm, byte[])} and
-     * {@link CryptographyAsyncClient#encrypt(EncryptionAlgorithm, byte[])}
+     * Generates code samples for using {@link CryptographyAsyncClient#encrypt(EncryptionAlgorithm, byte[])} and
+     * {@link CryptographyAsyncClient#encrypt(EncryptionAlgorithm, byte[], CryptographyOptions)}.
      */
     public void encrypt() {
         CryptographyAsyncClient cryptographyAsyncClient = createAsyncClient();
-        byte[] iv = {(byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd, (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
-        byte[] authData = {
-            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f, (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
-            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20, (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
-            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66, (byte) 0x66, (byte) 0x73
-        };
+
         // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte
         byte[] plainText = new byte[100];
         new Random(0x1234567L).nextBytes(plainText);
+
         cryptographyAsyncClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plainText)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
             .subscribe(encryptResult ->
                 System.out.printf("Received encrypted content of length %d with algorithm %s \n",
                     encryptResult.getCipherText().length, encryptResult.getAlgorithm().toString()));
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte
+
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-CryptographyOptions
+        byte[] plainTextBytes = new byte[100];
+
+        new Random(0x1234567L).nextBytes(plainTextBytes);
+
+        byte[] iv = {
+            (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
+            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
+        byte[] authData = {
+            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f,
+            (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
+            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
+            (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
+            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
+            (byte) 0x66, (byte) 0x73
+        };
+
+        CryptographyOptions cryptographyOptions = new CryptographyOptions()
+            .setInitializationVector(iv)
+            .setAdditionalAuthenticatedData(authData);
+
+        cryptographyAsyncClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plainTextBytes, cryptographyOptions)
+            .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
+            .subscribe(encryptResult ->
+                System.out.printf("Received encrypted content of length %d with algorithm %s \n",
+                    encryptResult.getCipherText().length, encryptResult.getAlgorithm().toString()));
+        // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-CryptographyOptions
     }
 
     /**
-     * Generates a code sample for using {@link CryptographyAsyncClient#decrypt(EncryptionAlgorithm, byte[])} and
-     * {@link CryptographyAsyncClient#decrypt(EncryptionAlgorithm, byte[])}
+     * Generates code samples for using {@link CryptographyAsyncClient#decrypt(EncryptionAlgorithm, byte[])} and
+     * {@link CryptographyAsyncClient#decrypt(EncryptionAlgorithm, byte[], CryptographyOptions)}.
      */
     public void decrypt() {
         CryptographyAsyncClient cryptographyAsyncClient = createAsyncClient();
+
         // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte
-        byte[] plainText = new byte[100];
-        new Random(0x1234567L).nextBytes(plainText);
-        cryptographyAsyncClient.decrypt(EncryptionAlgorithm.RSA_OAEP, plainText)
+        byte[] cipherText = new byte[100];
+
+        new Random(0x1234567L).nextBytes(cipherText);
+
+        cryptographyAsyncClient.decrypt(EncryptionAlgorithm.RSA_OAEP, cipherText)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
             .subscribe(decryptResult ->
                 System.out.printf("Received decrypted content of length %d\n", decryptResult.getPlainText().length));
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte
+
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-CryptographyOptions
+        byte[] cipherTextBytes = new byte[100];
+
+        new Random(0x1234567L).nextBytes(cipherTextBytes);
+
+        byte[] iv = {
+            (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
+            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
+        byte[] authData = {
+            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f,
+            (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
+            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
+            (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
+            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
+            (byte) 0x66, (byte) 0x73
+        };
+        byte[] tag = "This is my authentication tag".getBytes();
+
+        CryptographyOptions cryptographyOptions = new CryptographyOptions()
+            .setInitializationVector(iv)
+            .setAdditionalAuthenticatedData(authData)
+            .setTag(tag);
+
+        cryptographyAsyncClient.decrypt(EncryptionAlgorithm.RSA_OAEP, cipherTextBytes, cryptographyOptions)
+            .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
+            .subscribe(decryptResult ->
+                System.out.printf("Received decrypted content of length %d\n", decryptResult.getPlainText().length));
+        // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-CryptographyOptions
     }
 
     /**
@@ -186,6 +242,7 @@ public void signDataVerifyData() throws NoSuchAlgorithmException {
         // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.signData#SignatureAlgorithm-byte
         byte[] data = new byte[100];
         new Random(0x1234567L).nextBytes(data);
+
         cryptographyAsyncClient.sign(SignatureAlgorithm.ES256, data)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
             .subscribe(signResult ->
@@ -201,15 +258,17 @@ public void signDataVerifyData() throws NoSuchAlgorithmException {
     }
 
     /**
-     * Generates a code sample for using {@link CryptographyAsyncClient#wrapKey(KeyWrapAlgorithm, byte[])} and
-     * {@link CryptographyAsyncClient#unwrapKey(KeyWrapAlgorithm, byte[])}
+     * Generates a code sample for using {@link CryptographyAsyncClient#wrapKey(KeyWrapAlgorithm, byte[])},
+     * {@link CryptographyAsyncClient#wrapKey(KeyWrapAlgorithm, byte[], CryptographyOptions)},
+     * {@link CryptographyAsyncClient#unwrapKey(KeyWrapAlgorithm, byte[])} and
+     * {@link CryptographyAsyncClient#unwrapKey(KeyWrapAlgorithm, byte[], CryptographyOptions)}
      */
     public void wrapKeyUnwrapKey() {
         CryptographyAsyncClient cryptographyAsyncClient = createAsyncClient();
-        byte[] encryptedKey = new byte[100];
         // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.wrapKey#KeyWrapAlgorithm-byte
         byte[] key = new byte[100];
         new Random(0x1234567L).nextBytes(key);
+
         cryptographyAsyncClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, key)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
             .subscribe(keyWrapResult ->
@@ -217,12 +276,70 @@ public void wrapKeyUnwrapKey() {
                     keyWrapResult.getEncryptedKey().length, keyWrapResult.getAlgorithm().toString()));
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.wrapKey#KeyWrapAlgorithm-byte
 
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.wrapKey#KeyWrapAlgorithm-byte-CryptographyOptions
+        byte[] keyToWrap = new byte[100];
+
+        new Random(0x1234567L).nextBytes(key);
+
+        byte[] iv = {
+            (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
+            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
+        byte[] authData = {
+            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f,
+            (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
+            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
+            (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
+            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
+            (byte) 0x66, (byte) 0x73
+        };
+
+        CryptographyOptions cryptographyOptions = new CryptographyOptions()
+            .setInitializationVector(iv)
+            .setAdditionalAuthenticatedData(authData);
+
+        cryptographyAsyncClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyToWrap, cryptographyOptions)
+            .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
+            .subscribe(keyWrapResult ->
+                System.out.printf("Received encypted key of length %d with algorithm %s",
+                    keyWrapResult.getEncryptedKey().length, keyWrapResult.getAlgorithm().toString()));
+        // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.wrapKey#KeyWrapAlgorithm-byte-CryptographyOptions
+
         // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.unwrapKey#KeyWrapAlgorithm-byte
-        cryptographyAsyncClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, encryptedKey)
+        byte[] wrappedKey = new byte[100];
+        new Random(0x1234567L).nextBytes(key);
+
+        cryptographyAsyncClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, wrappedKey)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
             .subscribe(keyUnwrapResult ->
                 System.out.printf("Received key of length %d", keyUnwrapResult.getKey().length));
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.unwrapKey#KeyWrapAlgorithm-byte
+
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.unwrapKey#KeyWrapAlgorithm-byte-CryptographyOptions
+        byte[] keyToUnwrap = new byte[100];
+
+        new Random(0x1234567L).nextBytes(key);
+
+        byte[] initializationVector = {
+            (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
+            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
+        byte[] authenticationData = {
+            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f,
+            (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
+            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
+            (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
+            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
+            (byte) 0x66, (byte) 0x73
+        };
+
+        CryptographyOptions options = new CryptographyOptions()
+            .setInitializationVector(initializationVector)
+            .setAdditionalAuthenticatedData(authenticationData);
+
+        cryptographyAsyncClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, keyToUnwrap, options)
+            .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
+            .subscribe(keyUnwrapResult ->
+                System.out.printf("Received key of length %d", keyUnwrapResult.getKey().length));
+        // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.unwrapKey#KeyWrapAlgorithm-byte-CryptographyOptions
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
index 757975b6aba6b..16559c43084ef 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
@@ -69,52 +69,120 @@ public void getKeySnippets() {
     }
 
     /**
-     * Generates a code sample for using {@link CryptographyClient#encrypt(EncryptionAlgorithm, byte[])} and
-     * {@link CryptographyClient#encrypt(EncryptionAlgorithm, byte[])}
+     * Generates a code sample for using {@link CryptographyClient#encrypt(EncryptionAlgorithm, byte[])},
+     * {@link CryptographyClient#encrypt(EncryptionAlgorithm, byte[], Context)} and
+     * {@link CryptographyClient#encrypt(EncryptionAlgorithm, byte[], CryptographyOptions, Context)}.
      */
     public void encrypt() {
         CryptographyClient cryptographyClient = createClient();
-        byte[] iv = {(byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd, (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
-        byte[] authData = {
-            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f, (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
-            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20, (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
-            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66, (byte) 0x66, (byte) 0x73
-        };
+
         // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte
         byte[] plainText = new byte[100];
+
         new Random(0x1234567L).nextBytes(plainText);
+
         EncryptResult encryptResult = cryptographyClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plainText);
+
         System.out.printf("Received encrypted content of length %d with algorithm %s \n",
             encryptResult.getCipherText().length, encryptResult.getAlgorithm().toString());
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte
 
         // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-Context
         byte[] plainTextToEncrypt = new byte[100];
+
         new Random(0x1234567L).nextBytes(plainTextToEncrypt);
+
         EncryptResult encryptionResult = cryptographyClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plainTextToEncrypt,
             new Context(key1, value1));
+
         System.out.printf("Received encrypted content of length %d with algorithm %s \n",
             encryptionResult.getCipherText().length, encryptionResult.getAlgorithm().toString());
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-Context
+
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-CryptographyOptions-Context
+        byte[] myPlainText = new byte[100];
+
+        new Random(0x1234567L).nextBytes(myPlainText);
+
+        byte[] iv = {
+            (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
+            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
+        byte[] authData = {
+            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f,
+            (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
+            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
+            (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
+            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
+            (byte) 0x66, (byte) 0x73
+        };
+
+        CryptographyOptions cryptographyOptions = new CryptographyOptions()
+            .setInitializationVector(iv)
+            .setAdditionalAuthenticatedData(authData);
+
+        EncryptResult encryptedResult = cryptographyClient.encrypt(EncryptionAlgorithm.RSA_OAEP, myPlainText,
+            cryptographyOptions, new Context(key1, value1));
+
+        System.out.printf("Received encrypted content of length %d with algorithm %s \n",
+            encryptedResult.getCipherText().length, encryptedResult.getAlgorithm().toString());
+        // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-CryptographyOptions-Context
     }
 
     /**
-     * Generates a code sample for using {@link CryptographyClient#decrypt(EncryptionAlgorithm, byte[])} and
-     * {@link CryptographyClient#decrypt(EncryptionAlgorithm, byte[])}
+     * Generates a code sample for using {@link CryptographyClient#decrypt(EncryptionAlgorithm, byte[])},
+     * {@link CryptographyClient#decrypt(EncryptionAlgorithm, byte[], Context)} and
+     * {@link CryptographyClient#decrypt(EncryptionAlgorithm, byte[], CryptographyOptions, Context)}.
      */
     public void decrypt() {
         CryptographyClient cryptographyClient = createClient();
-        byte[] encryptedData = new byte[100];
+
         // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte
-        DecryptResult decryptResult = cryptographyClient.decrypt(EncryptionAlgorithm.RSA_OAEP, encryptedData);
+        byte[] cipherText = new byte[100];
+
+        new Random(0x1234567L).nextBytes(cipherText);
+
+        DecryptResult decryptResult = cryptographyClient.decrypt(EncryptionAlgorithm.RSA_OAEP, cipherText);
+
         System.out.printf("Received decrypted content of length %d\n", decryptResult.getPlainText().length);
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte
 
         // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-Context
-        DecryptResult decryptionResult = cryptographyClient.decrypt(EncryptionAlgorithm.RSA_OAEP, encryptedData,
+        byte[] cipherTextToDecrypt = new byte[100];
+
+        new Random(0x1234567L).nextBytes(cipherTextToDecrypt);
+
+        DecryptResult decryptionResult = cryptographyClient.decrypt(EncryptionAlgorithm.RSA_OAEP, cipherTextToDecrypt,
             new Context(key1, value1));
+
         System.out.printf("Received decrypted content of length %d\n", decryptionResult.getPlainText().length);
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-Context
+
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-CryptographyOptions-Context
+        byte[] myCipherText = new byte[100];
+
+        new Random(0x1234567L).nextBytes(myCipherText);
+
+        byte[] iv = {
+            (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
+            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
+        byte[] authData = {
+            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f,
+            (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
+            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
+            (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
+            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
+            (byte) 0x66, (byte) 0x73
+        };
+
+        CryptographyOptions cryptographyOptions = new CryptographyOptions()
+            .setInitializationVector(iv)
+            .setAdditionalAuthenticatedData(authData);
+
+        DecryptResult decryptedResult = cryptographyClient.decrypt(EncryptionAlgorithm.RSA_OAEP, myCipherText,
+            cryptographyOptions, new Context(key1, value1));
+
+        System.out.printf("Received decrypted content of length %d\n", decryptedResult.getPlainText().length);
+        // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-CryptographyOptions-Context
     }
 
     /**
@@ -196,38 +264,114 @@ public void signDataVerifyData() throws NoSuchAlgorithmException {
     }
 
     /**
-     * Generates a code sample for using {@link CryptographyClient#wrapKey(KeyWrapAlgorithm, byte[])} and
-     * {@link CryptographyClient#unwrapKey(KeyWrapAlgorithm, byte[])}
+     * Generates a code sample for using {@link CryptographyClient#wrapKey(KeyWrapAlgorithm, byte[])},
+     * {@link CryptographyClient#wrapKey(KeyWrapAlgorithm, byte[], Context)},
+     * {@link CryptographyClient#wrapKey(KeyWrapAlgorithm, byte[], CryptographyOptions, Context)},
+     * {@link CryptographyClient#unwrapKey(KeyWrapAlgorithm, byte[])},
+     * {@link CryptographyClient#unwrapKey(KeyWrapAlgorithm, byte[], Context)} and
+     * {@link CryptographyClient#unwrapKey(KeyWrapAlgorithm, byte[], CryptographyOptions, Context)}.
      */
     public void wrapKeyUnwrapKey() {
         CryptographyClient cryptographyClient = createClient();
-        byte[] encryptedKey = new byte[100];
+
         // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.wrapKey#KeyWrapAlgorithm-byte
         byte[] key = new byte[100];
+
         new Random(0x1234567L).nextBytes(key);
+
         WrapResult wrapResult = cryptographyClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, key);
+
         System.out.printf("Received encypted key of length %d with algorithm %s", wrapResult.getEncryptedKey().length,
             wrapResult.getAlgorithm().toString());
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.wrapKey#KeyWrapAlgorithm-byte
 
         // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.wrapKey#KeyWrapAlgorithm-byte-Context
         byte[] keyContent = new byte[100];
+
         new Random(0x1234567L).nextBytes(keyContent);
-        WrapResult keyWrapResponse = cryptographyClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyContent);
-        System.out.printf("Received encypted key of length %d with algorithm %s", keyWrapResponse.getEncryptedKey().length,
-            keyWrapResponse.getAlgorithm().toString(), new Context(key1, value1));
+
+        WrapResult keyWrapResponse = cryptographyClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyContent,
+            new Context(key1, value1));
+
+        System.out.printf("Received encrypted key of length %d with algorithm %s", keyWrapResponse.getEncryptedKey().length,
+            keyWrapResponse.getAlgorithm().toString());
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.wrapKey#KeyWrapAlgorithm-byte-Context
 
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.wrapKey#KeyWrapAlgorithm-byte-CryptographyOptions-Context
+        byte[] keyToWrap = new byte[100];
+
+        new Random(0x1234567L).nextBytes(keyToWrap);
+
+        byte[] iv = {
+            (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
+            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
+        byte[] authData = {
+            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f,
+            (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
+            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
+            (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
+            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
+            (byte) 0x66, (byte) 0x73
+        };
+
+        CryptographyOptions cryptographyOptions = new CryptographyOptions()
+            .setInitializationVector(iv)
+            .setAdditionalAuthenticatedData(authData);
+
+        WrapResult wrapKeyResult = cryptographyClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyToWrap, cryptographyOptions,
+            new Context(key1, value1));
+
+        System.out.printf("Received encrypted key of length %d with algorithm %s", wrapKeyResult.getEncryptedKey().length,
+            wrapKeyResult.getAlgorithm().toString());
+        // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.wrapKey#KeyWrapAlgorithm-byte-CryptographyOptions-Context
+
         // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.unwrapKey#KeyWrapAlgorithm-byte
-        UnwrapResult unwrapResult = cryptographyClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, encryptedKey);
+        byte[] wrappedKey = new byte[100];
+
+        new Random(0x1234567L).nextBytes(wrappedKey);
+
+        UnwrapResult unwrapResult = cryptographyClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, wrappedKey);
+
         System.out.printf("Received key of length %d", unwrapResult.getKey().length);
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.unwrapKey#KeyWrapAlgorithm-byte
 
         // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.unwrapKey#KeyWrapAlgorithm-byte-Context
-        UnwrapResult keyUnwrapResponse = cryptographyClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, encryptedKey,
+        byte[] wrappedKeyContent = new byte[100];
+
+        new Random(0x1234567L).nextBytes(wrappedKeyContent);
+
+        UnwrapResult keyUnwrapResponse = cryptographyClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, wrappedKeyContent,
             new Context(key2, value2));
+
         System.out.printf("Received key of length %d", keyUnwrapResponse.getKey().length);
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.unwrapKey#KeyWrapAlgorithm-byte-Context
+
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.unwrapKey#KeyWrapAlgorithm-byte-CryptographyOptions-Context
+        byte[] keyToUnwrap = new byte[100];
+
+        new Random(0x1234567L).nextBytes(keyToUnwrap);
+
+        byte[] initializationVector = {
+            (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
+            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
+        byte[] authenticationData = {
+            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f,
+            (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
+            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
+            (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
+            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
+            (byte) 0x66, (byte) 0x73
+        };
+
+        CryptographyOptions options = new CryptographyOptions()
+            .setInitializationVector(initializationVector)
+            .setAdditionalAuthenticatedData(authenticationData);
+
+        UnwrapResult unwrappedKey = cryptographyClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, keyToUnwrap, options,
+            new Context(key2, value2));
+
+        System.out.printf("Received key of length %d", unwrappedKey.getKey().length);
+        // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.unwrapKey#KeyWrapAlgorithm-byte-CryptographyOptions-Context
     }
 
     /**

From 37d0e65a6640bda46ba45331740b556237494bdd Mon Sep 17 00:00:00 2001
From: Victor Colin Amador <vicolina@microsoft.com>
Date: Thu, 5 Nov 2020 02:02:19 -0800
Subject: [PATCH 06/15] Added checkstyle exceptions.

---
 .../src/main/resources/checkstyle/checkstyle-suppressions.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/eng/code-quality-reports/src/main/resources/checkstyle/checkstyle-suppressions.xml b/eng/code-quality-reports/src/main/resources/checkstyle/checkstyle-suppressions.xml
index 1cb6bb99d61c8..17ab552f3c65d 100755
--- a/eng/code-quality-reports/src/main/resources/checkstyle/checkstyle-suppressions.xml
+++ b/eng/code-quality-reports/src/main/resources/checkstyle/checkstyle-suppressions.xml
@@ -346,6 +346,10 @@
   <!-- InvalidKeyException is not a runtime exception, issue link: https://github.com/Azure/azure-sdk-for-java/issues/5178 -->
   <suppress checks="com.azure.tools.checkstyle.checks.ThrowFromClientLogger"
             files="com.azure.security.keyvault.keys.cryptography.AesCbc.java"/>
+  <suppress checks="com.azure.tools.checkstyle.checks.ThrowFromClientLogger"
+            files="com.azure.security.keyvault.keys.cryptography.AesCbcPad.java"/>
+  <suppress checks="com.azure.tools.checkstyle.checks.ThrowFromClientLogger"
+            files="com.azure.security.keyvault.keys.cryptography.AesGcm.java"/>
 
   <!-- MSAL extension temporarily living in our package. Will not take dependency on azure-core once migrated to MSAL repo -->
   <suppress checks="com.azure.tools.checkstyle.checks.ThrowFromClientLogger"

From 059c29ce48d87dfe947d7b86ebac48ddf78212a8 Mon Sep 17 00:00:00 2001
From: Victor Colin Amador <vicolina@microsoft.com>
Date: Thu, 5 Nov 2020 02:54:03 -0800
Subject: [PATCH 07/15] Fixed test and spotbugs issues.

---
 .../keyvault/keys/cryptography/AesKw.java     |  7 ++-
 .../cryptography/CryptographyOptions.java     | 60 +++++++------------
 .../CryptographyServiceClient.java            | 52 +++++++++++++---
 .../SymmetricEncryptionAlgorithm.java         |  5 --
 .../SymmetricKeyCryptographyClient.java       | 49 ++++++---------
 ...ographyAsyncClientJavaDocCodeSnippets.java | 17 ++----
 ...CryptographyClientJavaDocCodeSnippets.java | 17 ++----
 7 files changed, 97 insertions(+), 110 deletions(-)

diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw.java
index 66f6ccc0a90c9..f8664111c848e 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw.java
@@ -17,6 +17,7 @@
 import java.security.Provider;
 
 abstract class AesKw extends LocalKeyWrapAlgorithm {
+    static final int BLOCK_SIZE_IN_BITS = 64;
     static final byte[] DEFAULT_IV =
         new byte[]{(byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6,
             (byte) 0xA6};
@@ -134,7 +135,8 @@ public ICryptoTransform createEncryptor(byte[] key, byte[] iv, Provider provider
         if (iv != null) {
             // iv length must be 64 bits
             if (iv.length != 8) {
-                throw logger.logExceptionAsError(new IllegalArgumentException("iv length must be 64 bits"));
+                throw logger.logExceptionAsError(new IllegalArgumentException(String.format(
+                    "iv length must be %s bits", BLOCK_SIZE_IN_BITS)));
             }
             // iv cannot be specified with the default provider
             if (provider == null) {
@@ -187,7 +189,8 @@ public ICryptoTransform createDecryptor(byte[] key, byte[] iv, Provider provider
         if (iv != null) {
             // iv length must be 64 bits
             if (iv.length != 8) {
-                throw logger.logExceptionAsError(new IllegalArgumentException("iv length must be 64 bits"));
+                throw logger.logExceptionAsError(new IllegalArgumentException(String.format(
+                    "iv length must be %s bits", BLOCK_SIZE_IN_BITS)));
             }
             // iv cannot be specified with the default provider
             if (provider == null) {
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyOptions.java
index 952147bd1b4a8..ac01cae50a7dd 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyOptions.java
@@ -15,38 +15,46 @@ public class CryptographyOptions {
      * Initialization vector for symmetric algorithms.
      */
     @JsonProperty(value = "iv")
-    private byte[] initializationVector;
+    private final byte[] initializationVector;
 
     /**
      * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
      */
     @JsonProperty(value = "aad")
-    private byte[] additionalAuthenticatedData;
+    private final byte[] additionalAuthenticatedData;
 
     /**
      * The tag to authenticate when performing decryption with an authenticated algorithm.
      */
     @JsonProperty(value = "tag")
-    private byte[] tag;
+    private final byte[] tag;
 
     /**
-     * Get the initialization vector to be used in the cryptographic operation using a symmetric algorithm.
+     * Creates an instance of {@link CryptographyOptions} with the given parameters.
      *
-     * @return The initialization vector.
+     * @param initializationVector Initialization vector for symmetric algorithms.
+     * @param additionalAuthenticatedData Additional data to authenticate but not encrypt/decrypt when using
+     * authenticated crypto algorithms.
+     * @param tag The tag to authenticate when performing decryption with an authenticated algorithm.
      */
-    public byte[] getInitializationVector() {
-        return initializationVector;
+    public CryptographyOptions(byte[] initializationVector, byte[] additionalAuthenticatedData, byte[] tag) {
+        this.initializationVector = new byte[initializationVector.length];
+        this.additionalAuthenticatedData = new byte[additionalAuthenticatedData.length];
+        this.tag = new byte[tag.length];
+
+        System.arraycopy(initializationVector, 0, this.initializationVector, 0, initializationVector.length);
+        System.arraycopy(additionalAuthenticatedData, 0, this.additionalAuthenticatedData, 0,
+            additionalAuthenticatedData.length);
+        System.arraycopy(tag, 0, this.tag, 0, tag.length);
     }
 
     /**
-     * Set the initialization vector to be used in the cryptographic operation using a symmetric algorithm.
+     * Get the initialization vector to be used in the cryptographic operation using a symmetric algorithm.
      *
-     * @param initializationVector The initialization vector to set.
-     * @return The updated {@link CryptographyOptions} object.
+     * @return The initialization vector.
      */
-    public CryptographyOptions setInitializationVector(byte[] initializationVector) {
-        this.initializationVector = initializationVector;
-        return this;
+    public byte[] getInitializationVector() {
+        return initializationVector.clone();
     }
 
     /**
@@ -55,18 +63,7 @@ public CryptographyOptions setInitializationVector(byte[] initializationVector)
      * @return The additional authenticated data.
      */
     public byte[] getAdditionalAuthenticatedData() {
-        return additionalAuthenticatedData;
-    }
-
-    /**
-     * Set additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
-     *
-     * @param additionalAuthenticatedData The additional authenticated data.
-     * @return The updated {@link CryptographyOptions} object.
-     */
-    public CryptographyOptions setAdditionalAuthenticatedData(byte[] additionalAuthenticatedData) {
-        this.additionalAuthenticatedData = additionalAuthenticatedData;
-        return this;
+        return additionalAuthenticatedData.clone();
     }
 
     /**
@@ -75,17 +72,6 @@ public CryptographyOptions setAdditionalAuthenticatedData(byte[] additionalAuthe
      * @return The tag.
      */
     public byte[] getTag() {
-        return tag;
-    }
-
-    /**
-     * Set the tag to authenticate when performing decryption with an authenticated algorithm.
-     *
-     * @param tag The tag to set.
-     * @return The updated {@link CryptographyOptions} object.
-     */
-    public CryptographyOptions setTag(byte[] tag) {
-        this.tag = tag;
-        return this;
+        return tag.clone();
     }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
index 5748631b77564..aaf2c8ab3213c 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
@@ -127,11 +127,19 @@ JsonWebKey transformSecretKey(SecretKey secretKey) throws JsonProcessingExceptio
 
     Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options,
                                 Context context) {
+        byte[] initializationVector = null;
+        byte[] authenticatedData = null;
+
+        if (options != null) {
+            initializationVector = options.getInitializationVector();
+            authenticatedData = options.getAdditionalAuthenticatedData();
+        }
+
         KeyOperationParameters parameters = new KeyOperationParameters()
             .setAlgorithm(algorithm)
             .setValue(plaintext)
-            .setInitializationVector(options.getInitializationVector())
-            .setAdditionalAuthenticatedData(options.getAdditionalAuthenticatedData());
+            .setInitializationVector(initializationVector)
+            .setAdditionalAuthenticatedData(authenticatedData);
         context = context == null ? Context.NONE : context;
 
         return service.encrypt(vaultUrl, keyName, version, apiVersion, ACCEPT_LANGUAGE, parameters,
@@ -147,12 +155,22 @@ Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Cry
 
     Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options,
                                 Context context) {
+        byte[] initializationVector = null;
+        byte[] authenticatedData = null;
+        byte[] tag = null;
+
+        if (options != null) {
+            initializationVector = options.getInitializationVector();
+            authenticatedData = options.getAdditionalAuthenticatedData();
+            tag = options.getTag();
+        }
+
         KeyOperationParameters parameters = new KeyOperationParameters()
             .setAlgorithm(algorithm)
             .setValue(cipherText)
-            .setInitializationVector(options.getInitializationVector())
-            .setAdditionalAuthenticatedData(options.getAdditionalAuthenticatedData())
-            .setTag(options.getTag());
+            .setInitializationVector(initializationVector)
+            .setAdditionalAuthenticatedData(authenticatedData)
+            .setTag(tag);
         context = context == null ? Context.NONE : context;
 
         return service.decrypt(vaultUrl, keyName, version, apiVersion, ACCEPT_LANGUAGE, parameters,
@@ -195,11 +213,19 @@ Mono<VerifyResult> verify(SignatureAlgorithm algorithm, byte[] digest, byte[] si
     }
 
     Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options, Context context) {
+        byte[] initializationVector = null;
+        byte[] authenticatedData = null;
+
+        if (options != null) {
+            initializationVector = options.getInitializationVector();
+            authenticatedData = options.getAdditionalAuthenticatedData();
+        }
+
         KeyWrapUnwrapRequest parameters = new KeyWrapUnwrapRequest()
             .setAlgorithm(algorithm)
             .setValue(key)
-            .setInitializationVector(options.getInitializationVector())
-            .setAdditionalAuthenticatedData(options.getAdditionalAuthenticatedData());
+            .setInitializationVector(initializationVector)
+            .setAdditionalAuthenticatedData(authenticatedData);
         context = context == null ? Context.NONE : context;
 
         return service.wrapKey(vaultUrl, keyName, version, apiVersion, ACCEPT_LANGUAGE, parameters,
@@ -215,11 +241,19 @@ Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOpt
 
     Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CryptographyOptions options,
                                  Context context) {
+        byte[] initializationVector = null;
+        byte[] authenticatedData = null;
+
+        if (options != null) {
+            initializationVector = options.getInitializationVector();
+            authenticatedData = options.getAdditionalAuthenticatedData();
+        }
+
         KeyWrapUnwrapRequest parameters = new KeyWrapUnwrapRequest()
             .setAlgorithm(algorithm)
             .setValue(encryptedKey)
-            .setInitializationVector(options.getInitializationVector())
-            .setAdditionalAuthenticatedData(options.getAdditionalAuthenticatedData());
+            .setInitializationVector(initializationVector)
+            .setAdditionalAuthenticatedData(authenticatedData);
         context = context == null ? Context.NONE : context;
 
         return service.unwrapKey(vaultUrl, keyName, version, apiVersion, ACCEPT_LANGUAGE, parameters,
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricEncryptionAlgorithm.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricEncryptionAlgorithm.java
index fa713f58de670..205c2f64f6327 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricEncryptionAlgorithm.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricEncryptionAlgorithm.java
@@ -13,11 +13,6 @@
  * Abstract base class for all symmetric encryption implementation.
  */
 abstract class SymmetricEncryptionAlgorithm extends LocalEncryptionAlgorithm {
-    /*
-     * The block size for AES algorithms.
-     */
-    static final int BLOCK_SIZE = 128;
-
     /*
      * Constructor.
      *
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
index a64eee3092d1f..adb887f5a90e0 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
@@ -18,9 +18,6 @@
 import reactor.core.publisher.Mono;
 
 import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-
-import static com.azure.security.keyvault.keys.cryptography.SymmetricEncryptionAlgorithm.BLOCK_SIZE;
 
 class SymmetricKeyCryptographyClient extends LocalKeyCryptographyClient {
     private final ClientLogger logger = new ClientLogger(SymmetricKeyCryptographyClient.class);
@@ -68,17 +65,16 @@ Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext
 
         ICryptoTransform transform;
 
-        byte[] iv = options.getInitializationVector();
+        byte[] iv = null;
+        byte[] authData = null;
 
-        if (iv == null) {
-            SecureRandom secureRandom = new SecureRandom();
-            iv = new byte[BLOCK_SIZE];
-            secureRandom.nextBytes(iv);
+        if (options != null) {
+            iv = options.getInitializationVector();
+            authData = options.getAdditionalAuthenticatedData();
         }
 
         try {
-            transform = symmetricEncryptionAlgorithm.createEncryptor(this.key, iv,
-                options.getAdditionalAuthenticatedData(), null);
+            transform = symmetricEncryptionAlgorithm.createEncryptor(this.key, iv, authData, null);
         } catch (Exception e) {
             return Mono.error(e);
         }
@@ -114,17 +110,18 @@ Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherTex
 
         ICryptoTransform transform;
 
-        byte[] iv = options.getInitializationVector();
+        byte[] iv = null;
+        byte[] authData = null;
+        byte[] tag = null;
 
-        if (iv == null) {
-            SecureRandom secureRandom = new SecureRandom();
-            iv = new byte[BLOCK_SIZE];
-            secureRandom.nextBytes(iv);
+        if (options != null) {
+            iv = options.getInitializationVector();
+            authData = options.getAdditionalAuthenticatedData();
+            tag = options.getTag();
         }
 
         try {
-            transform = symmetricEncryptionAlgorithm.createDecryptor(this.key, iv,
-                options.getAdditionalAuthenticatedData(), options.getTag());
+            transform = symmetricEncryptionAlgorithm.createDecryptor(this.key, iv, authData, tag);
         } catch (Exception e) {
             return Mono.error(e);
         }
@@ -171,13 +168,7 @@ Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Cryptograp
 
         ICryptoTransform transform;
 
-        byte[] iv = options.getInitializationVector();
-
-        if (iv == null) {
-            SecureRandom secureRandom = new SecureRandom();
-            iv = new byte[BLOCK_SIZE];
-            secureRandom.nextBytes(iv);
-        }
+        byte[] iv = options == null ? null : options.getInitializationVector();
 
         try {
             transform = localKeyWrapAlgorithm.createEncryptor(this.key, iv, null);
@@ -211,16 +202,10 @@ Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKe
 
         ICryptoTransform transform;
 
-        byte[] iv = options.getInitializationVector();
-
-        if (iv == null) {
-            SecureRandom secureRandom = new SecureRandom();
-            iv = new byte[BLOCK_SIZE];
-            secureRandom.nextBytes(iv);
-        }
+        byte[] iv = options == null ? null : options.getInitializationVector();
 
         try {
-            transform = localKeyWrapAlgorithm.createDecryptor(key, iv, null);
+            transform = localKeyWrapAlgorithm.createDecryptor(this.key, iv, null);
         } catch (Exception e) {
             return Mono.error(e);
         }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
index 4b4f1c7e3a535..f00a6c3942625 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
@@ -140,9 +140,7 @@ public void encrypt() {
             (byte) 0x66, (byte) 0x73
         };
 
-        CryptographyOptions cryptographyOptions = new CryptographyOptions()
-            .setInitializationVector(iv)
-            .setAdditionalAuthenticatedData(authData);
+        CryptographyOptions cryptographyOptions = new CryptographyOptions(iv, authData, null);
 
         cryptographyAsyncClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plainTextBytes, cryptographyOptions)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
@@ -188,10 +186,7 @@ public void decrypt() {
         };
         byte[] tag = "This is my authentication tag".getBytes();
 
-        CryptographyOptions cryptographyOptions = new CryptographyOptions()
-            .setInitializationVector(iv)
-            .setAdditionalAuthenticatedData(authData)
-            .setTag(tag);
+        CryptographyOptions cryptographyOptions = new CryptographyOptions(iv, authData, tag);
 
         cryptographyAsyncClient.decrypt(EncryptionAlgorithm.RSA_OAEP, cipherTextBytes, cryptographyOptions)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
@@ -293,9 +288,7 @@ public void wrapKeyUnwrapKey() {
             (byte) 0x66, (byte) 0x73
         };
 
-        CryptographyOptions cryptographyOptions = new CryptographyOptions()
-            .setInitializationVector(iv)
-            .setAdditionalAuthenticatedData(authData);
+        CryptographyOptions cryptographyOptions = new CryptographyOptions(iv, authData, null);
 
         cryptographyAsyncClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyToWrap, cryptographyOptions)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
@@ -331,9 +324,7 @@ public void wrapKeyUnwrapKey() {
             (byte) 0x66, (byte) 0x73
         };
 
-        CryptographyOptions options = new CryptographyOptions()
-            .setInitializationVector(initializationVector)
-            .setAdditionalAuthenticatedData(authenticationData);
+        CryptographyOptions options = new CryptographyOptions(initializationVector, authenticationData, null);
 
         cryptographyAsyncClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, keyToUnwrap, options)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
index 16559c43084ef..ec8e3870901fc 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
@@ -116,9 +116,7 @@ public void encrypt() {
             (byte) 0x66, (byte) 0x73
         };
 
-        CryptographyOptions cryptographyOptions = new CryptographyOptions()
-            .setInitializationVector(iv)
-            .setAdditionalAuthenticatedData(authData);
+        CryptographyOptions cryptographyOptions = new CryptographyOptions(iv, authData, null);
 
         EncryptResult encryptedResult = cryptographyClient.encrypt(EncryptionAlgorithm.RSA_OAEP, myPlainText,
             cryptographyOptions, new Context(key1, value1));
@@ -173,10 +171,9 @@ public void decrypt() {
             (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
             (byte) 0x66, (byte) 0x73
         };
+        byte[] tag = "This is my authentication tag".getBytes();
 
-        CryptographyOptions cryptographyOptions = new CryptographyOptions()
-            .setInitializationVector(iv)
-            .setAdditionalAuthenticatedData(authData);
+        CryptographyOptions cryptographyOptions = new CryptographyOptions(iv, authData, tag);
 
         DecryptResult decryptedResult = cryptographyClient.decrypt(EncryptionAlgorithm.RSA_OAEP, myCipherText,
             cryptographyOptions, new Context(key1, value1));
@@ -314,9 +311,7 @@ public void wrapKeyUnwrapKey() {
             (byte) 0x66, (byte) 0x73
         };
 
-        CryptographyOptions cryptographyOptions = new CryptographyOptions()
-            .setInitializationVector(iv)
-            .setAdditionalAuthenticatedData(authData);
+        CryptographyOptions cryptographyOptions = new CryptographyOptions(iv, authData, null);
 
         WrapResult wrapKeyResult = cryptographyClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyToWrap, cryptographyOptions,
             new Context(key1, value1));
@@ -363,9 +358,7 @@ public void wrapKeyUnwrapKey() {
             (byte) 0x66, (byte) 0x73
         };
 
-        CryptographyOptions options = new CryptographyOptions()
-            .setInitializationVector(initializationVector)
-            .setAdditionalAuthenticatedData(authenticationData);
+        CryptographyOptions options = new CryptographyOptions(initializationVector, authenticationData, null);
 
         UnwrapResult unwrappedKey = cryptographyClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, keyToUnwrap, options,
             new Context(key2, value2));

From df0aeb720f67149df6dae0321e7471b6188cbfef Mon Sep 17 00:00:00 2001
From: Victor Colin Amador <vicolina@microsoft.com>
Date: Wed, 11 Nov 2020 10:38:04 -0800
Subject: [PATCH 08/15] Applied PR feedback and added local tests.

---
 .../resources/spotbugs/spotbugs-exclude.xml   |  11 +-
 .../cryptography/AesCbcDecryptOptions.java    |  19 ++++
 .../cryptography/AesCbcEncryptOptions.java    |  19 ++++
 .../keyvault/keys/cryptography/AesGcm.java    |  33 ++++--
 .../cryptography/AesGcmDecryptOptions.java    |  20 ++++
 .../cryptography/AesGcmEncryptOptions.java    |  20 ++++
 .../keyvault/keys/cryptography/AesKw.java     |   4 +-
 .../cryptography/CryptographyAsyncClient.java |  99 ++++-------------
 .../keys/cryptography/CryptographyClient.java |  75 ++-----------
 .../cryptography/CryptographyOptions.java     |  77 --------------
 .../CryptographyServiceClient.java            |  56 ++++------
 .../keys/cryptography/DecryptOptions.java     | 100 ++++++++++++++++++
 .../cryptography/EcKeyCryptographyClient.java |  11 +-
 .../keys/cryptography/EncryptOptions.java     |  73 +++++++++++++
 .../cryptography/KeyOperationParameters.java  |  26 ++---
 .../cryptography/KeyWrapUnwrapRequest.java    |  78 --------------
 .../LocalCryptographyAsyncClient.java         |  96 ++++++++++++++++-
 .../cryptography/LocalCryptographyClient.java |  99 +++++++++++++++--
 .../LocalKeyCryptographyClient.java           |  12 +--
 .../RsaKeyCryptographyClient.java             |  19 ++--
 .../SymmetricKeyCryptographyClient.java       |  88 +++++++++++----
 ...ographyAsyncClientJavaDocCodeSnippets.java |  96 +++--------------
 ...CryptographyClientJavaDocCodeSnippets.java | 100 +++---------------
 ...ographyAsyncClientJavaDocCodeSnippets.java |  38 +++++--
 ...CryptographyClientJavaDocCodeSnippets.java |  39 +++++--
 .../cryptography/CryptographyClientTest.java  |  18 +++-
 .../CryptographyClientTestBase.java           |   7 +-
 .../LocalCryptographyClientTest.java          |  51 +++++++--
 .../LocalCryptographyClientTestBase.java      |  89 ++++++++++++++++
 .../encryptDecryptLocalAes128Cbc.json         |   4 +
 .../encryptDecryptLocalAes128CbcPad.json      |   4 +
 .../encryptDecryptLocalAes128Gcm.json         |   4 +
 .../encryptDecryptLocalAes192Cbc.json         |   4 +
 .../encryptDecryptLocalAes192CbcPad.json      |   4 +
 .../encryptDecryptLocalAes192Gcm.json         |   4 +
 .../encryptDecryptLocalAes256Cbc.json         |   4 +
 .../encryptDecryptLocalAes256CbcPad.json      |   4 +
 .../encryptDecryptLocalAes256Gcm.json         |   4 +
 38 files changed, 894 insertions(+), 615 deletions(-)
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcDecryptOptions.java
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcEncryptOptions.java
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmDecryptOptions.java
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmEncryptOptions.java
 delete mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyOptions.java
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes128Cbc.json
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes128CbcPad.json
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes128Gcm.json
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes192Cbc.json
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes192CbcPad.json
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes192Gcm.json
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes256Cbc.json
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes256CbcPad.json
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes256Gcm.json

diff --git a/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml b/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml
index 9fdf48d2e6d1d..9054faef8bcbd 100755
--- a/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml
+++ b/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml
@@ -2383,7 +2383,7 @@
     <Method name="getUserName" />
     <Bug pattern="NM_CONFUSING" />
   </Match>
- 
+
   <!-- Disabling false positives in azure-core -->
   <!-- This Issue has been resolved as per spotbugs's recommended solution but the static checker still flags it, its a known issue with this rule. -->
   <Match>
@@ -2414,4 +2414,13 @@
       <Method name="~(get|post)" />
       <Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE" />
   </Match>
+
+  <!-- Service accepts null byte arrays as input parameters -->
+  <Match>
+      <Or>
+          <Class name="com.azure.security.keyvault.keys.cryptography.DecryptOptions" />
+          <Class name="com.azure.security.keyvault.keys.cryptography.EncryptOptions" />
+      </Or>
+      <Bug pattern="PZLA_PREFER_ZERO_LENGTH_ARRAYS" />
+  </Match>
 </FindBugsFilter>
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcDecryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcDecryptOptions.java
new file mode 100644
index 0000000000000..a962f4325bce1
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcDecryptOptions.java
@@ -0,0 +1,19 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+/**
+ * A class containing configuration parameters that can be applied when decrypting AES-CBC keys with and without
+ * padding.
+ */
+public class AesCbcDecryptOptions extends DecryptOptions {
+    /**
+     * Creates an instance of {@link AesCbcDecryptOptions} with the given parameters.
+     *
+     * @param iv Initialization vector for the decryption operation.
+     */
+    public AesCbcDecryptOptions(byte[] iv) {
+        super(iv, null, null);
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcEncryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcEncryptOptions.java
new file mode 100644
index 0000000000000..9691c94c653f9
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcEncryptOptions.java
@@ -0,0 +1,19 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+/**
+ * A class containing configuration parameters that can be applied when encrypting AES-CBC keys with and without
+ * padding.
+ */
+public class AesCbcEncryptOptions extends EncryptOptions {
+    /**
+     * Creates an instance of {@link AesCbcEncryptOptions} with the given parameters.
+     *
+     * @param iv Initialization vector for the encryption operation.
+     */
+    public AesCbcEncryptOptions(byte[] iv) {
+        super(iv, null);
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java
index b0946128cf9d3..91bf80d4f96f1 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java
@@ -7,15 +7,18 @@
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
 import java.util.Arrays;
+import java.util.Objects;
 
 abstract class AesGcm extends SymmetricEncryptionAlgorithm {
+    static final int DEFAULT_TAG_LENGTH = 96;
+
     final int keySizeInBytes;
     final int keySize;
 
@@ -29,17 +32,19 @@ protected AesGcm(String name, int size) {
     static class AesGcmEncryptor implements ICryptoTransform {
         private final Cipher cipher;
 
-        AesGcmEncryptor(byte[] key, byte[] iv, Provider provider) throws NoSuchAlgorithmException,
-            NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
+        AesGcmEncryptor(byte[] key, byte[] iv, byte[] authenticationData, Provider provider)
+            throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
+            InvalidAlgorithmParameterException {
 
             // Create the cipher using the Provider if specified
             if (provider == null) {
-                cipher = Cipher.getInstance("AES/CBC/NoPadding");
+                cipher = Cipher.getInstance("AES/GCM/NoPadding");
             } else {
-                cipher = Cipher.getInstance("AES/CBC/NoPadding", provider);
+                cipher = Cipher.getInstance("AES/GCM/NoPadding", provider);
             }
 
-            cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv));
+            cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"),
+                new GCMParameterSpec(DEFAULT_TAG_LENGTH, iv));
         }
 
         @Override
@@ -51,8 +56,9 @@ public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPad
     static class AesGcmDecryptor implements ICryptoTransform {
         private final Cipher cipher;
 
-        AesGcmDecryptor(byte[] key, byte[] iv, Provider provider) throws NoSuchAlgorithmException,
-            NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
+        AesGcmDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag, Provider provider)
+            throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
+            InvalidAlgorithmParameterException {
 
             // Create the cipher using the Provider if specified
             if (provider == null) {
@@ -61,7 +67,11 @@ static class AesGcmDecryptor implements ICryptoTransform {
                 cipher = Cipher.getInstance("AES/GCM/NoPadding", provider);
             }
 
-            cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv));
+
+            Objects.requireNonNull(authenticationTag, "'authenticationTag' cannot be null");
+
+            cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"),
+                new GCMParameterSpec(authenticationTag.length << 3, iv));
         }
 
         @Override
@@ -87,7 +97,7 @@ public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authentica
             throw new InvalidKeyException("key must be at least " + keySize + " bits in length");
         }
 
-        return new AesGcmEncryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, provider);
+        return new AesGcmEncryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, authenticationData, provider);
     }
 
     @Override
@@ -108,6 +118,7 @@ public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authentica
             throw new InvalidKeyException("key must be at least " + keySize + " bits in length");
         }
 
-        return new AesGcmDecryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, provider);
+        return new AesGcmDecryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, authenticationData,
+            authenticationTag, provider);
     }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmDecryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmDecryptOptions.java
new file mode 100644
index 0000000000000..c335aae51b159
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmDecryptOptions.java
@@ -0,0 +1,20 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+/**
+ * A class containing configuration parameters that can be applied when decrypting AES-GCM keys.
+ */
+public class AesGcmDecryptOptions extends DecryptOptions {
+    /**
+     * Creates an instance of {@link AesGcmDecryptOptions} with the given parameters.
+     *
+     * @param iv Initialization vector for the decryption operation.
+     * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
+     * @param authenticationTag The tag to authenticate when performing decryption.
+     */
+    public AesGcmDecryptOptions(byte[] iv, byte[] additionalAuthenticatedData, byte[] authenticationTag) {
+        super(iv, additionalAuthenticatedData, authenticationTag);
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmEncryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmEncryptOptions.java
new file mode 100644
index 0000000000000..d9697164c9d28
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmEncryptOptions.java
@@ -0,0 +1,20 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+/**
+ * A class containing configuration parameters that can be applied when encrypting AES-GCM keys.
+ */
+public class AesGcmEncryptOptions extends EncryptOptions {
+    /**
+     * Creates an instance of {@link AesGcmEncryptOptions} with the given parameters.
+     *
+     * @param iv Initialization vector for the encryption operation.
+     * @param additionalAuthenticatedData Additional data to authenticate but not encrypt/decrypt when using
+     * authenticated crypto algorithms.
+     */
+    public AesGcmEncryptOptions(byte[] iv, byte[] additionalAuthenticatedData) {
+        super(iv, additionalAuthenticatedData);
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw.java
index f8664111c848e..e7fe66a1be746 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw.java
@@ -134,7 +134,7 @@ public ICryptoTransform createEncryptor(byte[] key, byte[] iv, Provider provider
 
         if (iv != null) {
             // iv length must be 64 bits
-            if (iv.length != 8) {
+            if (iv.length != BLOCK_SIZE_IN_BITS >> 3) {
                 throw logger.logExceptionAsError(new IllegalArgumentException(String.format(
                     "iv length must be %s bits", BLOCK_SIZE_IN_BITS)));
             }
@@ -188,7 +188,7 @@ public ICryptoTransform createDecryptor(byte[] key, byte[] iv, Provider provider
 
         if (iv != null) {
             // iv length must be 64 bits
-            if (iv.length != 8) {
+            if (iv.length != BLOCK_SIZE_IN_BITS >> 3) {
                 throw logger.logExceptionAsError(new IllegalArgumentException(String.format(
                     "iv length must be %s bits", BLOCK_SIZE_IN_BITS)));
             }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
index 7cd3b967f1aeb..decd00b92ecf5 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
@@ -196,7 +196,7 @@ Mono<JsonWebKey> getSecretKey() {
      * portion of the key is used for encryption. This operation requires the keys/encrypt permission.
      *
      * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for encrypting the
-     * specified {@code plaintext}. Possible values for assymetric keys include:
+     * specified {@code plaintext}. Possible values for asymmetric keys include:
      * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
      * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
      *
@@ -233,7 +233,7 @@ public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainte
      * portion of the key is used for encryption. This operation requires the keys/encrypt permission.
      *
      * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for encrypting the
-     * specified {@code plaintext}. Possible values for assymetric keys include:
+     * specified {@code plaintext}. Possible values for asymmetric keys include:
      * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
      * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
      *
@@ -248,7 +248,7 @@ public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainte
      * <p><strong>Code Samples</strong></p>
      * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
      * a response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-CryptographyOptions}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions}
      *
      * @param algorithm The algorithm to be used for encryption.
      * @param plaintext The content to be encrypted.
@@ -260,7 +260,7 @@ public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainte
      * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
-    public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options) {
+    public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options) {
         try {
             return withContext(context -> encrypt(algorithm, plaintext, options, context));
         } catch (RuntimeException ex) {
@@ -269,7 +269,7 @@ public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainte
     }
 
 
-    Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options,
+    Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options,
                                 Context context) {
         Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null.");
         Objects.requireNonNull(plaintext, "Plain text content to be encrypted cannot be null.");
@@ -295,7 +295,7 @@ Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Cry
      * keys/decrypt permission.
      *
      * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for decrypting the
-     * specified encrypted content. Possible values for assymetric keys include:
+     * specified encrypted content. Possible values for asymmetric keys include:
      * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and {@link
      * EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
      *
@@ -331,7 +331,7 @@ public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherT
      * keys/decrypt permission.
      *
      * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for decrypting the
-     * specified encrypted content. Possible values for assymetric keys include:
+     * specified encrypted content. Possible values for asymmetric keys include:
      * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and {@link
      * EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
      *
@@ -346,7 +346,7 @@ public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherT
      * <p><strong>Code Samples</strong></p>
      * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
      * details when a response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-CryptographyOptions}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions}
      *
      * @param algorithm The algorithm to be used for decryption.
      * @param cipherText The content to be decrypted.
@@ -357,7 +357,7 @@ public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherT
      * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
-    public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options) {
+    public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options) {
         try {
             return withContext(context -> decrypt(algorithm, cipherText, options, context));
         } catch (RuntimeException ex) {
@@ -365,7 +365,7 @@ public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherT
         }
     }
 
-    Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options,
+    Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options,
                                 Context context) {
         Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null.");
         Objects.requireNonNull(cipherText, "Cipher text content to be decrypted cannot be null.");
@@ -513,51 +513,20 @@ Mono<VerifyResult> verify(SignatureAlgorithm algorithm, byte[] digest, byte[] si
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key) {
-        return wrapKey(algorithm, key, null);
-    }
-
-    /**
-     * Wraps a symmetric key using the configured key. The wrap operation supports wrapping a symmetric key with both
-     * symmetric and asymmetric keys. This operation requires the keys/wrapKey permission.
-     *
-     * <p>The {@link KeyWrapAlgorithm wrap algorithm} indicates the type of algorithm to use for wrapping the specified
-     * key content. Possible values include:
-     * {@link KeyWrapAlgorithm#RSA1_5 RSA1_5}, {@link KeyWrapAlgorithm#RSA_OAEP RSA_OAEP} and {@link
-     * KeyWrapAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
-     *
-     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128KW A128KW},
-     * {@link EncryptionAlgorithm#A192KW A192KW} and {@link EncryptionAlgorithm#A256KW A256KW}.</p>
-     *
-     * <p><strong>Code Samples</strong></p>
-     * <p>Wraps the key content. Subscribes to the call asynchronously and prints out the wrapped key details when a
-     * response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.wrapKey#KeyWrapAlgorithm-byte-CryptographyOptions}
-     *
-     * @param algorithm The encryption algorithm to use for wrapping the key.
-     * @param key The key content to be wrapped.
-     * @param options Optional parameters for the wrap operation.
-     * @return A {@link Mono} containing a {@link WrapResult} whose {@link WrapResult#getEncryptedKey() encrypted key}
-     * contains the wrapped key result.
-     * @throws ResourceNotFoundException If the key cannot be found for wrap operation.
-     * @throws UnsupportedOperationException If the wrap operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code key} are {@code null}.
-     */
-    @ServiceMethod(returns = ReturnType.SINGLE)
-    public Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options) {
         try {
-            return withContext(context -> wrapKey(algorithm, key, options, context));
+            return withContext(context -> wrapKey(algorithm, key, context));
         } catch (RuntimeException ex) {
             return monoError(logger, ex);
         }
     }
 
-    Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options, Context context) {
+    Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, Context context) {
         Objects.requireNonNull(algorithm, "Key Wrap algorithm cannot be null.");
         Objects.requireNonNull(key, "Key content to be wrapped cannot be null.");
 
         return ensureValidKeyAvailable().flatMap(available -> {
             if (!available) {
-                return cryptographyServiceClient.wrapKey(algorithm, key, options, context);
+                return cryptographyServiceClient.wrapKey(algorithm, key, context);
             }
 
             if (!checkKeyPermissions(this.key.getKeyOps(), KeyOperation.WRAP_KEY)) {
@@ -565,7 +534,7 @@ Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOpt
                     "Wrap Key Operation is not allowed for key with id %s", this.key.getId()))));
             }
 
-            return localKeyCryptographyClient.wrapKeyAsync(algorithm, key, options, context, this.key);
+            return localKeyCryptographyClient.wrapKeyAsync(algorithm, key, context, this.key);
         });
     }
 
@@ -596,52 +565,20 @@ Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOpt
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey) {
-        return unwrapKey(algorithm, encryptedKey, null);
-    }
-
-    /**
-     * Unwraps a symmetric key using the configured key that was initially used for wrapping that key. This operation is
-     * the reverse of the wrap operation. The unwrap operation supports asymmetric and symmetric keys to unwrap. This
-     * operation requires the keys/unwrapKey permission.
-     *
-     * <p>The {@link KeyWrapAlgorithm wrap algorithm} indicates the type of algorithm to use for unwrapping the
-     * specified encrypted key content. Possible values for asymmetric keys include:
-     * {@link KeyWrapAlgorithm#RSA1_5 RSA1_5}, {@link KeyWrapAlgorithm#RSA_OAEP RSA_OAEP} and {@link
-     * KeyWrapAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
-     *
-     * Possible values for symmetric keys include: {@link KeyWrapAlgorithm#A128KW A128KW},
-     * {@link KeyWrapAlgorithm#A192KW A192KW} and {@link KeyWrapAlgorithm#A256KW A256KW}.</p>
-     *
-     * <p><strong>Code Samples</strong></p>
-     * <p>Unwraps the key content. Subscribes to the call asynchronously and prints out the unwrapped key details when a
-     * response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.unwrapKey#KeyWrapAlgorithm-byte-CryptographyOptions}
-     *
-     * @param algorithm The encryption algorithm to use for wrapping the key.
-     * @param encryptedKey The encrypted key content to unwrap.
-     * @param options Optional parameters for the unwrap operation.
-     * @return A {@link Mono} containing a the unwrapped key content.
-     * @throws ResourceNotFoundException If the key cannot be found for wrap operation.
-     * @throws UnsupportedOperationException If the unwrap operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code encryptedKey} are {@code null}.
-     */
-    @ServiceMethod(returns = ReturnType.SINGLE)
-    public Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CryptographyOptions options) {
         try {
-            return withContext(context -> unwrapKey(algorithm, encryptedKey, options, context));
+            return withContext(context -> unwrapKey(algorithm, encryptedKey, context));
         } catch (RuntimeException ex) {
             return monoError(logger, ex);
         }
     }
 
-    Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CryptographyOptions options,
-                                 Context context) {
+    Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, Context context) {
         Objects.requireNonNull(algorithm, "Key Wrap algorithm cannot be null.");
         Objects.requireNonNull(encryptedKey, "Encrypted key content to be unwrapped cannot be null.");
 
         return ensureValidKeyAvailable().flatMap(available -> {
             if (!available) {
-                return cryptographyServiceClient.unwrapKey(algorithm, encryptedKey, options, context);
+                return cryptographyServiceClient.unwrapKey(algorithm, encryptedKey, context);
             }
 
             if (!checkKeyPermissions(this.key.getKeyOps(), KeyOperation.UNWRAP_KEY)) {
@@ -649,7 +586,7 @@ Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, Cr
                     "Unwrap Key Operation is not allowed for key with id %s", this.key.getId()))));
             }
 
-            return localKeyCryptographyClient.unwrapKeyAsync(algorithm, encryptedKey, options, context, key);
+            return localKeyCryptographyClient.unwrapKeyAsync(algorithm, encryptedKey, context, key);
         });
     }
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
index cd384f7021d40..b971a9fcf73a8 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
@@ -172,7 +172,7 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
      * <p><strong>Code Samples</strong></p>
      * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
      * a response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-CryptographyOptions-Context}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions-Context}
      *
      * @param algorithm The algorithm to be used for encryption.
      * @param plaintext The content to be encrypted.
@@ -184,7 +184,7 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
      * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
      * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
      */
-    public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options,
+    public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options,
                                  Context context) {
         return client.encrypt(algorithm, plaintext, options, context).block();
     }
@@ -282,7 +282,7 @@ public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
      * <p><strong>Code Samples</strong></p>
      * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
      * details when a response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-CryptographyOptions-Context}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions-Context}
      *
      * @param algorithm The algorithm to be used for decryption.
      * @param cipherText The content to be decrypted.
@@ -293,7 +293,7 @@ public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
      * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
      * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
-    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options,
+    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options,
                                  Context context) {
         return client.decrypt(algorithm, cipherText, options, context).block();
     }
@@ -474,38 +474,7 @@ public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key) {
      * @throws NullPointerException If {@code algorithm} or {@code key} are {@code null}.
      */
     public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key, Context context) {
-        return wrapKey(algorithm, key, null, context);
-    }
-
-    /**
-     * Wraps a symmetric key using the configured key. The wrap operation supports wrapping a symmetric key with both
-     * symmetric and asymmetric keys. This operation requires the keys/wrapKey permission.
-     *
-     * <p>The {@link KeyWrapAlgorithm wrap algorithm} indicates the type of algorithm to use for wrapping the specified
-     * key content. Possible values for asymmetric keys include:
-     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
-     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
-     *
-     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128KW A128KW},
-     * {@link EncryptionAlgorithm#A192KW A192KW} and {@link EncryptionAlgorithm#A256KW A256KW}.</p>
-     *
-     * <p><strong>Code Samples</strong></p>
-     * <p>Wraps the key content. Subscribes to the call asynchronously and prints out the wrapped key details when a
-     * response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.wrapKey#KeyWrapAlgorithm-byte-CryptographyOptions-Context}
-     *
-     * @param algorithm The encryption algorithm to use for wrapping the key.
-     * @param key The key content to be wrapped.
-     * @param options Optional parameters for the wrap operation.
-     * @param context Additional context that is passed through the Http pipeline during the service call.
-     * @return The {@link WrapResult} whose {@link WrapResult#getEncryptedKey() encrypted key} contains the wrapped
-     * key result.
-     * @throws ResourceNotFoundException If the key cannot be found for encryption.
-     * @throws UnsupportedOperationException If the wrap operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code key} are {@code null}.
-     */
-    public WrapResult wrapKey(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options, Context context) {
-        return client.wrapKey(algorithm, key, options, context).block();
+        return client.wrapKey(algorithm, key, context).block();
     }
 
     /**
@@ -564,39 +533,7 @@ public UnwrapResult unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey) {
      * @throws NullPointerException If {@code algorithm} or {@code encryptedKey} are {@code null}.
      */
     public UnwrapResult unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, Context context) {
-        return unwrapKey(algorithm, encryptedKey, null, context);
-    }
-
-    /**
-     * Unwraps a symmetric key using the configured key that was initially used for wrapping that key. This operation is
-     * the reverse of the wrap operation. The unwrap operation supports asymmetric and symmetric keys to unwrap. This
-     * operation requires the keys/unwrapKey permission.
-     *
-     * <p>The {@link KeyWrapAlgorithm wrap algorithm} indicates the type of algorithm to use for wrapping the specified
-     * key content. Possible values for asymmetric keys include:
-     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
-     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
-     *
-     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128KW A128KW},
-     * {@link EncryptionAlgorithm#A192KW A192KW} and {@link EncryptionAlgorithm#A256KW A256KW}.</p>
-     *
-     * <p><strong>Code Samples</strong></p>
-     * <p>Unwraps the key content. Subscribes to the call asynchronously and prints out the unwrapped key details when a
-     * response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.unwrapKey#KeyWrapAlgorithm-byte-CryptographyOptions-Context}
-     *
-     * @param algorithm The encryption algorithm to use for wrapping the key.
-     * @param encryptedKey The encrypted key content to unwrap.
-     * @param options Optional parameters for the unwrap operation.
-     * @param context Additional context that is passed through the Http pipeline during the service call.
-     * @return The unwrapped key content.
-     * @throws ResourceNotFoundException If the key cannot be found for wrap operation.
-     * @throws UnsupportedOperationException If the unwrap operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code encryptedKey} are {@code null}.
-     */
-    public UnwrapResult unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CryptographyOptions options,
-                                  Context context) {
-        return client.unwrapKey(algorithm, encryptedKey, options, context).block();
+        return client.unwrapKey(algorithm, encryptedKey, context).block();
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyOptions.java
deleted file mode 100644
index ac01cae50a7dd..0000000000000
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyOptions.java
+++ /dev/null
@@ -1,77 +0,0 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License.
-
-package com.azure.security.keyvault.keys.cryptography;
-
-import com.azure.core.annotation.Fluent;
-import com.fasterxml.jackson.annotation.JsonProperty;
-
-/**
- * Represents optional parameters for cryptographic operations.
- */
-@Fluent
-public class CryptographyOptions {
-    /**
-     * Initialization vector for symmetric algorithms.
-     */
-    @JsonProperty(value = "iv")
-    private final byte[] initializationVector;
-
-    /**
-     * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
-     */
-    @JsonProperty(value = "aad")
-    private final byte[] additionalAuthenticatedData;
-
-    /**
-     * The tag to authenticate when performing decryption with an authenticated algorithm.
-     */
-    @JsonProperty(value = "tag")
-    private final byte[] tag;
-
-    /**
-     * Creates an instance of {@link CryptographyOptions} with the given parameters.
-     *
-     * @param initializationVector Initialization vector for symmetric algorithms.
-     * @param additionalAuthenticatedData Additional data to authenticate but not encrypt/decrypt when using
-     * authenticated crypto algorithms.
-     * @param tag The tag to authenticate when performing decryption with an authenticated algorithm.
-     */
-    public CryptographyOptions(byte[] initializationVector, byte[] additionalAuthenticatedData, byte[] tag) {
-        this.initializationVector = new byte[initializationVector.length];
-        this.additionalAuthenticatedData = new byte[additionalAuthenticatedData.length];
-        this.tag = new byte[tag.length];
-
-        System.arraycopy(initializationVector, 0, this.initializationVector, 0, initializationVector.length);
-        System.arraycopy(additionalAuthenticatedData, 0, this.additionalAuthenticatedData, 0,
-            additionalAuthenticatedData.length);
-        System.arraycopy(tag, 0, this.tag, 0, tag.length);
-    }
-
-    /**
-     * Get the initialization vector to be used in the cryptographic operation using a symmetric algorithm.
-     *
-     * @return The initialization vector.
-     */
-    public byte[] getInitializationVector() {
-        return initializationVector.clone();
-    }
-
-    /**
-     * Get additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
-     *
-     * @return The additional authenticated data.
-     */
-    public byte[] getAdditionalAuthenticatedData() {
-        return additionalAuthenticatedData.clone();
-    }
-
-    /**
-     * Get the tag to authenticate when performing decryption with an authenticated algorithm.
-     *
-     * @return The tag.
-     */
-    public byte[] getTag() {
-        return tag.clone();
-    }
-}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
index aaf2c8ab3213c..2fe89007c5c59 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
@@ -125,20 +125,20 @@ JsonWebKey transformSecretKey(SecretKey secretKey) throws JsonProcessingExceptio
         return mapper.readValue(jsonString, JsonWebKey.class);
     }
 
-    Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options,
+    Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options,
                                 Context context) {
-        byte[] initializationVector = null;
+        byte[] iv = null;
         byte[] authenticatedData = null;
 
         if (options != null) {
-            initializationVector = options.getInitializationVector();
+            iv = options.getIv();
             authenticatedData = options.getAdditionalAuthenticatedData();
         }
 
         KeyOperationParameters parameters = new KeyOperationParameters()
             .setAlgorithm(algorithm)
             .setValue(plaintext)
-            .setInitializationVector(initializationVector)
+            .setIv(iv)
             .setAdditionalAuthenticatedData(authenticatedData);
         context = context == null ? Context.NONE : context;
 
@@ -153,24 +153,24 @@ Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Cry
                 Mono.just(new EncryptResult(keyOperationResultResponse.getValue().getResult(), algorithm, keyId)));
     }
 
-    Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options,
+    Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options,
                                 Context context) {
-        byte[] initializationVector = null;
-        byte[] authenticatedData = null;
-        byte[] tag = null;
+        byte[] iv = null;
+        byte[] additionalAuthenticatedData = null;
+        byte[] authenticationTag = null;
 
         if (options != null) {
-            initializationVector = options.getInitializationVector();
-            authenticatedData = options.getAdditionalAuthenticatedData();
-            tag = options.getTag();
+            iv = options.getIv();
+            additionalAuthenticatedData = options.getAdditionalAuthenticatedData();
+            authenticationTag = options.getAuthenticationTag();
         }
 
         KeyOperationParameters parameters = new KeyOperationParameters()
             .setAlgorithm(algorithm)
             .setValue(cipherText)
-            .setInitializationVector(initializationVector)
-            .setAdditionalAuthenticatedData(authenticatedData)
-            .setTag(tag);
+            .setIv(iv)
+            .setAdditionalAuthenticatedData(additionalAuthenticatedData)
+            .setAuthenticationTag(authenticationTag);
         context = context == null ? Context.NONE : context;
 
         return service.decrypt(vaultUrl, keyName, version, apiVersion, ACCEPT_LANGUAGE, parameters,
@@ -212,20 +212,10 @@ Mono<VerifyResult> verify(SignatureAlgorithm algorithm, byte[] digest, byte[] si
                 Mono.just(new VerifyResult(response.getValue().getValue(), algorithm, keyId)));
     }
 
-    Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options, Context context) {
-        byte[] initializationVector = null;
-        byte[] authenticatedData = null;
-
-        if (options != null) {
-            initializationVector = options.getInitializationVector();
-            authenticatedData = options.getAdditionalAuthenticatedData();
-        }
-
+    Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, Context context) {
         KeyWrapUnwrapRequest parameters = new KeyWrapUnwrapRequest()
             .setAlgorithm(algorithm)
-            .setValue(key)
-            .setInitializationVector(initializationVector)
-            .setAdditionalAuthenticatedData(authenticatedData);
+            .setValue(key);
         context = context == null ? Context.NONE : context;
 
         return service.wrapKey(vaultUrl, keyName, version, apiVersion, ACCEPT_LANGUAGE, parameters,
@@ -239,21 +229,11 @@ Mono<WrapResult> wrapKey(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOpt
                 Mono.just(new WrapResult(keyOperationResultResponse.getValue().getResult(), algorithm, keyId)));
     }
 
-    Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CryptographyOptions options,
-                                 Context context) {
-        byte[] initializationVector = null;
-        byte[] authenticatedData = null;
-
-        if (options != null) {
-            initializationVector = options.getInitializationVector();
-            authenticatedData = options.getAdditionalAuthenticatedData();
-        }
+    Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, Context context) {
 
         KeyWrapUnwrapRequest parameters = new KeyWrapUnwrapRequest()
             .setAlgorithm(algorithm)
-            .setValue(encryptedKey)
-            .setInitializationVector(initializationVector)
-            .setAdditionalAuthenticatedData(authenticatedData);
+            .setValue(encryptedKey);
         context = context == null ? Context.NONE : context;
 
         return service.unwrapKey(vaultUrl, keyName, version, apiVersion, ACCEPT_LANGUAGE, parameters,
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
new file mode 100644
index 0000000000000..216c3d37269f0
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
@@ -0,0 +1,100 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+/**
+ * A class containing various configuration parameters that can be applied when performing decryption operations.
+ */
+public class DecryptOptions {
+    /**
+     * Initialization vector to be used in the decryption operation using a symmetric algorithm.
+     */
+    @JsonProperty(value = "iv")
+    private final byte[] iv;
+
+    /**
+     * Get additional data to authenticate when performing decryption with an authenticated algorithm.
+     */
+    @JsonProperty(value = "aad")
+    private final byte[] additionalAuthenticatedData;
+
+    /**
+     * The tag to authenticate when performing decryption with an authenticated algorithm.
+     */
+    @JsonProperty(value = "tag")
+    private final byte[] authenticationTag;
+
+    /**
+     * Creates an instance of {@link DecryptOptions} with the given parameters.
+     *
+     * @param iv Initialization vector for symmetric algorithms.
+     * @param additionalAuthenticatedData Additional data to authenticate but not encrypt/decrypt when using
+     * authenticated crypto algorithms.
+     * @param authenticationTag The tag to authenticate when performing decryption with an authenticated algorithm.
+     */
+    public DecryptOptions(byte[] iv, byte[] additionalAuthenticatedData, byte[] authenticationTag) {
+        if (iv == null) {
+            this.iv = null;
+        } else {
+            this.iv = new byte[iv.length];
+            System.arraycopy(iv, 0, this.iv, 0, iv.length);
+        }
+
+        if (additionalAuthenticatedData == null) {
+            this.additionalAuthenticatedData = null;
+        } else {
+            this.additionalAuthenticatedData = new byte[additionalAuthenticatedData.length];
+            System.arraycopy(additionalAuthenticatedData, 0, this.additionalAuthenticatedData, 0,
+                additionalAuthenticatedData.length);
+        }
+
+        if (authenticationTag == null) {
+            this.authenticationTag = null;
+        } else {
+            this.authenticationTag = new byte[authenticationTag.length];
+            System.arraycopy(authenticationTag, 0, this.authenticationTag, 0, authenticationTag.length);
+        }
+    }
+
+    /**
+     * Get the initialization vector to be used in the decryption operation using a symmetric algorithm.
+     *
+     * @return The initialization vector.
+     */
+    public byte[] getIv() {
+        if (iv == null) {
+            return null;
+        } else {
+            return iv.clone();
+        }
+    }
+
+    /**
+     * Get additional data to authenticate when performing decryption with an authenticated algorithm.
+     *
+     * @return The additional authenticated data.
+     */
+    public byte[] getAdditionalAuthenticatedData() {
+        if (additionalAuthenticatedData == null) {
+            return null;
+        } else {
+            return additionalAuthenticatedData.clone();
+        }
+    }
+
+    /**
+     * Get the tag to authenticate when performing decryption with an authenticated algorithm.
+     *
+     * @return The authentication tag.
+     */
+    public byte[] getAuthenticationTag() {
+        if (authenticationTag == null) {
+            return null;
+        } else {
+            return authenticationTag.clone();
+        }
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java
index db54c1ec93dda..161792f7cabc4 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java
@@ -56,14 +56,14 @@ private KeyPair getKeyPair(JsonWebKey key) {
     }
 
     @Override
-    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options,
+    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options,
                                      Context context, JsonWebKey key) {
         throw logger.logExceptionAsError(new UnsupportedOperationException(
             "Encrypt operation is not supported for EC key"));
     }
 
     @Override
-    Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options,
+    Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options,
                                      Context context, JsonWebKey key) {
         throw logger.logExceptionAsError(new UnsupportedOperationException(
             "Decrypt operation is not supported for EC key"));
@@ -152,14 +152,13 @@ Mono<VerifyResult> verifyAsync(SignatureAlgorithm algorithm, byte[] digest, byte
     }
 
     @Override
-    Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options, Context context,
-                                  JsonWebKey webKey) {
+    Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Context context, JsonWebKey webKey) {
         return Mono.error(new UnsupportedOperationException("Wrap key operation is not supported for EC key"));
     }
 
     @Override
-    Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CryptographyOptions options,
-                                      Context context, JsonWebKey key) {
+    Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, Context context,
+                                      JsonWebKey key) {
         throw logger.logExceptionAsError(new UnsupportedOperationException(
             "Unwrap key operation is not supported for Ec key"));
     }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
new file mode 100644
index 0000000000000..b9e53bb4c77c1
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
@@ -0,0 +1,73 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+/**
+ * A class containing various configuration parameters that can be applied when performing encryption operations.
+ */
+public class EncryptOptions {
+    /**
+     * Initialization vector to be used in the encryption operation using a symmetric algorithm.
+     */
+    @JsonProperty(value = "iv")
+    private final byte[] iv;
+
+    /**
+     * Get additional data to authenticate when performing encryption with an authenticated algorithm.
+     */
+    @JsonProperty(value = "aad")
+    private final byte[] additionalAuthenticatedData;
+
+    /**
+     * Creates an instance of {@link EncryptOptions} with the given parameters.
+     *
+     * @param iv Initialization vector for symmetric algorithms.
+     * @param additionalAuthenticatedData Additional data to authenticate but not encrypt/decrypt when using
+     * authenticated crypto algorithms.
+     */
+    public EncryptOptions(byte[] iv, byte[] additionalAuthenticatedData) {
+        if (iv == null) {
+            this.iv = null;
+        } else {
+            this.iv = new byte[iv.length];
+            System.arraycopy(iv, 0, this.iv, 0, iv.length);
+        }
+
+        if (additionalAuthenticatedData == null) {
+            this.additionalAuthenticatedData = null;
+        } else {
+            this.additionalAuthenticatedData = new byte[additionalAuthenticatedData.length];
+            System.arraycopy(additionalAuthenticatedData, 0, this.additionalAuthenticatedData, 0,
+                additionalAuthenticatedData.length);
+        }
+    }
+
+    /**
+     * Get the initialization vector to be used in the decryption operation using a symmetric algorithm.
+     *
+     * @return The initialization vector.
+     */
+    public byte[] getIv() {
+        if (iv == null) {
+            return null;
+        } else {
+            return iv.clone();
+        }
+    }
+
+    /**
+     * Get additional data to authenticate when performing decryption with an authenticated algorithm.
+     *
+     * @return The additional authenticated data.
+     */
+    public byte[] getAdditionalAuthenticatedData() {
+        if (additionalAuthenticatedData == null) {
+            return null;
+        } else {
+            return additionalAuthenticatedData.clone();
+        }
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyOperationParameters.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyOperationParameters.java
index bf4ae912ccb79..ddc794985cd1f 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyOperationParameters.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyOperationParameters.java
@@ -28,7 +28,7 @@ class KeyOperationParameters {
      * Initialization vector for symmetric algorithms.
      */
     @JsonProperty(value = "iv")
-    private byte[] initializationVector;
+    private byte[] iv;
 
     /**
      * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
@@ -40,7 +40,7 @@ class KeyOperationParameters {
      * The tag to authenticate when performing decryption with an authenticated algorithm.
      */
     @JsonProperty(value = "tag")
-    private byte[] tag;
+    private byte[] authenticationTag;
 
     /**
      * Get the algorithm value.
@@ -94,18 +94,18 @@ public KeyOperationParameters setValue(byte[] value) {
      *
      * @return The initialization vector.
      */
-    public byte[] getInitializationVector() {
-        return initializationVector;
+    public byte[] getIv() {
+        return iv;
     }
 
     /**
      * Set the initialization vector to be used in the cryptographic operation using a symmetric algorithm.
      *
-     * @param initializationVector The initialization vector to set.
+     * @param iv The initialization vector to set.
      * @return The updated {@link KeyOperationParameters} object.
      */
-    public KeyOperationParameters setInitializationVector(byte[] initializationVector) {
-        this.initializationVector = initializationVector;
+    public KeyOperationParameters setIv(byte[] iv) {
+        this.iv = iv;
         return this;
     }
 
@@ -132,20 +132,20 @@ public KeyOperationParameters setAdditionalAuthenticatedData(byte[] additionalAu
     /**
      * Get the tag to authenticate when performing decryption with an authenticated algorithm.
      *
-     * @return The tag.
+     * @return The authentication tag.
      */
-    public byte[] getTag() {
-        return tag;
+    public byte[] getAuthenticationTag() {
+        return authenticationTag;
     }
 
     /**
      * Set the tag to authenticate when performing decryption with an authenticated algorithm.
      *
-     * @param tag The tag to set.
+     * @param authenticationTag The tag to set.
      * @return The updated {@link KeyOperationParameters} object.
      */
-    public KeyOperationParameters setTag(byte[] tag) {
-        this.tag = tag;
+    public KeyOperationParameters setAuthenticationTag(byte[] authenticationTag) {
+        this.authenticationTag = authenticationTag;
         return this;
     }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyWrapUnwrapRequest.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyWrapUnwrapRequest.java
index 54ddc13ef86a2..d1045cfdf3a4a 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyWrapUnwrapRequest.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/KeyWrapUnwrapRequest.java
@@ -24,24 +24,6 @@ class KeyWrapUnwrapRequest {
     @JsonProperty(value = "value", required = true)
     private Base64Url value;
 
-    /**
-     * Initialization vector for symmetric algorithms.
-     */
-    @JsonProperty(value = "iv")
-    private byte[] initializationVector;
-
-    /**
-     * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
-     */
-    @JsonProperty(value = "aad")
-    private byte[] additionalAuthenticatedData;
-
-    /**
-     * The tag to authenticate when performing decryption with an authenticated algorithm.
-     */
-    @JsonProperty(value = "tag")
-    private byte[] tag;
-
     /**
      * Get the algorithm value.
      *
@@ -88,64 +70,4 @@ public KeyWrapUnwrapRequest setValue(byte[] value) {
         }
         return this;
     }
-
-    /**
-     * Get the initialization vector to be used in the cryptographic operation using a symmetric algorithm.
-     *
-     * @return The initialization vector.
-     */
-    public byte[] getInitializationVector() {
-        return initializationVector;
-    }
-
-    /**
-     * Set the initialization vector to be used in the cryptographic operation using a symmetric algorithm.
-     *
-     * @param initializationVector The initialization vector to set.
-     * @return The updated {@link KeyWrapUnwrapRequest} object.
-     */
-    public KeyWrapUnwrapRequest setInitializationVector(byte[] initializationVector) {
-        this.initializationVector = initializationVector;
-        return this;
-    }
-
-    /**
-     * Get additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
-     *
-     * @return The additional authenticated data.
-     */
-    public byte[] getAdditionalAuthenticatedData() {
-        return additionalAuthenticatedData;
-    }
-
-    /**
-     * Set additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
-     *
-     * @param additionalAuthenticatedData The additional authenticated data.
-     * @return The updated {@link KeyWrapUnwrapRequest} object.
-     */
-    public KeyWrapUnwrapRequest setAdditionalAuthenticatedData(byte[] additionalAuthenticatedData) {
-        this.additionalAuthenticatedData = additionalAuthenticatedData;
-        return this;
-    }
-
-    /**
-     * Get the tag to authenticate when performing decryption with an authenticated algorithm.
-     *
-     * @return The tag.
-     */
-    public byte[] getTag() {
-        return tag;
-    }
-
-    /**
-     * Set the tag to authenticate when performing decryption with an authenticated algorithm.
-     *
-     * @param tag The tag to set.
-     * @return The updated {@link KeyWrapUnwrapRequest} object.
-     */
-    public KeyWrapUnwrapRequest setTag(byte[] tag) {
-        this.tag = tag;
-        return this;
-    }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
index eed5f8cf74da5..cafa9442e33b6 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
@@ -48,8 +48,17 @@ Mono<String> getKeyId() {
      * portion of the key is used for encryption. This operation requires the keys/encrypt permission.
      *
      * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for encrypting the
-     * specified {@code plaintext}. Possible values for assymetric keys include:
-     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5} and {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP}. </p>
+     * specified {@code plaintext}. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
+     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
      *
      * <p><strong>Code Samples</strong></p>
      * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
@@ -67,6 +76,41 @@ public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainte
         return cryptographyAsyncClient.encrypt(algorithm, plaintext);
     }
 
+    /**
+     * Encrypts an arbitrary sequence of bytes using the configured key. Note that the encrypt operation only supports a
+     * single block of data, the size of which is dependent on the target key and the encryption algorithm to be used.
+     * The encrypt operation is supported for both symmetric keys and asymmetric keys. In case of asymmetric keys public
+     * portion of the key is used for encryption. This operation requires the keys/encrypt permission.
+     *
+     * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for encrypting the
+     * specified {@code plaintext}. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
+     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
+     *
+     * <p><strong>Code Samples</strong></p>
+     * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
+     * a response has been received.</p>
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions}
+     *
+     * @param algorithm The algorithm to be used for encryption.
+     * @param options Optional parameters for the encryption operation.
+     * @param plaintext The content to be encrypted.
+     * @return A {@link Mono} containing a {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text}
+     * contains the encrypted content.
+     * @throws UnsupportedOperationException if the encrypt operation is not supported or configured on the key.
+     * @throws NullPointerException if {@code algorithm} or  {@code plainText} is null.
+     */
+    public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options) {
+        return cryptographyAsyncClient.encrypt(algorithm, plaintext, options);
+    }
 
     /**
      * Decrypts a single block of encrypted data using the configured key and specified algorithm. Note that only a
@@ -75,8 +119,17 @@ public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainte
      * keys/decrypt permission.
      *
      * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for decrypting the
-     * specified encrypted content. Possible values for assymetric keys include:
-     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5} and {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP}.</p>
+     * specified encrypted content. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and {@link
+     * EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
      *
      * <p><strong>Code Samples</strong></p>
      * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
@@ -93,6 +146,41 @@ public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherT
         return cryptographyAsyncClient.decrypt(algorithm, cipherText);
     }
 
+    /**
+     * Decrypts a single block of encrypted data using the configured key and specified algorithm. Note that only a
+     * single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to
+     * be used. The decrypt operation is supported for both asymmetric and symmetric keys. This operation requires the
+     * keys/decrypt permission.
+     *
+     * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for decrypting the
+     * specified encrypted content. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and {@link
+     * EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
+     *
+     * <p><strong>Code Samples</strong></p>
+     * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
+     * details when a response has been received.</p>
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions}
+     *
+     * @param algorithm The algorithm to be used for decryption.
+     * @param options Optional parameters for the decryption operation.
+     * @param cipherText The content to be decrypted.
+     * @return A {@link Mono} containing the decrypted blob.
+     * @throws UnsupportedOperationException if the decrypt operation is not supported or configured on the key.
+     * @throws NullPointerException if {@code algorithm} or {@code cipherText} is null.
+     */
+    public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options) {
+        return cryptographyAsyncClient.decrypt(algorithm, cipherText, options);
+    }
+
 
     /**
      * Creates a signature from a digest using the configured key. The sign operation supports both asymmetric and
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
index 3a94bf613899b..9f4d4466e51dc 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
@@ -44,9 +44,17 @@ public class LocalCryptographyClient {
      * portion of the key is used for encryption. This operation requires the keys/encrypt permission.
      *
      * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for decrypting the
-     * specified encrypted content. Possible values
-     * for assymetric keys include: {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP
-     * RSA_OAEP}. </p>
+     * specified encrypted content. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
+     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
      *
      * <p><strong>Code Samples</strong></p>
      * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
@@ -64,6 +72,42 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
         return client.encrypt(algorithm, plaintext).block();
     }
 
+    /**
+     * Encrypts an arbitrary sequence of bytes using the configured key. Note that the encrypt operation only supports a
+     * single block of data, the size of which is dependent on the target key and the encryption algorithm to be used.
+     * The encrypt operation is supported for both symmetric keys and asymmetric keys. In case of asymmetric keys public
+     * portion of the key is used for encryption. This operation requires the keys/encrypt permission.
+     *
+     * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for decrypting the
+     * specified encrypted content. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
+     * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
+     *
+     * <p><strong>Code Samples</strong></p>
+     * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
+     * a response has been received.</p>
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions}
+     *
+     * @param algorithm The algorithm to be used for encryption.
+     * @param options Optional parameters for the encryption operation.
+     * @param plaintext The content to be encrypted.
+     * @return The {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text} contains the encrypted
+     *     content.
+     * @throws UnsupportedOperationException if the encrypt operation is not supported or configured on the key.
+     * @throws NullPointerException if {@code algorithm} or  {@code plainText} is null.
+     */
+    public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options) {
+        return client.encrypt(algorithm, plaintext, options).block();
+    }
+
     /**
      * Decrypts a single block of encrypted data using the configured key and specified algorithm. Note that only a
      * single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to
@@ -71,9 +115,17 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
      * keys/decrypt permission.
      *
      * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for decrypting the
-     * specified encrypted content. Possible values
-     * for assymetric keys include: {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP
-     * RSA_OAEP}.</p>
+     * specified encrypted content. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and {@link
+     * EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
      *
      * <p><strong>Code Samples</strong></p>
      * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
@@ -90,6 +142,41 @@ public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
         return client.decrypt(algorithm, cipherText).block();
     }
 
+    /**
+     * Decrypts a single block of encrypted data using the configured key and specified algorithm. Note that only a
+     * single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to
+     * be used. The decrypt operation is supported for both asymmetric and symmetric keys. This operation requires the
+     * keys/decrypt permission.
+     *
+     * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for decrypting the
+     * specified encrypted content. Possible values for asymmetric keys include:
+     * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and {@link
+     * EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
+     *
+     * Possible values for symmetric keys include: {@link EncryptionAlgorithm#A128CBC A128CBC},
+     * {@link EncryptionAlgorithm#A128CBCPAD A128CBCPAD}, {@link EncryptionAlgorithm#A128CBC_HS256 A128CBC-HS256},
+     * {@link EncryptionAlgorithm#A128GCM A128GCM}, {@link EncryptionAlgorithm#A192CBC A192CBC},
+     * {@link EncryptionAlgorithm#A192CBCPAD A192CBCPAD}, {@link EncryptionAlgorithm#A192CBC_HS384 A192CBC-HS384},
+     * {@link EncryptionAlgorithm#A192GCM A192GCM}, {@link EncryptionAlgorithm#A256CBC A256CBC},
+     * {@link EncryptionAlgorithm#A256CBCPAD A256CBPAD}, {@link EncryptionAlgorithm#A256CBC_HS512 A256CBC-HS512} and
+     * {@link EncryptionAlgorithm#A256GCM A256GCM}.</p>
+     *
+     * <p><strong>Code Samples</strong></p>
+     * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
+     * details when a response has been received.</p>
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions}
+     *
+     * @param algorithm The algorithm to be used for decryption.
+     * @param options Optional parameters for the decryption operation.
+     * @param cipherText The content to be decrypted.
+     * @return The decrypted blob.
+     * @throws UnsupportedOperationException if the decrypt operation is not supported or configured on the key.
+     * @throws NullPointerException if {@code algorithm} or {@code cipherText} is null.
+     */
+    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options) {
+        return client.decrypt(algorithm, cipherText, options).block();
+    }
+
     /**
      * Creates a signature from a digest using the configured key. The sign operation supports both asymmetric and
      * symmetric keys. This operation requires the keys/sign permission.
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java
index 90c1d5cc67992..4728c90a9a4df 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java
@@ -28,21 +28,21 @@ abstract class LocalKeyCryptographyClient {
     }
 
     abstract Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext,
-                                              CryptographyOptions options, Context context, JsonWebKey jsonWebKey);
+                                              EncryptOptions options, Context context, JsonWebKey jsonWebKey);
 
     abstract Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText,
-                                              CryptographyOptions options, Context context, JsonWebKey jsonWebKey);
+                                              DecryptOptions options, Context context, JsonWebKey jsonWebKey);
 
     abstract Mono<SignResult> signAsync(SignatureAlgorithm algorithm, byte[] digest, Context context, JsonWebKey key);
 
     abstract Mono<VerifyResult> verifyAsync(SignatureAlgorithm algorithm, byte[] digest, byte[] signature,
                                             Context context, JsonWebKey key);
 
-    abstract Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options,
-                                           Context context, JsonWebKey jsonWebKey);
+    abstract Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Context context,
+                                           JsonWebKey jsonWebKey);
 
-    abstract Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey,
-                                               CryptographyOptions options, Context context, JsonWebKey jsonWebKey);
+    abstract Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, Context context,
+                                               JsonWebKey jsonWebKey);
 
     abstract Mono<SignResult> signDataAsync(SignatureAlgorithm algorithm, byte[] data, Context context, JsonWebKey key);
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
index 8829f3ba6846e..3cd4a3ef0c504 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
@@ -52,7 +52,7 @@ private KeyPair getKeyPair(JsonWebKey key) {
     }
 
     @Override
-    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options,
+    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options,
                                      Context context, JsonWebKey jsonWebKey) {
         keyPair = getKeyPair(jsonWebKey);
 
@@ -93,7 +93,7 @@ Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext
     }
 
     @Override
-    Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options,
+    Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options,
                                      Context context, JsonWebKey jsonWebKey) {
         keyPair = getKeyPair(jsonWebKey);
 
@@ -154,15 +154,14 @@ Mono<VerifyResult> verifyAsync(SignatureAlgorithm algorithm, byte[] digest, byte
     }
 
     @Override
-    Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options, Context context,
-                                  JsonWebKey jsonWebKey) {
+    Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Context context, JsonWebKey jsonWebKey) {
         keyPair = getKeyPair(jsonWebKey);
 
         Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm.toString());
 
         if (baseAlgorithm == null) {
             if (serviceCryptoAvailable()) {
-                return serviceClient.wrapKey(algorithm, key, options, context);
+                return serviceClient.wrapKey(algorithm, key, context);
             }
             return Mono.error(new NoSuchAlgorithmException(algorithm.toString()));
         } else if (!(baseAlgorithm instanceof AsymmetricEncryptionAlgorithm)) {
@@ -171,7 +170,7 @@ Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Cryptograp
 
         if (keyPair.getPublic() == null) {
             if (serviceCryptoAvailable()) {
-                return serviceClient.wrapKey(algorithm, key, options, context);
+                return serviceClient.wrapKey(algorithm, key, context);
             }
             return Mono.error(new IllegalArgumentException(
                 "Public portion of the key not available to perform wrap key operation"));
@@ -194,8 +193,8 @@ Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Cryptograp
     }
 
     @Override
-    Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CryptographyOptions options,
-                                      Context context, JsonWebKey jsonWebKey) {
+    Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, Context context,
+                                      JsonWebKey jsonWebKey) {
         keyPair = getKeyPair(jsonWebKey);
 
         // Interpret the requested algorithm
@@ -203,7 +202,7 @@ Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKe
 
         if (baseAlgorithm == null) {
             if (serviceCryptoAvailable()) {
-                return serviceClient.unwrapKey(algorithm, encryptedKey, options, context);
+                return serviceClient.unwrapKey(algorithm, encryptedKey, context);
             }
             return Mono.error(new NoSuchAlgorithmException(algorithm.toString()));
         } else if (!(baseAlgorithm instanceof AsymmetricEncryptionAlgorithm)) {
@@ -212,7 +211,7 @@ Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKe
 
         if (keyPair.getPrivate() == null) {
             if (serviceCryptoAvailable()) {
-                return serviceClient.unwrapKey(algorithm, encryptedKey, options, context);
+                return serviceClient.unwrapKey(algorithm, encryptedKey, context);
             }
             return Mono.error(new IllegalArgumentException(
                 "Private portion of the key not available to perform unwrap operation"));
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
index adb887f5a90e0..e4454ac6280ae 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
@@ -18,6 +18,7 @@
 import reactor.core.publisher.Mono;
 
 import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 
 class SymmetricKeyCryptographyClient extends LocalKeyCryptographyClient {
     private final ClientLogger logger = new ClientLogger(SymmetricKeyCryptographyClient.class);
@@ -46,7 +47,7 @@ private byte[] getKey(JsonWebKey key) {
     }
 
     @Override
-    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, CryptographyOptions options,
+    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options,
                                      Context context, JsonWebKey jsonWebKey) {
         this.key = getKey(jsonWebKey);
 
@@ -66,15 +67,28 @@ Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext
         ICryptoTransform transform;
 
         byte[] iv = null;
-        byte[] authData = null;
+        byte[] additionalAuthenticatedData = null;
 
         if (options != null) {
-            iv = options.getInitializationVector();
-            authData = options.getAdditionalAuthenticatedData();
+            iv = options.getIv();
+            additionalAuthenticatedData = options.getAdditionalAuthenticatedData();
+        }
+
+        if (iv == null) {
+            if (algorithm == EncryptionAlgorithm.A128GCM || algorithm == EncryptionAlgorithm.A192GCM
+                || algorithm == EncryptionAlgorithm.A256GCM) {
+
+                iv = generateRandomIvForGcm();
+            } else if (algorithm == EncryptionAlgorithm.A128CBC || algorithm == EncryptionAlgorithm.A192CBC
+                || algorithm == EncryptionAlgorithm.A256CBC || algorithm == EncryptionAlgorithm.A128CBCPAD
+                || algorithm == EncryptionAlgorithm.A192CBCPAD || algorithm == EncryptionAlgorithm.A256CBCPAD) {
+
+                iv = generateRandomIvForCbc();
+            }
         }
 
         try {
-            transform = symmetricEncryptionAlgorithm.createEncryptor(this.key, iv, authData, null);
+            transform = symmetricEncryptionAlgorithm.createEncryptor(this.key, iv, additionalAuthenticatedData, null);
         } catch (Exception e) {
             return Mono.error(e);
         }
@@ -91,7 +105,7 @@ Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext
     }
 
     @Override
-    Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, CryptographyOptions options,
+    Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options,
                                      Context context, JsonWebKey jsonWebKey) {
         this.key = getKey(jsonWebKey);
 
@@ -111,17 +125,30 @@ Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherTex
         ICryptoTransform transform;
 
         byte[] iv = null;
-        byte[] authData = null;
-        byte[] tag = null;
+        byte[] additionalAuthenticatedData = null;
+        byte[] authenticationTag = null;
 
         if (options != null) {
-            iv = options.getInitializationVector();
-            authData = options.getAdditionalAuthenticatedData();
-            tag = options.getTag();
+            iv = options.getIv();
+            additionalAuthenticatedData = options.getAdditionalAuthenticatedData();
+            authenticationTag = options.getAuthenticationTag();
+        }
+
+        if (iv == null) {
+            if (algorithm == EncryptionAlgorithm.A128GCM || algorithm == EncryptionAlgorithm.A192GCM
+                || algorithm == EncryptionAlgorithm.A256GCM) {
+
+                iv = generateRandomIvForGcm();
+            } else if (algorithm == EncryptionAlgorithm.A128CBC || algorithm == EncryptionAlgorithm.A192CBC
+                || algorithm == EncryptionAlgorithm.A256CBC || algorithm == EncryptionAlgorithm.A128CBCPAD
+                || algorithm == EncryptionAlgorithm.A192CBCPAD || algorithm == EncryptionAlgorithm.A256CBCPAD) {
+
+                iv = generateRandomIvForCbc();
+            }
         }
 
         try {
-            transform = symmetricEncryptionAlgorithm.createDecryptor(this.key, iv, authData, tag);
+            transform = symmetricEncryptionAlgorithm.createDecryptor(this.key, iv, additionalAuthenticatedData, authenticationTag);
         } catch (Exception e) {
             return Mono.error(e);
         }
@@ -149,8 +176,7 @@ Mono<VerifyResult> verifyAsync(SignatureAlgorithm algorithm, byte[] digest, byte
     }
 
     @Override
-    Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, CryptographyOptions options, Context context,
-                                  JsonWebKey jsonWebKey) {
+    Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Context context, JsonWebKey jsonWebKey) {
         this.key = getKey(jsonWebKey);
 
         if (key == null || key.length == 0) {
@@ -168,10 +194,8 @@ Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Cryptograp
 
         ICryptoTransform transform;
 
-        byte[] iv = options == null ? null : options.getInitializationVector();
-
         try {
-            transform = localKeyWrapAlgorithm.createEncryptor(this.key, iv, null);
+            transform = localKeyWrapAlgorithm.createEncryptor(this.key, null, null);
         } catch (Exception e) {
             return Mono.error(e);
         }
@@ -188,8 +212,7 @@ Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] key, Cryptograp
     }
 
     @Override
-    Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CryptographyOptions options,
-                                      Context context, JsonWebKey jsonWebKey) {
+    Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, Context context, JsonWebKey jsonWebKey) {
         this.key = getKey(jsonWebKey);
 
         Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm.toString());
@@ -202,10 +225,8 @@ Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKe
 
         ICryptoTransform transform;
 
-        byte[] iv = options == null ? null : options.getInitializationVector();
-
         try {
-            transform = localKeyWrapAlgorithm.createDecryptor(this.key, iv, null);
+            transform = localKeyWrapAlgorithm.createDecryptor(this.key, null, null);
         } catch (Exception e) {
             return Mono.error(e);
         }
@@ -231,4 +252,27 @@ Mono<VerifyResult> verifyDataAsync(SignatureAlgorithm algorithm, byte[] data, by
                                        JsonWebKey key) {
         return verifyAsync(algorithm, data, signature, context, key);
     }
+
+    private byte[] generateRandomIvForCbc() {
+        return generateRandomIv(16);
+    }
+
+    private byte[] generateRandomIvForGcm() {
+        return generateRandomIv(12);
+    }
+
+    private byte[] generateRandomIv(int ivSize) {
+        byte[] iv = new byte[0];
+        SecureRandom randomSecureRandom;
+
+        try {
+            randomSecureRandom = SecureRandom.getInstance("SHA1PRNG");
+            iv = new byte[ivSize];
+            randomSecureRandom.nextBytes(iv);
+        } catch (NoSuchAlgorithmException e) {
+            logger.logThrowableAsError(e);
+        }
+
+        return iv;
+    }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
index f00a6c3942625..42a5a692e8692 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
@@ -107,7 +107,7 @@ public void getKeySnippets() {
 
     /**
      * Generates code samples for using {@link CryptographyAsyncClient#encrypt(EncryptionAlgorithm, byte[])} and
-     * {@link CryptographyAsyncClient#encrypt(EncryptionAlgorithm, byte[], CryptographyOptions)}.
+     * {@link CryptographyAsyncClient#encrypt(EncryptionAlgorithm, byte[], EncryptOptions)}.
      */
     public void encrypt() {
         CryptographyAsyncClient cryptographyAsyncClient = createAsyncClient();
@@ -123,36 +123,29 @@ public void encrypt() {
                     encryptResult.getCipherText().length, encryptResult.getAlgorithm().toString()));
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte
 
-        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-CryptographyOptions
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions
         byte[] plainTextBytes = new byte[100];
 
         new Random(0x1234567L).nextBytes(plainTextBytes);
 
         byte[] iv = {
             (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
-            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
-        byte[] authData = {
-            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f,
-            (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
-            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
-            (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
-            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
-            (byte) 0x66, (byte) 0x73
+            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
 
-        CryptographyOptions cryptographyOptions = new CryptographyOptions(iv, authData, null);
+        EncryptOptions encryptOptions = new AesCbcEncryptOptions(iv);
 
-        cryptographyAsyncClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plainTextBytes, cryptographyOptions)
+        cryptographyAsyncClient.encrypt(EncryptionAlgorithm.A128CBC, plainTextBytes, encryptOptions)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
             .subscribe(encryptResult ->
                 System.out.printf("Received encrypted content of length %d with algorithm %s \n",
                     encryptResult.getCipherText().length, encryptResult.getAlgorithm().toString()));
-        // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-CryptographyOptions
+        // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions
     }
 
     /**
      * Generates code samples for using {@link CryptographyAsyncClient#decrypt(EncryptionAlgorithm, byte[])} and
-     * {@link CryptographyAsyncClient#decrypt(EncryptionAlgorithm, byte[], CryptographyOptions)}.
+     * {@link CryptographyAsyncClient#decrypt(EncryptionAlgorithm, byte[], DecryptOptions)}.
      */
     public void decrypt() {
         CryptographyAsyncClient cryptographyAsyncClient = createAsyncClient();
@@ -168,31 +161,23 @@ public void decrypt() {
                 System.out.printf("Received decrypted content of length %d\n", decryptResult.getPlainText().length));
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte
 
-        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-CryptographyOptions
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions
         byte[] cipherTextBytes = new byte[100];
 
         new Random(0x1234567L).nextBytes(cipherTextBytes);
 
         byte[] iv = {
             (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
-            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
-        byte[] authData = {
-            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f,
-            (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
-            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
-            (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
-            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
-            (byte) 0x66, (byte) 0x73
+            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
-        byte[] tag = "This is my authentication tag".getBytes();
 
-        CryptographyOptions cryptographyOptions = new CryptographyOptions(iv, authData, tag);
+        DecryptOptions decryptOptions = new AesCbcDecryptOptions(iv);
 
-        cryptographyAsyncClient.decrypt(EncryptionAlgorithm.RSA_OAEP, cipherTextBytes, cryptographyOptions)
+        cryptographyAsyncClient.decrypt(EncryptionAlgorithm.A128CBC, cipherTextBytes, decryptOptions)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
             .subscribe(decryptResult ->
                 System.out.printf("Received decrypted content of length %d\n", decryptResult.getPlainText().length));
-        // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-CryptographyOptions
+        // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions
     }
 
     /**
@@ -253,10 +238,8 @@ public void signDataVerifyData() throws NoSuchAlgorithmException {
     }
 
     /**
-     * Generates a code sample for using {@link CryptographyAsyncClient#wrapKey(KeyWrapAlgorithm, byte[])},
-     * {@link CryptographyAsyncClient#wrapKey(KeyWrapAlgorithm, byte[], CryptographyOptions)},
-     * {@link CryptographyAsyncClient#unwrapKey(KeyWrapAlgorithm, byte[])} and
-     * {@link CryptographyAsyncClient#unwrapKey(KeyWrapAlgorithm, byte[], CryptographyOptions)}
+     * Generates a code sample for using {@link CryptographyAsyncClient#wrapKey(KeyWrapAlgorithm, byte[])} and
+     * {@link CryptographyAsyncClient#unwrapKey(KeyWrapAlgorithm, byte[])}.
      */
     public void wrapKeyUnwrapKey() {
         CryptographyAsyncClient cryptographyAsyncClient = createAsyncClient();
@@ -271,32 +254,6 @@ public void wrapKeyUnwrapKey() {
                     keyWrapResult.getEncryptedKey().length, keyWrapResult.getAlgorithm().toString()));
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.wrapKey#KeyWrapAlgorithm-byte
 
-        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.wrapKey#KeyWrapAlgorithm-byte-CryptographyOptions
-        byte[] keyToWrap = new byte[100];
-
-        new Random(0x1234567L).nextBytes(key);
-
-        byte[] iv = {
-            (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
-            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
-        byte[] authData = {
-            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f,
-            (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
-            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
-            (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
-            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
-            (byte) 0x66, (byte) 0x73
-        };
-
-        CryptographyOptions cryptographyOptions = new CryptographyOptions(iv, authData, null);
-
-        cryptographyAsyncClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyToWrap, cryptographyOptions)
-            .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
-            .subscribe(keyWrapResult ->
-                System.out.printf("Received encypted key of length %d with algorithm %s",
-                    keyWrapResult.getEncryptedKey().length, keyWrapResult.getAlgorithm().toString()));
-        // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.wrapKey#KeyWrapAlgorithm-byte-CryptographyOptions
-
         // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.unwrapKey#KeyWrapAlgorithm-byte
         byte[] wrappedKey = new byte[100];
         new Random(0x1234567L).nextBytes(key);
@@ -306,31 +263,6 @@ public void wrapKeyUnwrapKey() {
             .subscribe(keyUnwrapResult ->
                 System.out.printf("Received key of length %d", keyUnwrapResult.getKey().length));
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.unwrapKey#KeyWrapAlgorithm-byte
-
-        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.unwrapKey#KeyWrapAlgorithm-byte-CryptographyOptions
-        byte[] keyToUnwrap = new byte[100];
-
-        new Random(0x1234567L).nextBytes(key);
-
-        byte[] initializationVector = {
-            (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
-            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
-        byte[] authenticationData = {
-            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f,
-            (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
-            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
-            (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
-            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
-            (byte) 0x66, (byte) 0x73
-        };
-
-        CryptographyOptions options = new CryptographyOptions(initializationVector, authenticationData, null);
-
-        cryptographyAsyncClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, keyToUnwrap, options)
-            .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
-            .subscribe(keyUnwrapResult ->
-                System.out.printf("Received key of length %d", keyUnwrapResult.getKey().length));
-        // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.unwrapKey#KeyWrapAlgorithm-byte-CryptographyOptions
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
index ec8e3870901fc..0f3c99d25a4a9 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
@@ -71,7 +71,7 @@ public void getKeySnippets() {
     /**
      * Generates a code sample for using {@link CryptographyClient#encrypt(EncryptionAlgorithm, byte[])},
      * {@link CryptographyClient#encrypt(EncryptionAlgorithm, byte[], Context)} and
-     * {@link CryptographyClient#encrypt(EncryptionAlgorithm, byte[], CryptographyOptions, Context)}.
+     * {@link CryptographyClient#encrypt(EncryptionAlgorithm, byte[], EncryptOptions, Context)}.
      */
     public void encrypt() {
         CryptographyClient cryptographyClient = createClient();
@@ -99,37 +99,30 @@ public void encrypt() {
             encryptionResult.getCipherText().length, encryptionResult.getAlgorithm().toString());
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-Context
 
-        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-CryptographyOptions-Context
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions-Context
         byte[] myPlainText = new byte[100];
 
         new Random(0x1234567L).nextBytes(myPlainText);
 
         byte[] iv = {
             (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
-            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
-        byte[] authData = {
-            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f,
-            (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
-            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
-            (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
-            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
-            (byte) 0x66, (byte) 0x73
+            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
 
-        CryptographyOptions cryptographyOptions = new CryptographyOptions(iv, authData, null);
+        EncryptOptions encryptOptions = new AesCbcEncryptOptions(iv);
 
-        EncryptResult encryptedResult = cryptographyClient.encrypt(EncryptionAlgorithm.RSA_OAEP, myPlainText,
-            cryptographyOptions, new Context(key1, value1));
+        EncryptResult encryptedResult = cryptographyClient.encrypt(EncryptionAlgorithm.A128CBC, myPlainText,
+            encryptOptions, new Context(key1, value1));
 
         System.out.printf("Received encrypted content of length %d with algorithm %s \n",
             encryptedResult.getCipherText().length, encryptedResult.getAlgorithm().toString());
-        // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-CryptographyOptions-Context
+        // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions-Context
     }
 
     /**
      * Generates a code sample for using {@link CryptographyClient#decrypt(EncryptionAlgorithm, byte[])},
      * {@link CryptographyClient#decrypt(EncryptionAlgorithm, byte[], Context)} and
-     * {@link CryptographyClient#decrypt(EncryptionAlgorithm, byte[], CryptographyOptions, Context)}.
+     * {@link CryptographyClient#decrypt(EncryptionAlgorithm, byte[], DecryptOptions, Context)}.
      */
     public void decrypt() {
         CryptographyClient cryptographyClient = createClient();
@@ -155,31 +148,23 @@ public void decrypt() {
         System.out.printf("Received decrypted content of length %d\n", decryptionResult.getPlainText().length);
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-Context
 
-        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-CryptographyOptions-Context
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions-Context
         byte[] myCipherText = new byte[100];
 
         new Random(0x1234567L).nextBytes(myCipherText);
 
         byte[] iv = {
             (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
-            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
-        byte[] authData = {
-            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f,
-            (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
-            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
-            (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
-            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
-            (byte) 0x66, (byte) 0x73
+            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
-        byte[] tag = "This is my authentication tag".getBytes();
 
-        CryptographyOptions cryptographyOptions = new CryptographyOptions(iv, authData, tag);
+        DecryptOptions decryptOptions = new AesCbcDecryptOptions(iv);
 
-        DecryptResult decryptedResult = cryptographyClient.decrypt(EncryptionAlgorithm.RSA_OAEP, myCipherText,
-            cryptographyOptions, new Context(key1, value1));
+        DecryptResult decryptedResult = cryptographyClient.decrypt(EncryptionAlgorithm.A128CBC, myCipherText,
+            decryptOptions, new Context(key1, value1));
 
         System.out.printf("Received decrypted content of length %d\n", decryptedResult.getPlainText().length);
-        // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-CryptographyOptions-Context
+        // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions-Context
     }
 
     /**
@@ -263,10 +248,8 @@ public void signDataVerifyData() throws NoSuchAlgorithmException {
     /**
      * Generates a code sample for using {@link CryptographyClient#wrapKey(KeyWrapAlgorithm, byte[])},
      * {@link CryptographyClient#wrapKey(KeyWrapAlgorithm, byte[], Context)},
-     * {@link CryptographyClient#wrapKey(KeyWrapAlgorithm, byte[], CryptographyOptions, Context)},
-     * {@link CryptographyClient#unwrapKey(KeyWrapAlgorithm, byte[])},
-     * {@link CryptographyClient#unwrapKey(KeyWrapAlgorithm, byte[], Context)} and
-     * {@link CryptographyClient#unwrapKey(KeyWrapAlgorithm, byte[], CryptographyOptions, Context)}.
+     * {@link CryptographyClient#unwrapKey(KeyWrapAlgorithm, byte[])} and
+     * {@link CryptographyClient#unwrapKey(KeyWrapAlgorithm, byte[], Context)}.
      */
     public void wrapKeyUnwrapKey() {
         CryptographyClient cryptographyClient = createClient();
@@ -294,32 +277,6 @@ public void wrapKeyUnwrapKey() {
             keyWrapResponse.getAlgorithm().toString());
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.wrapKey#KeyWrapAlgorithm-byte-Context
 
-        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.wrapKey#KeyWrapAlgorithm-byte-CryptographyOptions-Context
-        byte[] keyToWrap = new byte[100];
-
-        new Random(0x1234567L).nextBytes(keyToWrap);
-
-        byte[] iv = {
-            (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
-            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
-        byte[] authData = {
-            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f,
-            (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
-            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
-            (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
-            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
-            (byte) 0x66, (byte) 0x73
-        };
-
-        CryptographyOptions cryptographyOptions = new CryptographyOptions(iv, authData, null);
-
-        WrapResult wrapKeyResult = cryptographyClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, keyToWrap, cryptographyOptions,
-            new Context(key1, value1));
-
-        System.out.printf("Received encrypted key of length %d with algorithm %s", wrapKeyResult.getEncryptedKey().length,
-            wrapKeyResult.getAlgorithm().toString());
-        // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.wrapKey#KeyWrapAlgorithm-byte-CryptographyOptions-Context
-
         // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.unwrapKey#KeyWrapAlgorithm-byte
         byte[] wrappedKey = new byte[100];
 
@@ -340,31 +297,6 @@ public void wrapKeyUnwrapKey() {
 
         System.out.printf("Received key of length %d", keyUnwrapResponse.getKey().length);
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.unwrapKey#KeyWrapAlgorithm-byte-Context
-
-        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.unwrapKey#KeyWrapAlgorithm-byte-CryptographyOptions-Context
-        byte[] keyToUnwrap = new byte[100];
-
-        new Random(0x1234567L).nextBytes(keyToUnwrap);
-
-        byte[] initializationVector = {
-            (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
-            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
-        byte[] authenticationData = {
-            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f,
-            (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
-            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
-            (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
-            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66,
-            (byte) 0x66, (byte) 0x73
-        };
-
-        CryptographyOptions options = new CryptographyOptions(initializationVector, authenticationData, null);
-
-        UnwrapResult unwrappedKey = cryptographyClient.unwrapKey(KeyWrapAlgorithm.RSA_OAEP, keyToUnwrap, options,
-            new Context(key2, value2));
-
-        System.out.printf("Received key of length %d", unwrappedKey.getKey().length);
-        // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.unwrapKey#KeyWrapAlgorithm-byte-CryptographyOptions-Context
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClientJavaDocCodeSnippets.java
index 98fc655fc8fcf..5413d14a7fb41 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClientJavaDocCodeSnippets.java
@@ -44,12 +44,7 @@ public LocalCryptographyAsyncClient createAsyncClient() {
      */
     public void encrypt() {
         LocalCryptographyAsyncClient cryptographyAsyncClient = createAsyncClient();
-        byte[] iv = {(byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd, (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
-        byte[] authData = {
-            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f, (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
-            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20, (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
-            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66, (byte) 0x66, (byte) 0x73
-        };
+
         // BEGIN: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte
         byte[] plainText = new byte[100];
         new Random(0x1234567L).nextBytes(plainText);
@@ -59,6 +54,22 @@ public void encrypt() {
                 System.out.printf("Received encrypted content of length %d with algorithm %s \n",
                     encryptResult.getCipherText().length, encryptResult.getAlgorithm().toString()));
         // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte
+
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions
+        byte[] plainTextBytes = new byte[100];
+        new Random(0x1234567L).nextBytes(plainTextBytes);
+        byte[] iv = {
+            (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
+            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
+        };
+        EncryptOptions encryptOptions = new AesCbcEncryptOptions(iv);
+
+        cryptographyAsyncClient.encrypt(EncryptionAlgorithm.A128CBC, plainTextBytes, encryptOptions)
+            .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
+            .subscribe(encryptResult ->
+                System.out.printf("Received encrypted content of length %d with algorithm %s \n",
+                    encryptResult.getCipherText().length, encryptResult.getAlgorithm().toString()));
+        // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions
     }
 
     /**
@@ -75,6 +86,21 @@ public void decrypt() {
             .subscribe(decryptResult ->
                 System.out.printf("Received decrypted content of length %d\n", decryptResult.getPlainText().length));
         // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte
+
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions
+        byte[] plainTextBytes = new byte[100];
+        new Random(0x1234567L).nextBytes(plainTextBytes);
+        byte[] iv = {
+            (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
+            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
+        };
+        DecryptOptions decryptOptions = new AesCbcDecryptOptions(iv);
+
+        cryptographyAsyncClient.decrypt(EncryptionAlgorithm.A128CBC, plainTextBytes, decryptOptions)
+            .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
+            .subscribe(decryptResult ->
+                System.out.printf("Received decrypted content of length %d\n", decryptResult.getPlainText().length));
+        // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientJavaDocCodeSnippets.java
index e730fa87ee0ab..a47687559d1f5 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientJavaDocCodeSnippets.java
@@ -49,12 +49,7 @@ public LocalCryptographyClient createClient() {
      */
     public void encrypt() {
         LocalCryptographyClient cryptographyClient = createClient();
-        byte[] iv = {(byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd, (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04};
-        byte[] authData = {
-            (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f, (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63,
-            (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20, (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20,
-            (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66, (byte) 0x66, (byte) 0x73
-        };
+
         // BEGIN: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.encrypt#EncryptionAlgorithm-byte
         byte[] plainText = new byte[100];
         new Random(0x1234567L).nextBytes(plainText);
@@ -62,6 +57,21 @@ public void encrypt() {
         System.out.printf("Received encrypted content of length %d with algorithm %s \n",
             encryptResult.getCipherText().length, encryptResult.getAlgorithm().toString());
         // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.encrypt#EncryptionAlgorithm-byte
+
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions
+        byte[] plainTextBytes = new byte[100];
+        new Random(0x1234567L).nextBytes(plainTextBytes);
+        byte[] iv = {
+            (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
+            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
+        };
+        EncryptOptions encryptOptions = new AesCbcEncryptOptions(iv);
+        EncryptResult encryptedResult = cryptographyClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plainTextBytes,
+            encryptOptions);
+
+        System.out.printf("Received encrypted content of length %d with algorithm %s \n",
+            encryptedResult.getCipherText().length, encryptedResult.getAlgorithm().toString());
+        // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions
     }
 
     /**
@@ -70,11 +80,26 @@ public void encrypt() {
      */
     public void decrypt() {
         LocalCryptographyClient cryptographyClient = createClient();
-        byte[] encryptedData = new byte[100];
+
         // BEGIN: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.decrypt#EncryptionAlgorithm-byte
+        byte[] encryptedData = new byte[100];
         DecryptResult decryptResult = cryptographyClient.decrypt(EncryptionAlgorithm.RSA_OAEP, encryptedData);
+
         System.out.printf("Received decrypted content of length %d\n", decryptResult.getPlainText().length);
         // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.decrypt#EncryptionAlgorithm-byte
+
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions
+        byte[] encryptedBytes = new byte[100];
+        byte[] iv = {
+            (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
+            (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
+        };
+        DecryptOptions decryptOptions = new AesCbcDecryptOptions(iv);
+        DecryptResult decryptedResult = cryptographyClient.decrypt(EncryptionAlgorithm.A128CBC, encryptedBytes,
+            decryptOptions);
+
+        System.out.printf("Received decrypted content of length %d\n", decryptedResult.getPlainText().length);
+        // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java
index e0377b6868d39..c29cef3c56dca 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java
@@ -16,9 +16,19 @@
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import com.azure.security.keyvault.keys.models.KeyCurveName;
 
-import java.security.*;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Security;
 import java.security.spec.ECGenParameterSpec;
-import java.util.*;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Random;
+
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
 
@@ -103,12 +113,12 @@ public void wrapUnwraptRsa(HttpClient httpClient, CryptographyServiceVersion ser
                 new Random(0x1234567L).nextBytes(plainText);
                 byte[] encryptedKey = cryptoClient.wrapKey(algorithm, plainText).getEncryptedKey();
                 byte[] decryptedKey =
-                    serviceClient.unwrapKey(algorithm, encryptedKey, null, Context.NONE).block().getKey();
+                    serviceClient.unwrapKey(algorithm, encryptedKey, Context.NONE).block().getKey();
 
                 assertArrayEquals(decryptedKey, plainText);
 
                 encryptedKey =
-                    serviceClient.wrapKey(algorithm, plainText, null, Context.NONE).block().getEncryptedKey();
+                    serviceClient.wrapKey(algorithm, plainText, Context.NONE).block().getEncryptedKey();
                 decryptedKey = cryptoClient.unwrapKey(algorithm, encryptedKey).getKey();
 
                 assertArrayEquals(decryptedKey, plainText);
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTestBase.java b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTestBase.java
index e61f407eb42f9..50947681766c0 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTestBase.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTestBase.java
@@ -34,7 +34,12 @@
 import java.security.spec.RSAPrivateCrtKeySpec;
 import java.security.spec.RSAPublicKeySpec;
 import java.time.Duration;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.UUID;
 import java.util.function.Consumer;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTest.java b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTest.java
index ed006bb2ca610..a340b7cc55ecd 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTest.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTest.java
@@ -34,13 +34,6 @@ protected void beforeTest() {
         beforeTestSetup();
     }
 
-
-    private LocalCryptographyClient initializeCryptographyClient(JsonWebKey key) {
-        return new LocalCryptographyClientBuilder()
-            .key(key)
-            .buildClient();
-    }
-
     @Test
     public void encryptDecryptRsa() throws Exception {
         encryptDecryptRsaRunner(keyPair -> {
@@ -116,6 +109,50 @@ public void signVerifyEc() throws NoSuchAlgorithmException, InvalidAlgorithmPara
             Boolean verifyStatus = cryptoClient.verifyData(curveToSignature.get(crv), plainText, signature).isValid();
             assertTrue(verifyStatus);
         }
+    }
 
+    @Test
+    public void encryptDecryptLocalAes128Cbc() throws NoSuchAlgorithmException {
+        encryptDecryptAesCbc(128, EncryptionAlgorithm.A128CBC);
+    }
+
+    @Test
+    public void encryptDecryptLocalAes192Cbc() throws NoSuchAlgorithmException {
+        encryptDecryptAesCbc(256, EncryptionAlgorithm.A192CBC);
+    }
+
+    @Test
+    public void encryptDecryptLocalAes256Cbc() throws NoSuchAlgorithmException {
+        encryptDecryptAesCbc(256, EncryptionAlgorithm.A256CBC);
+    }
+
+    @Test
+    public void encryptDecryptLocalAes128CbcPad() throws NoSuchAlgorithmException {
+        encryptDecryptAesCbc(128, EncryptionAlgorithm.A128CBCPAD);
+    }
+
+    @Test
+    public void encryptDecryptLocalAes192CbcPad() throws NoSuchAlgorithmException {
+        encryptDecryptAesCbc(192, EncryptionAlgorithm.A192CBCPAD);
+    }
+
+    @Test
+    public void encryptDecryptLocalAes256CbcPad() throws NoSuchAlgorithmException {
+        encryptDecryptAesCbc(256, EncryptionAlgorithm.A256CBCPAD);
+    }
+
+    @Test
+    public void encryptDecryptLocalAes128Gcm() throws NoSuchAlgorithmException {
+        encryptDecryptAesGcm(128, EncryptionAlgorithm.A128GCM);
+    }
+
+    @Test
+    public void encryptDecryptLocalAes192Gcm() throws NoSuchAlgorithmException {
+        encryptDecryptAesGcm(192, EncryptionAlgorithm.A192GCM);
+    }
+
+    @Test
+    public void encryptDecryptLocalAes256Gcm() throws NoSuchAlgorithmException {
+        encryptDecryptAesGcm(256, EncryptionAlgorithm.A256GCM);
     }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java
index 4e0d1158e3b20..d5535637a6b3c 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java
@@ -5,8 +5,15 @@
 
 import com.azure.core.exception.HttpResponseException;
 import com.azure.core.test.TestBase;
+import com.azure.security.keyvault.keys.cryptography.models.DecryptResult;
+import com.azure.security.keyvault.keys.cryptography.models.EncryptResult;
+import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
+import com.azure.security.keyvault.keys.models.JsonWebKey;
+import com.azure.security.keyvault.keys.models.KeyOperation;
 import org.junit.jupiter.api.Test;
 
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 import java.math.BigInteger;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.KeyFactory;
@@ -15,11 +22,14 @@
 import java.security.spec.KeySpec;
 import java.security.spec.RSAPrivateCrtKeySpec;
 import java.security.spec.RSAPublicKeySpec;
+import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.UUID;
 import java.util.function.Consumer;
 
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.fail;
 
@@ -32,6 +42,12 @@ protected String getTestName() {
     void beforeTestSetup() {
     }
 
+    static LocalCryptographyClient initializeCryptographyClient(JsonWebKey key) {
+        return new LocalCryptographyClientBuilder()
+            .key(key)
+            .buildClient();
+    }
+
     @Test
     public abstract void encryptDecryptRsa() throws Exception;
 
@@ -41,6 +57,33 @@ void encryptDecryptRsaRunner(Consumer<KeyPair> testRunner) throws Exception {
         testRunner.accept(getWellKnownKey());
     }
 
+    @Test
+    public abstract void encryptDecryptLocalAes128Cbc() throws Exception;
+
+    @Test
+    public abstract void encryptDecryptLocalAes192Cbc() throws Exception;
+
+    @Test
+    public abstract void encryptDecryptLocalAes256Cbc() throws Exception;
+
+    @Test
+    public abstract void encryptDecryptLocalAes128CbcPad() throws Exception;
+
+    @Test
+    public abstract void encryptDecryptLocalAes192CbcPad() throws Exception;
+
+    @Test
+    public abstract void encryptDecryptLocalAes256CbcPad() throws Exception;
+
+    @Test
+    public abstract void encryptDecryptLocalAes128Gcm() throws Exception;
+
+    @Test
+    public abstract void encryptDecryptLocalAes192Gcm() throws Exception;
+
+    @Test
+    public abstract void encryptDecryptLocalAes256Gcm() throws Exception;
+
     @Test
     public abstract void signVerifyEc() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
 
@@ -65,6 +108,52 @@ private static KeyPair getWellKnownKey() throws Exception {
         return new KeyPair(keyFactory.generatePublic(publicKeySpec), keyFactory.generatePrivate(privateKeySpec));
     }
 
+    static void encryptDecryptAesCbc(int keySize, EncryptionAlgorithm algorithm) throws NoSuchAlgorithmException {
+        byte[] plaintext = "My16BitPlaintext".getBytes();
+        byte[] iv = "My16BytesTestIv.".getBytes();
+        LocalCryptographyClient localCryptographyClient = initializeCryptographyClient(getTestJsonWebKey(keySize));
+        EncryptOptions encryptOptions = new AesCbcEncryptOptions(iv);
+        EncryptResult encryptResult =
+            localCryptographyClient.encrypt(algorithm, plaintext, encryptOptions);
+        DecryptOptions decryptOptions = new AesCbcDecryptOptions(iv);
+        DecryptResult decryptResult =
+            localCryptographyClient.decrypt(algorithm, encryptResult.getCipherText(), decryptOptions);
+
+        assertArrayEquals(plaintext, decryptResult.getPlainText());
+    }
+
+    static void encryptDecryptAesGcm(int keySize, EncryptionAlgorithm algorithm) throws NoSuchAlgorithmException {
+        byte[] plaintext = "My16BitPlaintext".getBytes();
+        byte[] iv = "My12BytesIv.".getBytes();
+        LocalCryptographyClient localCryptographyClient = initializeCryptographyClient(getTestJsonWebKey(keySize));
+        EncryptOptions encryptOptions = new AesGcmEncryptOptions(iv, null);
+        EncryptResult encryptResult =
+            localCryptographyClient.encrypt(algorithm, plaintext, encryptOptions);
+        byte[] authenticationTag = new byte[12];
+
+        System.arraycopy(encryptResult.getCipherText(), 0, authenticationTag, 0, authenticationTag.length);
+
+        DecryptOptions decryptOptions = new AesGcmDecryptOptions(iv, null, authenticationTag);
+        DecryptResult decryptResult =
+            localCryptographyClient.decrypt(algorithm, encryptResult.getCipherText(), decryptOptions);
+
+        assertArrayEquals(plaintext, decryptResult.getPlainText());
+    }
+
+    private static JsonWebKey getTestJsonWebKey(int keySize) throws NoSuchAlgorithmException {
+        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+
+        keyGen.init(keySize);
+
+        SecretKey secretKey = keyGen.generateKey();
+
+        List<KeyOperation> keyOperations = new ArrayList<>();
+        keyOperations.add(KeyOperation.ENCRYPT);
+        keyOperations.add(KeyOperation.DECRYPT);
+
+        return JsonWebKey.fromAes(secretKey, keyOperations).setId("testKey");
+    }
+
     String generateResourceId(String suffix) {
         if (interceptorManager.isPlaybackMode()) {
             return suffix;
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes128Cbc.json b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes128Cbc.json
new file mode 100644
index 0000000000000..ef57284a590ce
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes128Cbc.json
@@ -0,0 +1,4 @@
+{
+  "networkCallRecords" : [ ],
+  "variables" : [ ]
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes128CbcPad.json b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes128CbcPad.json
new file mode 100644
index 0000000000000..ef57284a590ce
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes128CbcPad.json
@@ -0,0 +1,4 @@
+{
+  "networkCallRecords" : [ ],
+  "variables" : [ ]
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes128Gcm.json b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes128Gcm.json
new file mode 100644
index 0000000000000..ef57284a590ce
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes128Gcm.json
@@ -0,0 +1,4 @@
+{
+  "networkCallRecords" : [ ],
+  "variables" : [ ]
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes192Cbc.json b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes192Cbc.json
new file mode 100644
index 0000000000000..ef57284a590ce
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes192Cbc.json
@@ -0,0 +1,4 @@
+{
+  "networkCallRecords" : [ ],
+  "variables" : [ ]
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes192CbcPad.json b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes192CbcPad.json
new file mode 100644
index 0000000000000..ef57284a590ce
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes192CbcPad.json
@@ -0,0 +1,4 @@
+{
+  "networkCallRecords" : [ ],
+  "variables" : [ ]
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes192Gcm.json b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes192Gcm.json
new file mode 100644
index 0000000000000..ef57284a590ce
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes192Gcm.json
@@ -0,0 +1,4 @@
+{
+  "networkCallRecords" : [ ],
+  "variables" : [ ]
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes256Cbc.json b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes256Cbc.json
new file mode 100644
index 0000000000000..ef57284a590ce
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes256Cbc.json
@@ -0,0 +1,4 @@
+{
+  "networkCallRecords" : [ ],
+  "variables" : [ ]
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes256CbcPad.json b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes256CbcPad.json
new file mode 100644
index 0000000000000..ef57284a590ce
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes256CbcPad.json
@@ -0,0 +1,4 @@
+{
+  "networkCallRecords" : [ ],
+  "variables" : [ ]
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes256Gcm.json b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes256Gcm.json
new file mode 100644
index 0000000000000..ef57284a590ce
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/resources/session-records/encryptDecryptLocalAes256Gcm.json
@@ -0,0 +1,4 @@
+{
+  "networkCallRecords" : [ ],
+  "variables" : [ ]
+}

From 596d98e58e6860b78fbcce460fbe5da39333ce69 Mon Sep 17 00:00:00 2001
From: Victor Colin Amador <vicolina@microsoft.com>
Date: Thu, 12 Nov 2020 09:34:47 -0800
Subject: [PATCH 09/15] Made the EncryptOptions and DecryptOptions constructor
 package-private, as well as their children's, and made them have factory
 methods for creating the former to help with discoverability.

---
 .../cryptography/AesCbcDecryptOptions.java    | 24 ++++-
 .../cryptography/AesCbcEncryptOptions.java    | 24 ++++-
 .../cryptography/AesGcmDecryptOptions.java    | 49 +++++++++-
 .../cryptography/AesGcmEncryptOptions.java    | 35 ++++++-
 .../cryptography/CryptographyAsyncClient.java | 44 ++++-----
 .../keys/cryptography/CryptographyClient.java | 28 +++---
 .../CryptographyServiceClient.java            | 41 ++++----
 .../keys/cryptography/DecryptOptions.java     | 95 +++++++++++++------
 .../cryptography/EcKeyCryptographyClient.java |  7 +-
 .../keys/cryptography/EncryptOptions.java     | 90 +++++++++++++-----
 .../LocalCryptographyAsyncClient.java         | 20 ++--
 .../cryptography/LocalCryptographyClient.java | 20 ++--
 .../LocalKeyCryptographyClient.java           |  7 +-
 .../RsaKeyCryptographyClient.java             | 32 +++++--
 .../SymmetricKeyCryptographyClient.java       | 42 ++++----
 ...ographyAsyncClientJavaDocCodeSnippets.java | 22 +++--
 ...CryptographyClientJavaDocCodeSnippets.java | 24 ++---
 ...ographyAsyncClientJavaDocCodeSnippets.java | 18 ++--
 ...CryptographyClientJavaDocCodeSnippets.java | 20 ++--
 .../cryptography/CryptographyClientTest.java  |  7 +-
 .../LocalCryptographyClientTestBase.java      | 18 ++--
 21 files changed, 421 insertions(+), 246 deletions(-)

diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcDecryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcDecryptOptions.java
index a962f4325bce1..53f88f977f3ad 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcDecryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcDecryptOptions.java
@@ -3,6 +3,8 @@
 
 package com.azure.security.keyvault.keys.cryptography;
 
+import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
+
 /**
  * A class containing configuration parameters that can be applied when decrypting AES-CBC keys with and without
  * padding.
@@ -11,9 +13,27 @@ public class AesCbcDecryptOptions extends DecryptOptions {
     /**
      * Creates an instance of {@link AesCbcDecryptOptions} with the given parameters.
      *
+     * @param algorithm The algorithm to be used for decryption.
+     * @param ciphertext The content to be decrypted.
+     */
+    AesCbcDecryptOptions(EncryptionAlgorithm algorithm, byte[] ciphertext) {
+        super(algorithm, ciphertext);
+    }
+
+    /**
+     * Set the given initialization vector to be used in this decryption operation.
+     *
      * @param iv Initialization vector for the decryption operation.
+     * @return The updated {@link AesCbcDecryptOptions} object.
      */
-    public AesCbcDecryptOptions(byte[] iv) {
-        super(iv, null, null);
+    public AesCbcDecryptOptions setIv(byte[] iv) {
+        if (iv == null) {
+            this.iv = null;
+        } else {
+            this.iv = new byte[iv.length];
+            System.arraycopy(iv, 0, this.iv, 0, iv.length);
+        }
+
+        return this;
     }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcEncryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcEncryptOptions.java
index 9691c94c653f9..bf75673d06df1 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcEncryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcEncryptOptions.java
@@ -3,6 +3,8 @@
 
 package com.azure.security.keyvault.keys.cryptography;
 
+import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
+
 /**
  * A class containing configuration parameters that can be applied when encrypting AES-CBC keys with and without
  * padding.
@@ -11,9 +13,27 @@ public class AesCbcEncryptOptions extends EncryptOptions {
     /**
      * Creates an instance of {@link AesCbcEncryptOptions} with the given parameters.
      *
+     * @param algorithm The algorithm to be used for encryption.
+     * @param plaintext The content to be encrypted.
+     */
+    AesCbcEncryptOptions(EncryptionAlgorithm algorithm, byte[] plaintext) {
+        super(algorithm, plaintext);
+    }
+
+    /**
+     * Set the given initialization vector to be used in this encryption operation.
+     *
      * @param iv Initialization vector for the encryption operation.
+     * @return The updated {@link AesCbcEncryptOptions} object.
      */
-    public AesCbcEncryptOptions(byte[] iv) {
-        super(iv, null);
+    public AesCbcEncryptOptions setIv(byte[] iv) {
+        if (iv == null) {
+            this.iv = null;
+        } else {
+            this.iv = new byte[iv.length];
+            System.arraycopy(iv, 0, this.iv, 0, iv.length);
+        }
+
+        return this;
     }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmDecryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmDecryptOptions.java
index c335aae51b159..92dced7e0fcd3 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmDecryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmDecryptOptions.java
@@ -3,6 +3,8 @@
 
 package com.azure.security.keyvault.keys.cryptography;
 
+import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
+
 /**
  * A class containing configuration parameters that can be applied when decrypting AES-GCM keys.
  */
@@ -10,11 +12,54 @@ public class AesGcmDecryptOptions extends DecryptOptions {
     /**
      * Creates an instance of {@link AesGcmDecryptOptions} with the given parameters.
      *
+     * @param algorithm The algorithm to be used for decryption.
+     * @param ciphertext The content to be decrypted.
      * @param iv Initialization vector for the decryption operation.
+     */
+    AesGcmDecryptOptions(EncryptionAlgorithm algorithm, byte[] ciphertext, byte[] iv) {
+        super(algorithm, ciphertext);
+
+        if (iv == null) {
+            this.iv = null;
+        } else {
+            this.iv = new byte[iv.length];
+            System.arraycopy(iv, 0, this.iv, 0, iv.length);
+        }
+    }
+
+    /**
+     * Set additional data to authenticate when using authenticated crypto algorithms.
+     *
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
+     * @return The updated {@link AesGcmDecryptOptions} object.
+     */
+    public AesGcmDecryptOptions setAdditionalAuthenticatedData(byte[] additionalAuthenticatedData) {
+        if (additionalAuthenticatedData == null) {
+            this.additionalAuthenticatedData = null;
+        } else {
+            this.additionalAuthenticatedData = new byte[additionalAuthenticatedData.length];
+            System.arraycopy(additionalAuthenticatedData, 0, this.additionalAuthenticatedData, 0,
+                additionalAuthenticatedData.length);
+        }
+
+        return this;
+    }
+
+    /**
+     * Set the tag to authenticate when performing decryption.
+     *
      * @param authenticationTag The tag to authenticate when performing decryption.
+     * @return The updated {@link AesGcmDecryptOptions} object.
      */
-    public AesGcmDecryptOptions(byte[] iv, byte[] additionalAuthenticatedData, byte[] authenticationTag) {
-        super(iv, additionalAuthenticatedData, authenticationTag);
+    public AesGcmDecryptOptions setAuthenticationTag(byte[] authenticationTag) {
+        if (authenticationTag == null) {
+            this.authenticationTag = null;
+        } else {
+            this.authenticationTag = new byte[authenticationTag.length];
+            System.arraycopy(authenticationTag, 0, this.authenticationTag, 0,
+                authenticationTag.length);
+        }
+
+        return this;
     }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmEncryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmEncryptOptions.java
index d9697164c9d28..7ea254f54224b 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmEncryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmEncryptOptions.java
@@ -3,6 +3,8 @@
 
 package com.azure.security.keyvault.keys.cryptography;
 
+import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
+
 /**
  * A class containing configuration parameters that can be applied when encrypting AES-GCM keys.
  */
@@ -10,11 +12,36 @@ public class AesGcmEncryptOptions extends EncryptOptions {
     /**
      * Creates an instance of {@link AesGcmEncryptOptions} with the given parameters.
      *
+     * @param algorithm The algorithm to be used for encryption.
+     * @param ciphertext The content to be encrypted.
      * @param iv Initialization vector for the encryption operation.
-     * @param additionalAuthenticatedData Additional data to authenticate but not encrypt/decrypt when using
-     * authenticated crypto algorithms.
      */
-    public AesGcmEncryptOptions(byte[] iv, byte[] additionalAuthenticatedData) {
-        super(iv, additionalAuthenticatedData);
+    AesGcmEncryptOptions(EncryptionAlgorithm algorithm, byte[] ciphertext, byte[] iv) {
+        super(algorithm, ciphertext);
+
+        if (iv == null) {
+            this.iv = null;
+        } else {
+            this.iv = new byte[iv.length];
+            System.arraycopy(iv, 0, this.iv, 0, iv.length);
+        }
+    }
+
+    /**
+     * Set additional data to authenticate when using authenticated crypto algorithms.
+     *
+     * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
+     * @return The updated {@link AesGcmEncryptOptions} object.
+     */
+    public AesGcmEncryptOptions setAdditionalAuthenticatedData(byte[] additionalAuthenticatedData) {
+        if (additionalAuthenticatedData == null) {
+            this.additionalAuthenticatedData = null;
+        } else {
+            this.additionalAuthenticatedData = new byte[additionalAuthenticatedData.length];
+            System.arraycopy(additionalAuthenticatedData, 0, this.additionalAuthenticatedData, 0,
+                additionalAuthenticatedData.length);
+        }
+
+        return this;
     }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
index decd00b92ecf5..d0f5b21762c37 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
@@ -223,7 +223,7 @@ Mono<JsonWebKey> getSecretKey() {
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
-        return encrypt(algorithm, plaintext, null);
+        return encrypt(new EncryptOptions(algorithm, plaintext), null);
     }
 
     /**
@@ -248,11 +248,9 @@ public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainte
      * <p><strong>Code Samples</strong></p>
      * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
      * a response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptOptions}
      *
-     * @param algorithm The algorithm to be used for encryption.
-     * @param plaintext The content to be encrypted.
-     * @param options Optional parameters for the encryption operation.
+     * @param encryptOptions The parameters to use in the encryption operation.
      * @return A {@link Mono} containing a {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text}
      * contains the encrypted content.
      * @throws ResourceNotFoundException If the key cannot be found for encryption.
@@ -260,23 +258,19 @@ public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainte
      * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
-    public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options) {
+    public Mono<EncryptResult> encrypt(EncryptOptions encryptOptions) {
         try {
-            return withContext(context -> encrypt(algorithm, plaintext, options, context));
+            return withContext(context -> encrypt(encryptOptions, context));
         } catch (RuntimeException ex) {
             return monoError(logger, ex);
         }
     }
 
 
-    Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options,
-                                Context context) {
-        Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null.");
-        Objects.requireNonNull(plaintext, "Plain text content to be encrypted cannot be null.");
-
+    Mono<EncryptResult> encrypt(EncryptOptions encryptOptions, Context context) {
         return ensureValidKeyAvailable().flatMap(available -> {
             if (!available) {
-                return cryptographyServiceClient.encrypt(algorithm, plaintext, options, context);
+                return cryptographyServiceClient.encrypt(encryptOptions, context);
             }
 
             if (!checkKeyPermissions(this.key.getKeyOps(), KeyOperation.ENCRYPT)) {
@@ -284,7 +278,7 @@ Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Enc
                     "Encrypt Operation is missing permission/not supported for key with id %s", key.getId()))));
             }
 
-            return localKeyCryptographyClient.encryptAsync(algorithm, plaintext, options, context, key);
+            return localKeyCryptographyClient.encryptAsync(encryptOptions, context, key);
         });
     }
 
@@ -321,7 +315,7 @@ Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Enc
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
-        return decrypt(algorithm, cipherText, null);
+        return decrypt(new DecryptOptions(algorithm, cipherText));
     }
 
     /**
@@ -346,33 +340,27 @@ public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherT
      * <p><strong>Code Samples</strong></p>
      * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
      * details when a response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#DecryptOptions}
      *
-     * @param algorithm The algorithm to be used for decryption.
-     * @param cipherText The content to be decrypted.
-     * @param options Optional parameters for the decryption operation.
+     * @param decryptOptions The parameters to use in the decryption operation.
      * @return A {@link Mono} containing the decrypted blob.
      * @throws ResourceNotFoundException If the key cannot be found for decryption.
      * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
      * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
-    public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options) {
+    public Mono<DecryptResult> decrypt(DecryptOptions decryptOptions) {
         try {
-            return withContext(context -> decrypt(algorithm, cipherText, options, context));
+            return withContext(context -> decrypt(decryptOptions, context));
         } catch (RuntimeException ex) {
             return monoError(logger, ex);
         }
     }
 
-    Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options,
-                                Context context) {
-        Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null.");
-        Objects.requireNonNull(cipherText, "Cipher text content to be decrypted cannot be null.");
-
+    Mono<DecryptResult> decrypt(DecryptOptions decryptOptions, Context context) {
         return ensureValidKeyAvailable().flatMap(available -> {
             if (!available) {
-                return cryptographyServiceClient.decrypt(algorithm, cipherText, options, context);
+                return cryptographyServiceClient.decrypt(decryptOptions, context);
             }
 
             if (!checkKeyPermissions(this.key.getKeyOps(), KeyOperation.DECRYPT)) {
@@ -380,7 +368,7 @@ Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, De
                     "Decrypt Operation is not allowed for key with id %s", key.getId()))));
             }
 
-            return localKeyCryptographyClient.decryptAsync(algorithm, cipherText, options, context, key);
+            return localKeyCryptographyClient.decryptAsync(decryptOptions, context, key);
         });
     }
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
index b971a9fcf73a8..3e4c77f000cc6 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
@@ -111,7 +111,7 @@ public Response<KeyVaultKey> getKeyWithResponse(Context context) {
      * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
      */
     public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Context context) {
-        return encrypt(algorithm, plaintext, null, context);
+        return encrypt(new EncryptOptions(algorithm, plaintext), context);
     }
 
     /**
@@ -172,11 +172,9 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
      * <p><strong>Code Samples</strong></p>
      * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
      * a response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions-Context}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptOptions-Context}
      *
-     * @param algorithm The algorithm to be used for encryption.
-     * @param plaintext The content to be encrypted.
-     * @param options Optional parameters for the encryption operation.
+     * @param encryptOptions The parameters to use in the encryption operation.
      * @param context Additional context that is passed through the Http pipeline during the service call.
      * @return The {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text} contains the encrypted
      * content.
@@ -184,9 +182,8 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
      * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
      * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
      */
-    public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options,
-                                 Context context) {
-        return client.encrypt(algorithm, plaintext, options, context).block();
+    public EncryptResult encrypt(EncryptOptions encryptOptions, Context context) {
+        return client.encrypt(encryptOptions, context).block();
     }
 
     /**
@@ -222,7 +219,7 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, En
      * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
     public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, Context context) {
-        return decrypt(algorithm, cipherText, null, context);
+        return decrypt(new DecryptOptions(algorithm, cipherText), context);
     }
 
     /**
@@ -257,7 +254,7 @@ public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, C
      * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
     public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
-        return decrypt(algorithm, cipherText, Context.NONE);
+        return decrypt(new DecryptOptions(algorithm, cipherText), Context.NONE);
     }
 
     /**
@@ -282,20 +279,17 @@ public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
      * <p><strong>Code Samples</strong></p>
      * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
      * details when a response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions-Context}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#DecryptOptions-Context}
      *
-     * @param algorithm The algorithm to be used for decryption.
-     * @param cipherText The content to be decrypted.
-     * @param options Optional parameters for the decryption operation.
+     * @param decryptOptions The parameters to use in the decryption operation.
      * @param context Additional context that is passed through the Http pipeline during the service call.
      * @return The decrypted blob.
      * @throws ResourceNotFoundException If the key cannot be found for encryption.
      * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
      * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
-    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options,
-                                 Context context) {
-        return client.decrypt(algorithm, cipherText, options, context).block();
+    public DecryptResult decrypt(DecryptOptions decryptOptions, Context context) {
+        return client.decrypt(decryptOptions, context).block();
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
index 2fe89007c5c59..c20507cd74afd 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
@@ -125,19 +125,17 @@ JsonWebKey transformSecretKey(SecretKey secretKey) throws JsonProcessingExceptio
         return mapper.readValue(jsonString, JsonWebKey.class);
     }
 
-    Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options,
-                                Context context) {
-        byte[] iv = null;
-        byte[] authenticatedData = null;
-
-        if (options != null) {
-            iv = options.getIv();
-            authenticatedData = options.getAdditionalAuthenticatedData();
-        }
-
+    Mono<EncryptResult> encrypt(EncryptOptions encryptOptions, Context context) {
+        Objects.requireNonNull(encryptOptions, "'encryptOptions' cannot be null.");
+        Objects.requireNonNull(encryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
+        Objects.requireNonNull(encryptOptions.getPlainText(), "Plain text content to be encrypted cannot be null.");
+
+        EncryptionAlgorithm algorithm = encryptOptions.getAlgorithm();
+        byte[] iv = encryptOptions.getIv();
+        byte[] authenticatedData = encryptOptions.getAdditionalAuthenticatedData();
         KeyOperationParameters parameters = new KeyOperationParameters()
             .setAlgorithm(algorithm)
-            .setValue(plaintext)
+            .setValue(encryptOptions.getPlainText())
             .setIv(iv)
             .setAdditionalAuthenticatedData(authenticatedData);
         context = context == null ? Context.NONE : context;
@@ -153,21 +151,18 @@ Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Enc
                 Mono.just(new EncryptResult(keyOperationResultResponse.getValue().getResult(), algorithm, keyId)));
     }
 
-    Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options,
-                                Context context) {
-        byte[] iv = null;
-        byte[] additionalAuthenticatedData = null;
-        byte[] authenticationTag = null;
-
-        if (options != null) {
-            iv = options.getIv();
-            additionalAuthenticatedData = options.getAdditionalAuthenticatedData();
-            authenticationTag = options.getAuthenticationTag();
-        }
+    Mono<DecryptResult> decrypt(DecryptOptions decryptOptions, Context context) {
+        Objects.requireNonNull(decryptOptions, "'decryptOptions' cannot be null.");
+        Objects.requireNonNull(decryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
+        Objects.requireNonNull(decryptOptions.getCipherText(), "Cipher text content to be decrypted cannot be null.");
 
+        EncryptionAlgorithm algorithm = decryptOptions.getAlgorithm();
+        byte[] iv = decryptOptions.getIv();
+        byte[] additionalAuthenticatedData = decryptOptions.getAdditionalAuthenticatedData();
+        byte[] authenticationTag = decryptOptions.getAuthenticationTag();
         KeyOperationParameters parameters = new KeyOperationParameters()
             .setAlgorithm(algorithm)
-            .setValue(cipherText)
+            .setValue(decryptOptions.getCipherText())
             .setIv(iv)
             .setAdditionalAuthenticatedData(additionalAuthenticatedData)
             .setAuthenticationTag(authenticationTag);
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
index 216c3d37269f0..37969353fe90a 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
@@ -3,59 +3,96 @@
 
 package com.azure.security.keyvault.keys.cryptography;
 
-import com.fasterxml.jackson.annotation.JsonProperty;
+import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
+
+import java.util.Objects;
 
 /**
  * A class containing various configuration parameters that can be applied when performing decryption operations.
  */
 public class DecryptOptions {
+    /**
+     * The algorithm to be used for decryption.
+     */
+    final EncryptionAlgorithm algorithm;
+
+    /**
+     * The content to be decrypted.
+     */
+    final byte[] cipherText;
+
     /**
      * Initialization vector to be used in the decryption operation using a symmetric algorithm.
      */
-    @JsonProperty(value = "iv")
-    private final byte[] iv;
+    byte[] iv;
 
     /**
      * Get additional data to authenticate when performing decryption with an authenticated algorithm.
      */
-    @JsonProperty(value = "aad")
-    private final byte[] additionalAuthenticatedData;
+    byte[] additionalAuthenticatedData;
 
     /**
      * The tag to authenticate when performing decryption with an authenticated algorithm.
      */
-    @JsonProperty(value = "tag")
-    private final byte[] authenticationTag;
+    byte[] authenticationTag;
+
+    /**
+     * Factory method to create an instance of {@link AesCbcDecryptOptions} with the given parameters.
+     *
+     * @param algorithm The algorithm to be used for decryption.
+     * @param ciphertext The content to be decrypted.
+     * @return The {@link AesCbcDecryptOptions}.
+     */
+    public static AesCbcDecryptOptions createAesCbcOptions(EncryptionAlgorithm algorithm, byte[] ciphertext) {
+        return new AesCbcDecryptOptions(algorithm, ciphertext);
+    }
+
+    /**
+     * Factory method to create an instance of {@link AesGcmDecryptOptions} with the given parameters.
+     *
+     * @param algorithm The algorithm to be used for decryption.
+     * @param ciphertext The content to be decrypted.
+     * @param iv Initialization vector for the decryption operation.
+     * @return The {@link AesGcmDecryptOptions}.
+     */
+    public static AesGcmDecryptOptions createAesGcmOptions(EncryptionAlgorithm algorithm, byte[] ciphertext, byte[] iv) {
+        return new AesGcmDecryptOptions(algorithm, ciphertext, iv);
+    }
 
     /**
      * Creates an instance of {@link DecryptOptions} with the given parameters.
      *
-     * @param iv Initialization vector for symmetric algorithms.
-     * @param additionalAuthenticatedData Additional data to authenticate but not encrypt/decrypt when using
-     * authenticated crypto algorithms.
-     * @param authenticationTag The tag to authenticate when performing decryption with an authenticated algorithm.
+     * @param algorithm The algorithm to be used for decryption.
+     * @param cipherText The content to be decrypted.
      */
-    public DecryptOptions(byte[] iv, byte[] additionalAuthenticatedData, byte[] authenticationTag) {
-        if (iv == null) {
-            this.iv = null;
-        } else {
-            this.iv = new byte[iv.length];
-            System.arraycopy(iv, 0, this.iv, 0, iv.length);
-        }
+    DecryptOptions(EncryptionAlgorithm algorithm, byte[] cipherText) {
+        Objects.requireNonNull(algorithm, "'algorithm cannot be null'");
+        Objects.requireNonNull(cipherText, "'ciphertext' cannot be null");
 
-        if (additionalAuthenticatedData == null) {
-            this.additionalAuthenticatedData = null;
-        } else {
-            this.additionalAuthenticatedData = new byte[additionalAuthenticatedData.length];
-            System.arraycopy(additionalAuthenticatedData, 0, this.additionalAuthenticatedData, 0,
-                additionalAuthenticatedData.length);
-        }
+        this.algorithm = algorithm;
+        this.cipherText = new byte[cipherText.length];
+        System.arraycopy(cipherText, 0, this.cipherText, 0, cipherText.length);
+    }
 
-        if (authenticationTag == null) {
-            this.authenticationTag = null;
+    /**
+     * The algorithm to be used for encryption.
+     *
+     * @return The algorithm to be used for encryption.
+     */
+    public EncryptionAlgorithm getAlgorithm() {
+        return algorithm;
+    }
+
+    /**
+     * Get the content to be encrypted.
+     *
+     * @return The content to be encrypted.
+     */
+    public byte[] getCipherText() {
+        if (cipherText == null) {
+            return null;
         } else {
-            this.authenticationTag = new byte[authenticationTag.length];
-            System.arraycopy(authenticationTag, 0, this.authenticationTag, 0, authenticationTag.length);
+            return cipherText.clone();
         }
     }
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java
index 161792f7cabc4..89a18684f3304 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java
@@ -6,7 +6,6 @@
 import com.azure.core.util.Context;
 import com.azure.core.util.logging.ClientLogger;
 import com.azure.security.keyvault.keys.cryptography.models.DecryptResult;
-import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
 import com.azure.security.keyvault.keys.cryptography.models.EncryptResult;
 import com.azure.security.keyvault.keys.cryptography.models.UnwrapResult;
 import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
@@ -56,15 +55,13 @@ private KeyPair getKeyPair(JsonWebKey key) {
     }
 
     @Override
-    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options,
-                                     Context context, JsonWebKey key) {
+    Mono<EncryptResult> encryptAsync(EncryptOptions options, Context context, JsonWebKey key) {
         throw logger.logExceptionAsError(new UnsupportedOperationException(
             "Encrypt operation is not supported for EC key"));
     }
 
     @Override
-    Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options,
-                                     Context context, JsonWebKey key) {
+    Mono<DecryptResult> decryptAsync(DecryptOptions options, Context context, JsonWebKey key) {
         throw logger.logExceptionAsError(new UnsupportedOperationException(
             "Decrypt operation is not supported for EC key"));
     }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
index b9e53bb4c77c1..6bba15997fb74 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
@@ -3,50 +3,96 @@
 
 package com.azure.security.keyvault.keys.cryptography;
 
-import com.fasterxml.jackson.annotation.JsonProperty;
+import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
+
+import java.util.Objects;
 
 /**
  * A class containing various configuration parameters that can be applied when performing encryption operations.
  */
 public class EncryptOptions {
+    /**
+     * The algorithm to be used for encryption.
+     */
+    final EncryptionAlgorithm algorithm;
+
+    /**
+     * The content to be encrypted.
+     */
+    final byte[] plainText;
+
     /**
      * Initialization vector to be used in the encryption operation using a symmetric algorithm.
      */
-    @JsonProperty(value = "iv")
-    private final byte[] iv;
+    byte[] iv;
 
     /**
      * Get additional data to authenticate when performing encryption with an authenticated algorithm.
      */
-    @JsonProperty(value = "aad")
-    private final byte[] additionalAuthenticatedData;
+    byte[] additionalAuthenticatedData;
+
+    /**
+     * Factory method to create an instance of {@link AesCbcEncryptOptions} with the given parameters.
+     *
+     * @param algorithm The algorithm to be used for encryption.
+     * @param plaintext The content to be encryption.
+     * @return The {@link AesCbcEncryptOptions}.
+     */
+    public static AesCbcEncryptOptions createAesCbcOptions(EncryptionAlgorithm algorithm, byte[] plaintext) {
+        return new AesCbcEncryptOptions(algorithm, plaintext);
+    }
+
+    /**
+     * Factory method to create an instance of {@link AesGcmEncryptOptions} with the given parameters.
+     *
+     * @param algorithm The algorithm to be used for encryption.
+     * @param plaintext The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @return The {@link AesGcmEncryptOptions}.
+     */
+    public static AesGcmEncryptOptions createAesGcmOptions(EncryptionAlgorithm algorithm, byte[] plaintext, byte[] iv) {
+        return new AesGcmEncryptOptions(algorithm, plaintext, iv);
+    }
 
     /**
      * Creates an instance of {@link EncryptOptions} with the given parameters.
      *
-     * @param iv Initialization vector for symmetric algorithms.
-     * @param additionalAuthenticatedData Additional data to authenticate but not encrypt/decrypt when using
-     * authenticated crypto algorithms.
+     * @param algorithm The algorithm to be used for encryption.
+     * @param plainText The content to be encrypted.
      */
-    public EncryptOptions(byte[] iv, byte[] additionalAuthenticatedData) {
-        if (iv == null) {
-            this.iv = null;
-        } else {
-            this.iv = new byte[iv.length];
-            System.arraycopy(iv, 0, this.iv, 0, iv.length);
-        }
+    EncryptOptions(EncryptionAlgorithm algorithm, byte[] plainText) {
+        Objects.requireNonNull(algorithm, "'algorithm cannot be null'");
+        Objects.requireNonNull(plainText, "'plaintext' cannot be null");
 
-        if (additionalAuthenticatedData == null) {
-            this.additionalAuthenticatedData = null;
+        this.algorithm = algorithm;
+        this.plainText = new byte[plainText.length];
+        System.arraycopy(plainText, 0, this.plainText, 0, plainText.length);
+    }
+
+    /**
+     * The algorithm to be used for encryption.
+     *
+     * @return The algorithm to be used for encryption.
+     */
+    public EncryptionAlgorithm getAlgorithm() {
+        return algorithm;
+    }
+
+    /**
+     * Get the content to be encrypted.
+     *
+     * @return The content to be encrypted.
+     */
+    public byte[] getPlainText() {
+        if (plainText == null) {
+            return null;
         } else {
-            this.additionalAuthenticatedData = new byte[additionalAuthenticatedData.length];
-            System.arraycopy(additionalAuthenticatedData, 0, this.additionalAuthenticatedData, 0,
-                additionalAuthenticatedData.length);
+            return plainText.clone();
         }
     }
 
     /**
-     * Get the initialization vector to be used in the decryption operation using a symmetric algorithm.
+     * Get the initialization vector to be used in the encryption operation using a symmetric algorithm.
      *
      * @return The initialization vector.
      */
@@ -59,7 +105,7 @@ public byte[] getIv() {
     }
 
     /**
-     * Get additional data to authenticate when performing decryption with an authenticated algorithm.
+     * Get additional data to authenticate when performing encryption with an authenticated algorithm.
      *
      * @return The additional authenticated data.
      */
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
index cafa9442e33b6..b8f174d1df5ef 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
@@ -98,18 +98,16 @@ public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainte
      * <p><strong>Code Samples</strong></p>
      * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
      * a response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.encrypt#EncryptOptions}
      *
-     * @param algorithm The algorithm to be used for encryption.
-     * @param options Optional parameters for the encryption operation.
-     * @param plaintext The content to be encrypted.
+     * @param encryptOptions The parameters to use in the encryption operation.
      * @return A {@link Mono} containing a {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text}
      * contains the encrypted content.
      * @throws UnsupportedOperationException if the encrypt operation is not supported or configured on the key.
      * @throws NullPointerException if {@code algorithm} or  {@code plainText} is null.
      */
-    public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options) {
-        return cryptographyAsyncClient.encrypt(algorithm, plaintext, options);
+    public Mono<EncryptResult> encrypt(EncryptOptions encryptOptions) {
+        return cryptographyAsyncClient.encrypt(encryptOptions);
     }
 
     /**
@@ -168,17 +166,15 @@ public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherT
      * <p><strong>Code Samples</strong></p>
      * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
      * details when a response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.decrypt#DecryptOptions}
      *
-     * @param algorithm The algorithm to be used for decryption.
-     * @param options Optional parameters for the decryption operation.
-     * @param cipherText The content to be decrypted.
+     * @param decryptOptions The parameters to use in the decryption operation.
      * @return A {@link Mono} containing the decrypted blob.
      * @throws UnsupportedOperationException if the decrypt operation is not supported or configured on the key.
      * @throws NullPointerException if {@code algorithm} or {@code cipherText} is null.
      */
-    public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options) {
-        return cryptographyAsyncClient.decrypt(algorithm, cipherText, options);
+    public Mono<DecryptResult> decrypt(DecryptOptions decryptOptions) {
+        return cryptographyAsyncClient.decrypt(decryptOptions);
     }
 
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
index 9f4d4466e51dc..0dc23643c0e34 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
@@ -94,18 +94,16 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
      * <p><strong>Code Samples</strong></p>
      * <p>Encrypts the content. Subscribes to the call asynchronously and prints out the encrypted content details when
      * a response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.encrypt#EncryptOptions}
      *
-     * @param algorithm The algorithm to be used for encryption.
-     * @param options Optional parameters for the encryption operation.
-     * @param plaintext The content to be encrypted.
+     * @param encryptOptions The parameters to use in the encryption operation.
      * @return The {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text} contains the encrypted
      *     content.
      * @throws UnsupportedOperationException if the encrypt operation is not supported or configured on the key.
      * @throws NullPointerException if {@code algorithm} or  {@code plainText} is null.
      */
-    public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options) {
-        return client.encrypt(algorithm, plaintext, options).block();
+    public EncryptResult encrypt(EncryptOptions encryptOptions) {
+        return client.encrypt(encryptOptions).block();
     }
 
     /**
@@ -164,17 +162,15 @@ public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
      * <p><strong>Code Samples</strong></p>
      * <p>Decrypts the encrypted content. Subscribes to the call asynchronously and prints out the decrypted content
      * details when a response has been received.</p>
-     * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions}
+     * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.decrypt#DecryptOptions}
      *
-     * @param algorithm The algorithm to be used for decryption.
-     * @param options Optional parameters for the decryption operation.
-     * @param cipherText The content to be decrypted.
+     * @param decryptOptions The parameters to use in the decryption operation.
      * @return The decrypted blob.
      * @throws UnsupportedOperationException if the decrypt operation is not supported or configured on the key.
      * @throws NullPointerException if {@code algorithm} or {@code cipherText} is null.
      */
-    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options) {
-        return client.decrypt(algorithm, cipherText, options).block();
+    public DecryptResult decrypt(DecryptOptions decryptOptions) {
+        return client.decrypt(decryptOptions).block();
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java
index 4728c90a9a4df..83ce109bf0e44 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java
@@ -5,7 +5,6 @@
 
 import com.azure.core.util.Context;
 import com.azure.security.keyvault.keys.cryptography.models.DecryptResult;
-import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
 import com.azure.security.keyvault.keys.cryptography.models.EncryptResult;
 import com.azure.security.keyvault.keys.cryptography.models.UnwrapResult;
 import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
@@ -27,11 +26,9 @@ abstract class LocalKeyCryptographyClient {
         this.serviceClient = serviceClient;
     }
 
-    abstract Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext,
-                                              EncryptOptions options, Context context, JsonWebKey jsonWebKey);
+    abstract Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context, JsonWebKey jsonWebKey);
 
-    abstract Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText,
-                                              DecryptOptions options, Context context, JsonWebKey jsonWebKey);
+    abstract Mono<DecryptResult> decryptAsync(DecryptOptions decryptOptions, Context context, JsonWebKey jsonWebKey);
 
     abstract Mono<SignResult> signAsync(SignatureAlgorithm algorithm, byte[] digest, Context context, JsonWebKey key);
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
index 3cd4a3ef0c504..d39a9cb562fbc 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
@@ -25,6 +25,7 @@
 import java.security.KeyPair;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.util.Objects;
 
 class RsaKeyCryptographyClient extends LocalKeyCryptographyClient {
     private KeyPair keyPair;
@@ -52,16 +53,20 @@ private KeyPair getKeyPair(JsonWebKey key) {
     }
 
     @Override
-    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options,
-                                     Context context, JsonWebKey jsonWebKey) {
+    Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context, JsonWebKey jsonWebKey) {
+        Objects.requireNonNull(encryptOptions, "'encryptOptions' cannot be null.");
+        Objects.requireNonNull(encryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
+        Objects.requireNonNull(encryptOptions.plainText, "Plain text content to be encrypted cannot be null.");
+
         keyPair = getKeyPair(jsonWebKey);
 
         // Interpret the requested algorithm
+        EncryptionAlgorithm algorithm = encryptOptions.getAlgorithm();
         Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm.toString());
 
         if (baseAlgorithm == null) {
             if (serviceCryptoAvailable()) {
-                return serviceClient.encrypt(algorithm, plaintext, options, context);
+                return serviceClient.encrypt(encryptOptions, context);
             }
             return Mono.error(new NoSuchAlgorithmException(algorithm.toString()));
         } else if (!(baseAlgorithm instanceof AsymmetricEncryptionAlgorithm)) {
@@ -70,7 +75,7 @@ Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext
 
         if (keyPair.getPublic() == null) {
             if (serviceCryptoAvailable()) {
-                return serviceClient.encrypt(algorithm, plaintext, options, context);
+                return serviceClient.encrypt(encryptOptions, context);
             }
             return Mono.error(new IllegalArgumentException(
                 "Public portion of the key not available to perform encrypt operation"));
@@ -82,7 +87,8 @@ Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext
 
         try {
             transform = algo.createEncryptor(keyPair);
-            return Mono.just(new EncryptResult(transform.doFinal(plaintext), algorithm, jsonWebKey.getId()));
+            return Mono.just(new EncryptResult(transform.doFinal(encryptOptions.getPlainText()), algorithm,
+                jsonWebKey.getId()));
         } catch (InvalidKeyException
             | NoSuchAlgorithmException
             | NoSuchPaddingException
@@ -93,15 +99,20 @@ Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext
     }
 
     @Override
-    Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options,
-                                     Context context, JsonWebKey jsonWebKey) {
+    Mono<DecryptResult> decryptAsync(DecryptOptions decryptOptions, Context context, JsonWebKey jsonWebKey) {
+        Objects.requireNonNull(decryptOptions, "'decryptOptions' cannot be null.");
+        Objects.requireNonNull(decryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
+        Objects.requireNonNull(decryptOptions.getCipherText(), "Cipher text content to be decrypted cannot be null.");
+
         keyPair = getKeyPair(jsonWebKey);
 
+        // Interpret the requested algorithm
+        EncryptionAlgorithm algorithm = decryptOptions.getAlgorithm();
         Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm.toString());
 
         if (baseAlgorithm == null) {
             if (serviceCryptoAvailable()) {
-                return serviceClient.decrypt(algorithm, cipherText, options, context);
+                return serviceClient.decrypt(decryptOptions, context);
             }
             return Mono.error(new NoSuchAlgorithmException(algorithm.toString()));
         } else if (!(baseAlgorithm instanceof AsymmetricEncryptionAlgorithm)) {
@@ -110,7 +121,7 @@ Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherTex
 
         if (keyPair.getPrivate() == null) {
             if (serviceCryptoAvailable()) {
-                return serviceClient.decrypt(algorithm, cipherText, options, context);
+                return serviceClient.decrypt(decryptOptions, context);
             }
             return Mono.error(new IllegalArgumentException(
                 "Private portion of the key not available to perform decrypt operation"));
@@ -122,7 +133,8 @@ Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherTex
 
         try {
             transform = algo.createDecryptor(keyPair);
-            return Mono.just(new DecryptResult(transform.doFinal(cipherText), algorithm, jsonWebKey.getId()));
+            return Mono.just(new DecryptResult(transform.doFinal(decryptOptions.getCipherText()), algorithm,
+                jsonWebKey.getId()));
         } catch (InvalidKeyException
             | NoSuchAlgorithmException
             | NoSuchPaddingException
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
index e4454ac6280ae..37e542b69c3b5 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
@@ -19,6 +19,7 @@
 
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.util.Objects;
 
 class SymmetricKeyCryptographyClient extends LocalKeyCryptographyClient {
     private final ClientLogger logger = new ClientLogger(SymmetricKeyCryptographyClient.class);
@@ -47,8 +48,11 @@ private byte[] getKey(JsonWebKey key) {
     }
 
     @Override
-    Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext, EncryptOptions options,
-                                     Context context, JsonWebKey jsonWebKey) {
+    Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context, JsonWebKey jsonWebKey) {
+        Objects.requireNonNull(encryptOptions, "'encryptOptions' cannot be null.");
+        Objects.requireNonNull(encryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
+        Objects.requireNonNull(encryptOptions.plainText, "Plain text content to be encrypted cannot be null.");
+
         this.key = getKey(jsonWebKey);
 
         if (key == null || key.length == 0) {
@@ -56,6 +60,7 @@ Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext
         }
 
         // Interpret the algorithm
+        EncryptionAlgorithm algorithm = encryptOptions.getAlgorithm();
         Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm.toString());
 
         if (!(baseAlgorithm instanceof SymmetricEncryptionAlgorithm)) {
@@ -66,13 +71,8 @@ Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext
 
         ICryptoTransform transform;
 
-        byte[] iv = null;
-        byte[] additionalAuthenticatedData = null;
-
-        if (options != null) {
-            iv = options.getIv();
-            additionalAuthenticatedData = options.getAdditionalAuthenticatedData();
-        }
+        byte[] iv = encryptOptions.getIv();
+        byte[] additionalAuthenticatedData = encryptOptions.getAdditionalAuthenticatedData();
 
         if (iv == null) {
             if (algorithm == EncryptionAlgorithm.A128GCM || algorithm == EncryptionAlgorithm.A192GCM
@@ -96,7 +96,7 @@ Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext
         byte[] encrypted;
 
         try {
-            encrypted = transform.doFinal(plaintext);
+            encrypted = transform.doFinal(encryptOptions.getPlainText());
         } catch (Exception e) {
             return Mono.error(e);
         }
@@ -105,8 +105,11 @@ Mono<EncryptResult> encryptAsync(EncryptionAlgorithm algorithm, byte[] plaintext
     }
 
     @Override
-    Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherText, DecryptOptions options,
-                                     Context context, JsonWebKey jsonWebKey) {
+    Mono<DecryptResult> decryptAsync(DecryptOptions decryptOptions, Context context, JsonWebKey jsonWebKey) {
+        Objects.requireNonNull(decryptOptions, "'decryptOptions' cannot be null.");
+        Objects.requireNonNull(decryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
+        Objects.requireNonNull(decryptOptions.getCipherText(), "Cipher text content to be decrypted cannot be null.");
+
         this.key = getKey(jsonWebKey);
 
         if (key == null || key.length == 0) {
@@ -114,6 +117,7 @@ Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherTex
         }
 
         // Interpret the algorithm
+        EncryptionAlgorithm algorithm = decryptOptions.getAlgorithm();
         Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm.toString());
 
         if (!(baseAlgorithm instanceof SymmetricEncryptionAlgorithm)) {
@@ -124,15 +128,9 @@ Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherTex
 
         ICryptoTransform transform;
 
-        byte[] iv = null;
-        byte[] additionalAuthenticatedData = null;
-        byte[] authenticationTag = null;
-
-        if (options != null) {
-            iv = options.getIv();
-            additionalAuthenticatedData = options.getAdditionalAuthenticatedData();
-            authenticationTag = options.getAuthenticationTag();
-        }
+        byte[] iv = decryptOptions.getIv();
+        byte[] additionalAuthenticatedData = decryptOptions.getAdditionalAuthenticatedData();
+        byte[] authenticationTag = decryptOptions.getAuthenticationTag();
 
         if (iv == null) {
             if (algorithm == EncryptionAlgorithm.A128GCM || algorithm == EncryptionAlgorithm.A192GCM
@@ -156,7 +154,7 @@ Mono<DecryptResult> decryptAsync(EncryptionAlgorithm algorithm, byte[] cipherTex
         byte[] decrypted;
 
         try {
-            decrypted = transform.doFinal(cipherText);
+            decrypted = transform.doFinal(decryptOptions.getCipherText());
         } catch (Exception e) {
             return Mono.error(e);
         }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
index 42a5a692e8692..44ceb5cbbec62 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
@@ -107,7 +107,7 @@ public void getKeySnippets() {
 
     /**
      * Generates code samples for using {@link CryptographyAsyncClient#encrypt(EncryptionAlgorithm, byte[])} and
-     * {@link CryptographyAsyncClient#encrypt(EncryptionAlgorithm, byte[], EncryptOptions)}.
+     * {@link CryptographyAsyncClient#encrypt(EncryptOptions)}.
      */
     public void encrypt() {
         CryptographyAsyncClient cryptographyAsyncClient = createAsyncClient();
@@ -123,7 +123,7 @@ public void encrypt() {
                     encryptResult.getCipherText().length, encryptResult.getAlgorithm().toString()));
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte
 
-        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptOptions
         byte[] plainTextBytes = new byte[100];
 
         new Random(0x1234567L).nextBytes(plainTextBytes);
@@ -133,19 +133,20 @@ public void encrypt() {
             (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
 
-        EncryptOptions encryptOptions = new AesCbcEncryptOptions(iv);
+        EncryptOptions encryptOptions = EncryptOptions.createAesCbcOptions(EncryptionAlgorithm.A128CBC, plainTextBytes)
+            .setIv(iv);
 
-        cryptographyAsyncClient.encrypt(EncryptionAlgorithm.A128CBC, plainTextBytes, encryptOptions)
+        cryptographyAsyncClient.encrypt(encryptOptions)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
             .subscribe(encryptResult ->
                 System.out.printf("Received encrypted content of length %d with algorithm %s \n",
                     encryptResult.getCipherText().length, encryptResult.getAlgorithm().toString()));
-        // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions
+        // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptOptions
     }
 
     /**
      * Generates code samples for using {@link CryptographyAsyncClient#decrypt(EncryptionAlgorithm, byte[])} and
-     * {@link CryptographyAsyncClient#decrypt(EncryptionAlgorithm, byte[], DecryptOptions)}.
+     * {@link CryptographyAsyncClient#decrypt(DecryptOptions)}.
      */
     public void decrypt() {
         CryptographyAsyncClient cryptographyAsyncClient = createAsyncClient();
@@ -161,7 +162,7 @@ public void decrypt() {
                 System.out.printf("Received decrypted content of length %d\n", decryptResult.getPlainText().length));
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte
 
-        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#DecryptOptions
         byte[] cipherTextBytes = new byte[100];
 
         new Random(0x1234567L).nextBytes(cipherTextBytes);
@@ -171,13 +172,14 @@ public void decrypt() {
             (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
 
-        DecryptOptions decryptOptions = new AesCbcDecryptOptions(iv);
+        DecryptOptions decryptOptions = DecryptOptions.createAesCbcOptions(EncryptionAlgorithm.A128CBC, cipherTextBytes)
+            .setIv(iv);
 
-        cryptographyAsyncClient.decrypt(EncryptionAlgorithm.A128CBC, cipherTextBytes, decryptOptions)
+        cryptographyAsyncClient.decrypt(decryptOptions)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
             .subscribe(decryptResult ->
                 System.out.printf("Received decrypted content of length %d\n", decryptResult.getPlainText().length));
-        // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions
+        // END: com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#DecryptOptions
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
index 0f3c99d25a4a9..81bad71313290 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
@@ -71,7 +71,7 @@ public void getKeySnippets() {
     /**
      * Generates a code sample for using {@link CryptographyClient#encrypt(EncryptionAlgorithm, byte[])},
      * {@link CryptographyClient#encrypt(EncryptionAlgorithm, byte[], Context)} and
-     * {@link CryptographyClient#encrypt(EncryptionAlgorithm, byte[], EncryptOptions, Context)}.
+     * {@link CryptographyClient#encrypt(EncryptOptions, Context)}.
      */
     public void encrypt() {
         CryptographyClient cryptographyClient = createClient();
@@ -99,7 +99,7 @@ public void encrypt() {
             encryptionResult.getCipherText().length, encryptionResult.getAlgorithm().toString());
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-Context
 
-        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions-Context
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptOptions-Context
         byte[] myPlainText = new byte[100];
 
         new Random(0x1234567L).nextBytes(myPlainText);
@@ -109,20 +109,20 @@ public void encrypt() {
             (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
 
-        EncryptOptions encryptOptions = new AesCbcEncryptOptions(iv);
+        EncryptOptions encryptOptions = EncryptOptions.createAesCbcOptions(EncryptionAlgorithm.A128CBC, myPlainText)
+            .setIv(iv);
 
-        EncryptResult encryptedResult = cryptographyClient.encrypt(EncryptionAlgorithm.A128CBC, myPlainText,
-            encryptOptions, new Context(key1, value1));
+        EncryptResult encryptedResult = cryptographyClient.encrypt(encryptOptions, new Context(key1, value1));
 
         System.out.printf("Received encrypted content of length %d with algorithm %s \n",
             encryptedResult.getCipherText().length, encryptedResult.getAlgorithm().toString());
-        // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions-Context
+        // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptOptions-Context
     }
 
     /**
      * Generates a code sample for using {@link CryptographyClient#decrypt(EncryptionAlgorithm, byte[])},
      * {@link CryptographyClient#decrypt(EncryptionAlgorithm, byte[], Context)} and
-     * {@link CryptographyClient#decrypt(EncryptionAlgorithm, byte[], DecryptOptions, Context)}.
+     * {@link CryptographyClient#decrypt(DecryptOptions, Context)}.
      */
     public void decrypt() {
         CryptographyClient cryptographyClient = createClient();
@@ -148,7 +148,7 @@ public void decrypt() {
         System.out.printf("Received decrypted content of length %d\n", decryptionResult.getPlainText().length);
         // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-Context
 
-        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions-Context
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#DecryptOptions-Context
         byte[] myCipherText = new byte[100];
 
         new Random(0x1234567L).nextBytes(myCipherText);
@@ -158,13 +158,13 @@ public void decrypt() {
             (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
 
-        DecryptOptions decryptOptions = new AesCbcDecryptOptions(iv);
+        DecryptOptions decryptOptions = DecryptOptions.createAesCbcOptions(EncryptionAlgorithm.A128CBC, myCipherText)
+            .setIv(iv);
 
-        DecryptResult decryptedResult = cryptographyClient.decrypt(EncryptionAlgorithm.A128CBC, myCipherText,
-            decryptOptions, new Context(key1, value1));
+        DecryptResult decryptedResult = cryptographyClient.decrypt(decryptOptions, new Context(key1, value1));
 
         System.out.printf("Received decrypted content of length %d\n", decryptedResult.getPlainText().length);
-        // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions-Context
+        // END: com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#DecryptOptions-Context
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClientJavaDocCodeSnippets.java
index 5413d14a7fb41..6c870639ffd5d 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClientJavaDocCodeSnippets.java
@@ -55,21 +55,22 @@ public void encrypt() {
                     encryptResult.getCipherText().length, encryptResult.getAlgorithm().toString()));
         // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte
 
-        // BEGIN: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.encrypt#EncryptOptions
         byte[] plainTextBytes = new byte[100];
         new Random(0x1234567L).nextBytes(plainTextBytes);
         byte[] iv = {
             (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
             (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
-        EncryptOptions encryptOptions = new AesCbcEncryptOptions(iv);
+        EncryptOptions encryptOptions = EncryptOptions.createAesCbcOptions(EncryptionAlgorithm.A128CBC, plainTextBytes)
+            .setIv(iv);
 
-        cryptographyAsyncClient.encrypt(EncryptionAlgorithm.A128CBC, plainTextBytes, encryptOptions)
+        cryptographyAsyncClient.encrypt(encryptOptions)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
             .subscribe(encryptResult ->
                 System.out.printf("Received encrypted content of length %d with algorithm %s \n",
                     encryptResult.getCipherText().length, encryptResult.getAlgorithm().toString()));
-        // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions
+        // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.encrypt#EncryptOptions
     }
 
     /**
@@ -87,20 +88,21 @@ public void decrypt() {
                 System.out.printf("Received decrypted content of length %d\n", decryptResult.getPlainText().length));
         // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte
 
-        // BEGIN: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.decrypt#DecryptOptions
         byte[] plainTextBytes = new byte[100];
         new Random(0x1234567L).nextBytes(plainTextBytes);
         byte[] iv = {
             (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
             (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
-        DecryptOptions decryptOptions = new AesCbcDecryptOptions(iv);
+        DecryptOptions decryptOptions = DecryptOptions.createAesCbcOptions(EncryptionAlgorithm.A128CBC, plainTextBytes)
+            .setIv(iv);
 
-        cryptographyAsyncClient.decrypt(EncryptionAlgorithm.A128CBC, plainTextBytes, decryptOptions)
+        cryptographyAsyncClient.decrypt(decryptOptions)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
             .subscribe(decryptResult ->
                 System.out.printf("Received decrypted content of length %d\n", decryptResult.getPlainText().length));
-        // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions
+        // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.decrypt#DecryptOptions
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientJavaDocCodeSnippets.java
index a47687559d1f5..8d4d12818f96c 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientJavaDocCodeSnippets.java
@@ -58,20 +58,20 @@ public void encrypt() {
             encryptResult.getCipherText().length, encryptResult.getAlgorithm().toString());
         // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.encrypt#EncryptionAlgorithm-byte
 
-        // BEGIN: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.encrypt#EncryptOptions
         byte[] plainTextBytes = new byte[100];
         new Random(0x1234567L).nextBytes(plainTextBytes);
         byte[] iv = {
             (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
             (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
-        EncryptOptions encryptOptions = new AesCbcEncryptOptions(iv);
-        EncryptResult encryptedResult = cryptographyClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plainTextBytes,
-            encryptOptions);
+        EncryptOptions encryptOptions = EncryptOptions.createAesCbcOptions(EncryptionAlgorithm.RSA_OAEP, plainTextBytes)
+            .setIv(iv);
+        EncryptResult encryptedResult = cryptographyClient.encrypt(encryptOptions);
 
         System.out.printf("Received encrypted content of length %d with algorithm %s \n",
             encryptedResult.getCipherText().length, encryptedResult.getAlgorithm().toString());
-        // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.encrypt#EncryptionAlgorithm-byte-EncryptOptions
+        // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.encrypt#EncryptOptions
     }
 
     /**
@@ -88,18 +88,18 @@ public void decrypt() {
         System.out.printf("Received decrypted content of length %d\n", decryptResult.getPlainText().length);
         // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.decrypt#EncryptionAlgorithm-byte
 
-        // BEGIN: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions
+        // BEGIN: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.decrypt#DecryptOptions
         byte[] encryptedBytes = new byte[100];
         byte[] iv = {
             (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
             (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
-        DecryptOptions decryptOptions = new AesCbcDecryptOptions(iv);
-        DecryptResult decryptedResult = cryptographyClient.decrypt(EncryptionAlgorithm.A128CBC, encryptedBytes,
-            decryptOptions);
+        DecryptOptions decryptOptions = DecryptOptions.createAesCbcOptions(EncryptionAlgorithm.A128CBC, encryptedBytes)
+            .setIv(iv);
+        DecryptResult decryptedResult = cryptographyClient.decrypt(decryptOptions);
 
         System.out.printf("Received decrypted content of length %d\n", decryptedResult.getPlainText().length);
-        // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.decrypt#EncryptionAlgorithm-byte-DecryptOptions
+        // END: com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.decrypt#DecryptOptions
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java
index c29cef3c56dca..fa6a8177e6ca0 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java
@@ -81,12 +81,13 @@ public void encryptDecryptRsa(HttpClient httpClient, CryptographyServiceVersion
                 byte[] plainText = new byte[100];
                 new Random(0x1234567L).nextBytes(plainText);
                 byte[] cipherText = cryptoClient.encrypt(algorithm, plainText).getCipherText();
-                byte[] decryptedText =
-                    serviceClient.decrypt(algorithm, cipherText, null, Context.NONE).block().getPlainText();
+                byte[] decryptedText = serviceClient.decrypt(new DecryptOptions(algorithm, cipherText), Context.NONE)
+                    .block().getPlainText();
 
                 assertArrayEquals(decryptedText, plainText);
 
-                cipherText = serviceClient.encrypt(algorithm, plainText, null, Context.NONE).block().getCipherText();
+                cipherText = serviceClient.encrypt(new EncryptOptions(algorithm, plainText), Context.NONE)
+                    .block().getCipherText();
                 decryptedText = cryptoClient.decrypt(algorithm, cipherText).getPlainText();
 
                 assertArrayEquals(decryptedText, plainText);
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java
index d5535637a6b3c..04070cadad586 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java
@@ -112,12 +112,13 @@ static void encryptDecryptAesCbc(int keySize, EncryptionAlgorithm algorithm) thr
         byte[] plaintext = "My16BitPlaintext".getBytes();
         byte[] iv = "My16BytesTestIv.".getBytes();
         LocalCryptographyClient localCryptographyClient = initializeCryptographyClient(getTestJsonWebKey(keySize));
-        EncryptOptions encryptOptions = new AesCbcEncryptOptions(iv);
+        EncryptOptions encryptOptions = EncryptOptions.createAesCbcOptions(algorithm, plaintext).setIv(iv);
         EncryptResult encryptResult =
-            localCryptographyClient.encrypt(algorithm, plaintext, encryptOptions);
-        DecryptOptions decryptOptions = new AesCbcDecryptOptions(iv);
+            localCryptographyClient.encrypt(encryptOptions);
+        DecryptOptions decryptOptions = DecryptOptions.createAesCbcOptions(algorithm, encryptResult.getCipherText())
+            .setIv(iv);
         DecryptResult decryptResult =
-            localCryptographyClient.decrypt(algorithm, encryptResult.getCipherText(), decryptOptions);
+            localCryptographyClient.decrypt(decryptOptions);
 
         assertArrayEquals(plaintext, decryptResult.getPlainText());
     }
@@ -126,16 +127,17 @@ static void encryptDecryptAesGcm(int keySize, EncryptionAlgorithm algorithm) thr
         byte[] plaintext = "My16BitPlaintext".getBytes();
         byte[] iv = "My12BytesIv.".getBytes();
         LocalCryptographyClient localCryptographyClient = initializeCryptographyClient(getTestJsonWebKey(keySize));
-        EncryptOptions encryptOptions = new AesGcmEncryptOptions(iv, null);
+        EncryptOptions encryptOptions = EncryptOptions.createAesGcmOptions(algorithm, plaintext, iv);
         EncryptResult encryptResult =
-            localCryptographyClient.encrypt(algorithm, plaintext, encryptOptions);
+            localCryptographyClient.encrypt(encryptOptions);
         byte[] authenticationTag = new byte[12];
 
         System.arraycopy(encryptResult.getCipherText(), 0, authenticationTag, 0, authenticationTag.length);
 
-        DecryptOptions decryptOptions = new AesGcmDecryptOptions(iv, null, authenticationTag);
+        DecryptOptions decryptOptions = DecryptOptions.createAesGcmOptions(algorithm, encryptResult.getCipherText(), iv)
+            .setAuthenticationTag(authenticationTag);
         DecryptResult decryptResult =
-            localCryptographyClient.decrypt(algorithm, encryptResult.getCipherText(), decryptOptions);
+            localCryptographyClient.decrypt(decryptOptions);
 
         assertArrayEquals(plaintext, decryptResult.getPlainText());
     }

From 8b937512b6060605f73c8980c6bb7e227e786f2c Mon Sep 17 00:00:00 2001
From: Victor Colin Amador <vicolina@microsoft.com>
Date: Thu, 12 Nov 2020 10:13:10 -0800
Subject: [PATCH 10/15] Fixed build issues.

---
 .../main/resources/spotbugs/spotbugs-exclude.xml    |  4 ++--
 .../keys/cryptography/CryptographyAsyncClient.java  |  6 ++++--
 .../keys/cryptography/CryptographyClient.java       |  8 +++++---
 .../cryptography/CryptographyServiceClient.java     |  2 ++
 .../keys/cryptography/EcKeyCryptographyClient.java  |  2 ++
 .../cryptography/LocalCryptographyAsyncClient.java  |  2 ++
 .../keys/cryptography/LocalCryptographyClient.java  |  2 ++
 .../cryptography/LocalKeyCryptographyClient.java    |  2 ++
 .../keys/cryptography/RsaKeyCryptographyClient.java |  4 +++-
 .../SymmetricKeyCryptographyClient.java             |  4 +++-
 .../{ => options}/AesCbcDecryptOptions.java         |  2 +-
 .../{ => options}/AesCbcEncryptOptions.java         |  2 +-
 .../{ => options}/AesGcmDecryptOptions.java         |  2 +-
 .../{ => options}/AesGcmEncryptOptions.java         |  2 +-
 .../cryptography/{ => options}/DecryptOptions.java  | 13 ++++++++++++-
 .../cryptography/{ => options}/EncryptOptions.java  | 13 ++++++++++++-
 .../keys/cryptography/options/package-info.java     |  8 ++++++++
 .../src/main/java/module-info.java                  |  1 +
 .../CryptographyAsyncClientJavaDocCodeSnippets.java |  2 ++
 .../CryptographyClientJavaDocCodeSnippets.java      |  2 ++
 ...lCryptographyAsyncClientJavaDocCodeSnippets.java |  2 ++
 .../LocalCryptographyClientJavaDocCodeSnippets.java |  2 ++
 .../keys/cryptography/CryptographyClientTest.java   | 10 ++++++----
 .../LocalCryptographyClientTestBase.java            |  2 ++
 24 files changed, 80 insertions(+), 19 deletions(-)
 rename sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/{ => options}/AesCbcDecryptOptions.java (95%)
 rename sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/{ => options}/AesCbcEncryptOptions.java (95%)
 rename sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/{ => options}/AesGcmDecryptOptions.java (97%)
 rename sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/{ => options}/AesGcmEncryptOptions.java (96%)
 rename sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/{ => options}/DecryptOptions.java (89%)
 rename sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/{ => options}/EncryptOptions.java (87%)
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/package-info.java

diff --git a/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml b/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml
index 9054faef8bcbd..a42685ce97a92 100755
--- a/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml
+++ b/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml
@@ -2418,8 +2418,8 @@
   <!-- Service accepts null byte arrays as input parameters -->
   <Match>
       <Or>
-          <Class name="com.azure.security.keyvault.keys.cryptography.DecryptOptions" />
-          <Class name="com.azure.security.keyvault.keys.cryptography.EncryptOptions" />
+          <Class name="com.azure.security.keyvault.keys.cryptography.options.DecryptOptions" />
+          <Class name="com.azure.security.keyvault.keys.cryptography.options.EncryptOptions" />
       </Or>
       <Bug pattern="PZLA_PREFER_ZERO_LENGTH_ARRAYS" />
   </Match>
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
index d0f5b21762c37..7d01e85960929 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
@@ -23,6 +23,8 @@
 import com.azure.security.keyvault.keys.cryptography.models.SignResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
+import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
+import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.KeyVaultKey;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import com.azure.security.keyvault.keys.models.KeyOperation;
@@ -223,7 +225,7 @@ Mono<JsonWebKey> getSecretKey() {
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
-        return encrypt(new EncryptOptions(algorithm, plaintext), null);
+        return encrypt(EncryptOptions.createOptions(algorithm, plaintext), null);
     }
 
     /**
@@ -315,7 +317,7 @@ Mono<EncryptResult> encrypt(EncryptOptions encryptOptions, Context context) {
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
-        return decrypt(new DecryptOptions(algorithm, cipherText));
+        return decrypt(DecryptOptions.createOptions(algorithm, cipherText));
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
index 3e4c77f000cc6..a62b5314ed4b1 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
@@ -18,6 +18,8 @@
 import com.azure.security.keyvault.keys.cryptography.models.SignResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
+import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
+import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.KeyVaultKey;
 
 
@@ -111,7 +113,7 @@ public Response<KeyVaultKey> getKeyWithResponse(Context context) {
      * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
      */
     public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Context context) {
-        return encrypt(new EncryptOptions(algorithm, plaintext), context);
+        return encrypt(EncryptOptions.createOptions(algorithm, plaintext), context);
     }
 
     /**
@@ -219,7 +221,7 @@ public EncryptResult encrypt(EncryptOptions encryptOptions, Context context) {
      * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
     public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, Context context) {
-        return decrypt(new DecryptOptions(algorithm, cipherText), context);
+        return decrypt(DecryptOptions.createOptions(algorithm, cipherText), context);
     }
 
     /**
@@ -254,7 +256,7 @@ public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, C
      * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
     public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
-        return decrypt(new DecryptOptions(algorithm, cipherText), Context.NONE);
+        return decrypt(DecryptOptions.createOptions(algorithm, cipherText), Context.NONE);
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
index c20507cd74afd..3e6c751f69e08 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
@@ -16,6 +16,8 @@
 import com.azure.security.keyvault.keys.cryptography.models.SignResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
+import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
+import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import com.azure.security.keyvault.keys.models.KeyOperation;
 import com.azure.security.keyvault.keys.models.KeyType;
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java
index 89a18684f3304..89ddd9dc7e1af 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java
@@ -13,6 +13,8 @@
 import com.azure.security.keyvault.keys.cryptography.models.SignResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
+import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
+import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import reactor.core.publisher.Mono;
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
index b8f174d1df5ef..060ae98a1b365 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
@@ -12,6 +12,8 @@
 import com.azure.security.keyvault.keys.cryptography.models.UnwrapResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
+import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
+import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import reactor.core.publisher.Mono;
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
index 0dc23643c0e34..3e6ec67a3d334 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
@@ -12,6 +12,8 @@
 import com.azure.security.keyvault.keys.cryptography.models.UnwrapResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
+import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
+import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 
 
 /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java
index 83ce109bf0e44..0de8b8259e08b 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java
@@ -12,6 +12,8 @@
 import com.azure.security.keyvault.keys.cryptography.models.SignResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
+import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
+import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import reactor.core.publisher.Mono;
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
index d39a9cb562fbc..719d0098db955 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
@@ -15,6 +15,8 @@
 import com.azure.security.keyvault.keys.cryptography.models.SignResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
+import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
+import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import reactor.core.publisher.Mono;
 
@@ -56,7 +58,7 @@ private KeyPair getKeyPair(JsonWebKey key) {
     Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context, JsonWebKey jsonWebKey) {
         Objects.requireNonNull(encryptOptions, "'encryptOptions' cannot be null.");
         Objects.requireNonNull(encryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
-        Objects.requireNonNull(encryptOptions.plainText, "Plain text content to be encrypted cannot be null.");
+        Objects.requireNonNull(encryptOptions.getPlainText(), "Plain text content to be encrypted cannot be null.");
 
         keyPair = getKeyPair(jsonWebKey);
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
index 37e542b69c3b5..f8fdb524165d3 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
@@ -14,6 +14,8 @@
 import com.azure.security.keyvault.keys.cryptography.models.SignatureAlgorithm;
 import com.azure.security.keyvault.keys.cryptography.models.SignResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
+import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
+import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import reactor.core.publisher.Mono;
 
@@ -51,7 +53,7 @@ private byte[] getKey(JsonWebKey key) {
     Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context, JsonWebKey jsonWebKey) {
         Objects.requireNonNull(encryptOptions, "'encryptOptions' cannot be null.");
         Objects.requireNonNull(encryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
-        Objects.requireNonNull(encryptOptions.plainText, "Plain text content to be encrypted cannot be null.");
+        Objects.requireNonNull(encryptOptions.getPlainText(), "Plain text content to be encrypted cannot be null.");
 
         this.key = getKey(jsonWebKey);
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcDecryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesCbcDecryptOptions.java
similarity index 95%
rename from sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcDecryptOptions.java
rename to sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesCbcDecryptOptions.java
index 53f88f977f3ad..81ac367530be4 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcDecryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesCbcDecryptOptions.java
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
-package com.azure.security.keyvault.keys.cryptography;
+package com.azure.security.keyvault.keys.cryptography.options;
 
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcEncryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesCbcEncryptOptions.java
similarity index 95%
rename from sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcEncryptOptions.java
rename to sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesCbcEncryptOptions.java
index bf75673d06df1..82dec9beda24d 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcEncryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesCbcEncryptOptions.java
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
-package com.azure.security.keyvault.keys.cryptography;
+package com.azure.security.keyvault.keys.cryptography.options;
 
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmDecryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesGcmDecryptOptions.java
similarity index 97%
rename from sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmDecryptOptions.java
rename to sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesGcmDecryptOptions.java
index 92dced7e0fcd3..003ab82fee95a 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmDecryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesGcmDecryptOptions.java
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
-package com.azure.security.keyvault.keys.cryptography;
+package com.azure.security.keyvault.keys.cryptography.options;
 
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmEncryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesGcmEncryptOptions.java
similarity index 96%
rename from sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmEncryptOptions.java
rename to sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesGcmEncryptOptions.java
index 7ea254f54224b..da62fa804706b 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcmEncryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesGcmEncryptOptions.java
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
-package com.azure.security.keyvault.keys.cryptography;
+package com.azure.security.keyvault.keys.cryptography.options;
 
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/DecryptOptions.java
similarity index 89%
rename from sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
rename to sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/DecryptOptions.java
index 37969353fe90a..1a8573efe236e 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/DecryptOptions.java
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
-package com.azure.security.keyvault.keys.cryptography;
+package com.azure.security.keyvault.keys.cryptography.options;
 
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
 
@@ -36,6 +36,17 @@ public class DecryptOptions {
      */
     byte[] authenticationTag;
 
+    /**
+     * Factory method to create an instance of {@link DecryptOptions} with the given parameters.
+     *
+     * @param algorithm The algorithm to be used for decryption.
+     * @param ciphertext The content to be decrypted.
+     * @return The {@link DecryptOptions}.
+     */
+    public static DecryptOptions createOptions(EncryptionAlgorithm algorithm, byte[] ciphertext) {
+        return new DecryptOptions(algorithm, ciphertext);
+    }
+
     /**
      * Factory method to create an instance of {@link AesCbcDecryptOptions} with the given parameters.
      *
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/EncryptOptions.java
similarity index 87%
rename from sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
rename to sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/EncryptOptions.java
index 6bba15997fb74..64db353a689ab 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/EncryptOptions.java
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
-package com.azure.security.keyvault.keys.cryptography;
+package com.azure.security.keyvault.keys.cryptography.options;
 
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
 
@@ -31,6 +31,17 @@ public class EncryptOptions {
      */
     byte[] additionalAuthenticatedData;
 
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters.
+     *
+     * @param algorithm The algorithm to be used for encryption.
+     * @param plaintext The content to be encryption.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createOptions(EncryptionAlgorithm algorithm, byte[] plaintext) {
+        return new EncryptOptions(algorithm, plaintext);
+    }
+
     /**
      * Factory method to create an instance of {@link AesCbcEncryptOptions} with the given parameters.
      *
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/package-info.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/package-info.java
new file mode 100644
index 0000000000000..a5f252b7b3e5c
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/package-info.java
@@ -0,0 +1,8 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+/**
+ * Package containing classes used for representing options for encryption, decryption, signing, verifying, key wrapping
+ * and unwrapping operations.
+ */
+package com.azure.security.keyvault.keys.cryptography.options;
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/module-info.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/module-info.java
index 35421e19f8e0f..03c02ebdfe946 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/module-info.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/module-info.java
@@ -9,6 +9,7 @@
     exports com.azure.security.keyvault.keys;
     exports com.azure.security.keyvault.keys.cryptography;
     exports com.azure.security.keyvault.keys.cryptography.models;
+    exports com.azure.security.keyvault.keys.cryptography.options;
     exports com.azure.security.keyvault.keys.models;
 
     opens com.azure.security.keyvault.keys to com.fasterxml.jackson.databind;
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
index 44ceb5cbbec62..bcaebac85c701 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
@@ -12,6 +12,8 @@
 import com.azure.core.http.policy.RetryPolicy;
 import com.azure.identity.DefaultAzureCredentialBuilder;
 import com.azure.security.keyvault.keys.KeyAsyncClient;
+import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
+import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.implementation.KeyVaultCredentialPolicy;
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
 import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
index 81bad71313290..aeef0b76dee4f 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
@@ -16,6 +16,8 @@
 import com.azure.security.keyvault.keys.cryptography.models.SignResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
+import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
+import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.KeyVaultKey;
 
 import java.security.MessageDigest;
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClientJavaDocCodeSnippets.java
index 6c870639ffd5d..8ebbd79e84c91 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClientJavaDocCodeSnippets.java
@@ -7,6 +7,8 @@
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
 import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
 import com.azure.security.keyvault.keys.cryptography.models.SignatureAlgorithm;
+import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
+import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 
 import java.security.MessageDigest;
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientJavaDocCodeSnippets.java
index 8d4d12818f96c..c16f6601a6066 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientJavaDocCodeSnippets.java
@@ -13,6 +13,8 @@
 import com.azure.security.keyvault.keys.cryptography.models.UnwrapResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
+import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
+import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 
 import java.security.MessageDigest;
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java
index fa6a8177e6ca0..eab49a0cce938 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java
@@ -12,6 +12,8 @@
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
 import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
 import com.azure.security.keyvault.keys.cryptography.models.SignatureAlgorithm;
+import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
+import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.KeyVaultKey;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import com.azure.security.keyvault.keys.models.KeyCurveName;
@@ -81,13 +83,13 @@ public void encryptDecryptRsa(HttpClient httpClient, CryptographyServiceVersion
                 byte[] plainText = new byte[100];
                 new Random(0x1234567L).nextBytes(plainText);
                 byte[] cipherText = cryptoClient.encrypt(algorithm, plainText).getCipherText();
-                byte[] decryptedText = serviceClient.decrypt(new DecryptOptions(algorithm, cipherText), Context.NONE)
-                    .block().getPlainText();
+                byte[] decryptedText = serviceClient.decrypt(DecryptOptions.createOptions(algorithm, cipherText),
+                    Context.NONE).block().getPlainText();
 
                 assertArrayEquals(decryptedText, plainText);
 
-                cipherText = serviceClient.encrypt(new EncryptOptions(algorithm, plainText), Context.NONE)
-                    .block().getCipherText();
+                cipherText = serviceClient.encrypt(EncryptOptions.createOptions(algorithm, plainText),
+                    Context.NONE).block().getCipherText();
                 decryptedText = cryptoClient.decrypt(algorithm, cipherText).getPlainText();
 
                 assertArrayEquals(decryptedText, plainText);
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java
index 04070cadad586..570d6af559d6f 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java
@@ -8,6 +8,8 @@
 import com.azure.security.keyvault.keys.cryptography.models.DecryptResult;
 import com.azure.security.keyvault.keys.cryptography.models.EncryptResult;
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
+import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
+import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import com.azure.security.keyvault.keys.models.KeyOperation;
 import org.junit.jupiter.api.Test;

From b1f1511b8176ae42a6b0d138da8062da0027609d Mon Sep 17 00:00:00 2001
From: Victor Colin Amador <vicolina@microsoft.com>
Date: Thu, 12 Nov 2020 13:44:53 -0800
Subject: [PATCH 11/15] Changed EncryptOptions and DecryptOptions to use a
 factory model.

---
 .../resources/spotbugs/spotbugs-exclude.xml   |   4 +-
 .../cryptography/CryptographyAsyncClient.java |   6 +-
 .../keys/cryptography/CryptographyClient.java |   8 +-
 .../CryptographyServiceClient.java            |   2 -
 .../keys/cryptography/DecryptOptions.java     | 296 ++++++++++++++++
 .../cryptography/EcKeyCryptographyClient.java |   2 -
 .../keys/cryptography/EncryptOptions.java     | 330 ++++++++++++++++++
 .../LocalCryptographyAsyncClient.java         |   2 -
 .../cryptography/LocalCryptographyClient.java |   2 -
 .../LocalKeyCryptographyClient.java           |   2 -
 .../RsaKeyCryptographyClient.java             |   2 -
 .../SymmetricKeyCryptographyClient.java       |   2 -
 .../options/AesCbcDecryptOptions.java         |  39 ---
 .../options/AesCbcEncryptOptions.java         |  39 ---
 .../options/AesGcmDecryptOptions.java         |  65 ----
 .../options/AesGcmEncryptOptions.java         |  47 ---
 .../cryptography/options/DecryptOptions.java  | 148 --------
 .../cryptography/options/EncryptOptions.java  | 130 -------
 .../cryptography/options/package-info.java    |   8 -
 .../src/main/java/module-info.java            |   1 -
 ...ographyAsyncClientJavaDocCodeSnippets.java |  10 +-
 ...CryptographyClientJavaDocCodeSnippets.java |  12 +-
 ...ographyAsyncClientJavaDocCodeSnippets.java |   8 +-
 ...CryptographyClientJavaDocCodeSnippets.java |   8 +-
 .../cryptography/CryptographyClientTest.java  |  10 +-
 .../LocalCryptographyClientTestBase.java      |  13 +-
 26 files changed, 650 insertions(+), 546 deletions(-)
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
 create mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
 delete mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesCbcDecryptOptions.java
 delete mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesCbcEncryptOptions.java
 delete mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesGcmDecryptOptions.java
 delete mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesGcmEncryptOptions.java
 delete mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/DecryptOptions.java
 delete mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/EncryptOptions.java
 delete mode 100644 sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/package-info.java

diff --git a/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml b/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml
index a42685ce97a92..9054faef8bcbd 100755
--- a/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml
+++ b/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml
@@ -2418,8 +2418,8 @@
   <!-- Service accepts null byte arrays as input parameters -->
   <Match>
       <Or>
-          <Class name="com.azure.security.keyvault.keys.cryptography.options.DecryptOptions" />
-          <Class name="com.azure.security.keyvault.keys.cryptography.options.EncryptOptions" />
+          <Class name="com.azure.security.keyvault.keys.cryptography.DecryptOptions" />
+          <Class name="com.azure.security.keyvault.keys.cryptography.EncryptOptions" />
       </Or>
       <Bug pattern="PZLA_PREFER_ZERO_LENGTH_ARRAYS" />
   </Match>
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
index 7d01e85960929..f2e39b9067911 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
@@ -23,8 +23,6 @@
 import com.azure.security.keyvault.keys.cryptography.models.SignResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
-import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
-import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.KeyVaultKey;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import com.azure.security.keyvault.keys.models.KeyOperation;
@@ -225,7 +223,7 @@ Mono<JsonWebKey> getSecretKey() {
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
-        return encrypt(EncryptOptions.createOptions(algorithm, plaintext), null);
+        return encrypt(new EncryptOptions(algorithm, plaintext, null, null), null);
     }
 
     /**
@@ -317,7 +315,7 @@ Mono<EncryptResult> encrypt(EncryptOptions encryptOptions, Context context) {
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
-        return decrypt(DecryptOptions.createOptions(algorithm, cipherText));
+        return decrypt(new DecryptOptions(algorithm, cipherText, null, null, null));
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
index a62b5314ed4b1..a9d9429541085 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
@@ -18,8 +18,6 @@
 import com.azure.security.keyvault.keys.cryptography.models.SignResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
-import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
-import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.KeyVaultKey;
 
 
@@ -113,7 +111,7 @@ public Response<KeyVaultKey> getKeyWithResponse(Context context) {
      * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
      */
     public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Context context) {
-        return encrypt(EncryptOptions.createOptions(algorithm, plaintext), context);
+        return encrypt(new EncryptOptions(algorithm, plaintext, null, null), context);
     }
 
     /**
@@ -221,7 +219,7 @@ public EncryptResult encrypt(EncryptOptions encryptOptions, Context context) {
      * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
     public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, Context context) {
-        return decrypt(DecryptOptions.createOptions(algorithm, cipherText), context);
+        return decrypt(new DecryptOptions(algorithm, cipherText, null, null, null), context);
     }
 
     /**
@@ -256,7 +254,7 @@ public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, C
      * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
     public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
-        return decrypt(DecryptOptions.createOptions(algorithm, cipherText), Context.NONE);
+        return decrypt(new DecryptOptions(algorithm, cipherText, null, null, null), Context.NONE);
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
index 3e6c751f69e08..c20507cd74afd 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
@@ -16,8 +16,6 @@
 import com.azure.security.keyvault.keys.cryptography.models.SignResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
-import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
-import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import com.azure.security.keyvault.keys.models.KeyOperation;
 import com.azure.security.keyvault.keys.models.KeyType;
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
new file mode 100644
index 0000000000000..68e66d84b7896
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
@@ -0,0 +1,296 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
+
+import java.util.Objects;
+
+/**
+ * A class containing various configuration parameters that can be applied when performing decryption operations.
+ */
+public class DecryptOptions {
+    /**
+     * The algorithm to be used for decryption.
+     */
+    private final EncryptionAlgorithm algorithm;
+
+    /**
+     * The content to be decrypted.
+     */
+    private final byte[] cipherText;
+
+    /**
+     * Initialization vector to be used in the decryption operation using a symmetric algorithm.
+     */
+    private final byte[] iv;
+
+    /**
+     * Get additional data to authenticate when performing decryption with an authenticated algorithm.
+     */
+    private final byte[] additionalAuthenticatedData;
+
+    /**
+     * The tag to authenticate when performing decryption with an authenticated algorithm.
+     */
+    private final byte[] authenticationTag;
+
+    /**
+     * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A128CBC}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @return The {@link DecryptOptions}.
+     */
+    public static DecryptOptions createAes128CbcOptions(byte[] plainText, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A128CBC, plainText, iv, null, null);
+    }
+    /**
+     * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A128CBCPAD}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @return The {@link DecryptOptions}.
+     */
+    public static DecryptOptions createAes128CbcPadOptions(byte[] plainText, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A128CBCPAD, plainText, iv, null, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A128GCM}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @param authenticationTag The tag to authenticate when performing decryption.
+     * @return The {@link DecryptOptions}.
+     */
+    public static DecryptOptions createAes128GcmOptions(byte[] plainText, byte[] iv, byte[] authenticationTag) {
+        return createAes128GcmOptions(plainText, iv, authenticationTag, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A128GCM}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @param authenticationTag The tag to authenticate when performing decryption.
+     * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
+     * @return The {@link DecryptOptions}.
+     */
+    public static DecryptOptions createAes128GcmOptions(byte[] plainText, byte[] iv, byte[] authenticationTag,
+                                                        byte[] additionalAuthenticatedData) {
+        return new DecryptOptions(EncryptionAlgorithm.A128GCM, plainText, iv, authenticationTag,
+            additionalAuthenticatedData);
+    }
+
+    /**
+     * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A192CBC}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @return The {@link DecryptOptions}.
+     */
+    public static DecryptOptions createAes192CbcOptions(byte[] plainText, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A192CBC, plainText, iv, null, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A192CBCPAD}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @return The {@link DecryptOptions}.
+     */
+    public static DecryptOptions createAes192CbcPadOptions(byte[] plainText, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A192CBCPAD, plainText, iv, null, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A192GCM}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @param authenticationTag The tag to authenticate when performing decryption.
+     * @return The {@link DecryptOptions}.
+     */
+    public static DecryptOptions createAes192GcmOptions(byte[] plainText, byte[] iv, byte[] authenticationTag) {
+        return createAes192GcmOptions(plainText, iv, authenticationTag, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A192GCM}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @param authenticationTag The tag to authenticate when performing decryption.
+     * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
+     * @return The {@link DecryptOptions}.
+     */
+    public static DecryptOptions createAes192GcmOptions(byte[] plainText, byte[] iv, byte[] authenticationTag,
+                                                        byte[] additionalAuthenticatedData) {
+        return new DecryptOptions(EncryptionAlgorithm.A192GCM, plainText, iv, authenticationTag,
+            additionalAuthenticatedData);
+    }
+    /**
+     * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A256CBC}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @return The {@link DecryptOptions}.
+     */
+    public static DecryptOptions createAes256CbcOptions(byte[] plainText, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A256CBC, plainText, iv, null, null);
+    }
+    /**
+     * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A256CBCPAD}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @return The {@link DecryptOptions}.
+     */
+    public static DecryptOptions createAes256CbcPadOptions(byte[] plainText, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A256CBCPAD, plainText, iv, null, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A256GCM}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @param authenticationTag The tag to authenticate when performing decryption.
+     * @return The {@link DecryptOptions}.
+     */
+    public static DecryptOptions createAes256GcmOptions(byte[] plainText, byte[] iv, byte[] authenticationTag) {
+        return createAes256GcmOptions(plainText, iv, authenticationTag, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A256GCM}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @param authenticationTag The tag to authenticate when performing decryption.
+     * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
+     * @return The {@link DecryptOptions}.
+     */
+    public static DecryptOptions createAes256GcmOptions(byte[] plainText, byte[] iv, byte[] authenticationTag,
+                                                        byte[] additionalAuthenticatedData) {
+        return new DecryptOptions(EncryptionAlgorithm.A256GCM, plainText, iv, authenticationTag,
+            additionalAuthenticatedData);
+    }
+
+    /**
+     * Creates an instance of {@link DecryptOptions} with the given parameters.
+     *
+     * @param algorithm The algorithm to be used for decryption.
+     * @param cipherText The content to be decrypted.
+     * @param iv Initialization vector for the encryption operation.
+     * @param authenticationTag The tag to authenticate when performing decryption.
+     * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
+     */
+    DecryptOptions(EncryptionAlgorithm algorithm, byte[] cipherText, byte[] iv, byte[] authenticationTag,
+                           byte[] additionalAuthenticatedData) {
+        Objects.requireNonNull(cipherText, "'cipherText' cannot be null");
+
+        this.algorithm = algorithm;
+        this.cipherText = new byte[cipherText.length];
+        System.arraycopy(cipherText, 0, this.cipherText, 0, cipherText.length);
+
+        if (iv == null) {
+            this.iv = null;
+        } else {
+            this.iv = new byte[iv.length];
+            System.arraycopy(iv, 0, this.iv, 0, iv.length);
+        }
+
+        if (additionalAuthenticatedData == null) {
+            this.additionalAuthenticatedData = null;
+        } else {
+            this.additionalAuthenticatedData = new byte[additionalAuthenticatedData.length];
+            System.arraycopy(additionalAuthenticatedData, 0, this.additionalAuthenticatedData, 0,
+                additionalAuthenticatedData.length);
+        }
+
+        if (authenticationTag == null) {
+            this.authenticationTag = null;
+        } else {
+            this.authenticationTag = new byte[authenticationTag.length];
+            System.arraycopy(authenticationTag, 0, this.authenticationTag, 0,
+                authenticationTag.length);
+        }
+    }
+
+    /**
+     * The algorithm to be used for encryption.
+     *
+     * @return The algorithm to be used for encryption.
+     */
+    public EncryptionAlgorithm getAlgorithm() {
+        return algorithm;
+    }
+
+    /**
+     * Get the content to be encrypted.
+     *
+     * @return The content to be encrypted.
+     */
+    public byte[] getCipherText() {
+        if (cipherText == null) {
+            return null;
+        } else {
+            return cipherText.clone();
+        }
+    }
+
+    /**
+     * Get the initialization vector to be used in the decryption operation using a symmetric algorithm.
+     *
+     * @return The initialization vector.
+     */
+    public byte[] getIv() {
+        if (iv == null) {
+            return null;
+        } else {
+            return iv.clone();
+        }
+    }
+
+    /**
+     * Get additional data to authenticate when performing decryption with an authenticated algorithm.
+     *
+     * @return The additional authenticated data.
+     */
+    public byte[] getAdditionalAuthenticatedData() {
+        if (additionalAuthenticatedData == null) {
+            return null;
+        } else {
+            return additionalAuthenticatedData.clone();
+        }
+    }
+
+    /**
+     * Get the tag to authenticate when performing decryption with an authenticated algorithm.
+     *
+     * @return The authentication tag.
+     */
+    public byte[] getAuthenticationTag() {
+        if (authenticationTag == null) {
+            return null;
+        } else {
+            return authenticationTag.clone();
+        }
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java
index 89ddd9dc7e1af..89a18684f3304 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EcKeyCryptographyClient.java
@@ -13,8 +13,6 @@
 import com.azure.security.keyvault.keys.cryptography.models.SignResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
-import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
-import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import reactor.core.publisher.Mono;
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
new file mode 100644
index 0000000000000..560e3470b6db1
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
@@ -0,0 +1,330 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.security.keyvault.keys.cryptography;
+
+import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
+
+import java.util.Objects;
+
+/**
+ * A class containing various configuration parameters that can be applied when performing encryption operations.
+ */
+public class EncryptOptions {
+    /**
+     * The algorithm to be used for encryption.
+     */
+    private final EncryptionAlgorithm algorithm;
+
+    /**
+     * The content to be encrypted.
+     */
+    private final byte[] plainText;
+
+    /**
+     * Initialization vector to be used in the encryption operation using a symmetric algorithm.
+     */
+    private final byte[] iv;
+
+    /**
+     * Get additional data to authenticate when performing encryption with an authenticated algorithm.
+     */
+    private final byte[] additionalAuthenticatedData;
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A128CBC}.
+     *
+     * @param plainText The content to be encryption.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes128CbcOptions(byte[] plainText) {
+        return createAes128CbcOptions(plainText, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A128CBC}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes128CbcOptions(byte[] plainText, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A128CBC, plainText, iv, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A128CBCPAD}.
+     *
+     * @param plainText The content to be encryption.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes128CbcPadOptions(byte[] plainText) {
+        return createAes128CbcPadOptions(plainText, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A128CBCPAD}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes128CbcPadOptions(byte[] plainText, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A128CBCPAD, plainText, iv, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A128GCM}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes128GcmOptions(byte[] plainText, byte[] iv) {
+        return createAes128GcmOptions(plainText, iv, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A128GCM}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes128GcmOptions(byte[] plainText, byte[] iv,
+                                                        byte[] additionalAuthenticatedData) {
+        return new EncryptOptions(EncryptionAlgorithm.A128GCM, plainText, iv, additionalAuthenticatedData);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A192CBC}.
+     *
+     * @param plainText The content to be encryption.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes192CbcOptions(byte[] plainText) {
+        return createAes192CbcOptions(plainText, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A192CBC}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes192CbcOptions(byte[] plainText, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A192CBC, plainText, iv, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A192CBCPAD}.
+     *
+     * @param plainText The content to be encryption.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes192CbcPadOptions(byte[] plainText) {
+        return createAes192CbcPadOptions(plainText, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A192CBCPAD}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes192CbcPadOptions(byte[] plainText, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A192CBCPAD, plainText, iv, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A192GCM}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes192GcmOptions(byte[] plainText, byte[] iv) {
+        return createAes192GcmOptions(plainText, iv, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A192GCM}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes192GcmOptions(byte[] plainText, byte[] iv,
+                                                        byte[] additionalAuthenticatedData) {
+        return new EncryptOptions(EncryptionAlgorithm.A192GCM, plainText, iv, additionalAuthenticatedData);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A256CBC}.
+     *
+     * @param plainText The content to be encryption.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes256CbcOptions(byte[] plainText) {
+        return createAes256CbcOptions(plainText, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A256CBC}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes256CbcOptions(byte[] plainText, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A256CBC, plainText, iv, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A256CBCPAD}.
+     *
+     * @param plainText The content to be encryption.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes256CbcPadOptions(byte[] plainText) {
+        return createAes256CbcPadOptions(plainText, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A256CBCPAD}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes256CbcPadOptions(byte[] plainText, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A256CBCPAD, plainText, iv, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A256GCM}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes256GcmOptions(byte[] plainText, byte[] iv) {
+        return createAes256GcmOptions(plainText, iv, null);
+    }
+
+    /**
+     * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
+     * {@link EncryptionAlgorithm#A256GCM}.
+     *
+     * @param plainText The content to be encryption.
+     * @param iv Initialization vector for the encryption operation.
+     * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
+     * @return The {@link EncryptOptions}.
+     */
+    public static EncryptOptions createAes256GcmOptions(byte[] plainText, byte[] iv,
+                                                        byte[] additionalAuthenticatedData) {
+        return new EncryptOptions(EncryptionAlgorithm.A256GCM, plainText, iv, additionalAuthenticatedData);
+    }
+
+    /**
+     * Creates an instance of {@link EncryptOptions} with the given parameters.
+     *
+     * @param algorithm The algorithm to be used for encryption.
+     * @param plainText The content to be encrypted.
+     * @param iv Initialization vector for the encryption operation.
+     * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
+     */
+    EncryptOptions(EncryptionAlgorithm algorithm, byte[] plainText, byte[] iv,
+                           byte[] additionalAuthenticatedData) {
+        Objects.requireNonNull(plainText, "'plaintext' cannot be null");
+
+        this.algorithm = algorithm;
+        this.plainText = new byte[plainText.length];
+
+        System.arraycopy(plainText, 0, this.plainText, 0, plainText.length);
+
+        if (iv == null) {
+            this.iv = null;
+        } else {
+            this.iv = new byte[iv.length];
+            System.arraycopy(iv, 0, this.iv, 0, iv.length);
+        }
+
+        if (additionalAuthenticatedData == null) {
+            this.additionalAuthenticatedData = null;
+        } else {
+            this.additionalAuthenticatedData = new byte[additionalAuthenticatedData.length];
+            System.arraycopy(additionalAuthenticatedData, 0, this.additionalAuthenticatedData, 0,
+                additionalAuthenticatedData.length);
+        }
+    }
+
+    /**
+     * The algorithm to be used for encryption.
+     *
+     * @return The algorithm to be used for encryption.
+     */
+    public EncryptionAlgorithm getAlgorithm() {
+        return algorithm;
+    }
+
+    /**
+     * Get the content to be encrypted.
+     *
+     * @return The content to be encrypted.
+     */
+    public byte[] getPlainText() {
+        if (plainText == null) {
+            return null;
+        } else {
+            return plainText.clone();
+        }
+    }
+
+    /**
+     * Get the initialization vector to be used in the encryption operation using a symmetric algorithm.
+     *
+     * @return The initialization vector.
+     */
+    public byte[] getIv() {
+        if (iv == null) {
+            return null;
+        } else {
+            return iv.clone();
+        }
+    }
+
+    /**
+     * Get additional data to authenticate when performing encryption with an authenticated algorithm.
+     *
+     * @return The additional authenticated data.
+     */
+    public byte[] getAdditionalAuthenticatedData() {
+        if (additionalAuthenticatedData == null) {
+            return null;
+        } else {
+            return additionalAuthenticatedData.clone();
+        }
+    }
+}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
index 060ae98a1b365..b8f174d1df5ef 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
@@ -12,8 +12,6 @@
 import com.azure.security.keyvault.keys.cryptography.models.UnwrapResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
-import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
-import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import reactor.core.publisher.Mono;
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
index 3e6ec67a3d334..0dc23643c0e34 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
@@ -12,8 +12,6 @@
 import com.azure.security.keyvault.keys.cryptography.models.UnwrapResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
-import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
-import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 
 
 /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java
index 0de8b8259e08b..83ce109bf0e44 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalKeyCryptographyClient.java
@@ -12,8 +12,6 @@
 import com.azure.security.keyvault.keys.cryptography.models.SignResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
-import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
-import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import reactor.core.publisher.Mono;
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
index 719d0098db955..e6a3d34ee6cbf 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
@@ -15,8 +15,6 @@
 import com.azure.security.keyvault.keys.cryptography.models.SignResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
-import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
-import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import reactor.core.publisher.Mono;
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
index f8fdb524165d3..5879183b4126d 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
@@ -14,8 +14,6 @@
 import com.azure.security.keyvault.keys.cryptography.models.SignatureAlgorithm;
 import com.azure.security.keyvault.keys.cryptography.models.SignResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
-import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
-import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import reactor.core.publisher.Mono;
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesCbcDecryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesCbcDecryptOptions.java
deleted file mode 100644
index 81ac367530be4..0000000000000
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesCbcDecryptOptions.java
+++ /dev/null
@@ -1,39 +0,0 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License.
-
-package com.azure.security.keyvault.keys.cryptography.options;
-
-import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
-
-/**
- * A class containing configuration parameters that can be applied when decrypting AES-CBC keys with and without
- * padding.
- */
-public class AesCbcDecryptOptions extends DecryptOptions {
-    /**
-     * Creates an instance of {@link AesCbcDecryptOptions} with the given parameters.
-     *
-     * @param algorithm The algorithm to be used for decryption.
-     * @param ciphertext The content to be decrypted.
-     */
-    AesCbcDecryptOptions(EncryptionAlgorithm algorithm, byte[] ciphertext) {
-        super(algorithm, ciphertext);
-    }
-
-    /**
-     * Set the given initialization vector to be used in this decryption operation.
-     *
-     * @param iv Initialization vector for the decryption operation.
-     * @return The updated {@link AesCbcDecryptOptions} object.
-     */
-    public AesCbcDecryptOptions setIv(byte[] iv) {
-        if (iv == null) {
-            this.iv = null;
-        } else {
-            this.iv = new byte[iv.length];
-            System.arraycopy(iv, 0, this.iv, 0, iv.length);
-        }
-
-        return this;
-    }
-}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesCbcEncryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesCbcEncryptOptions.java
deleted file mode 100644
index 82dec9beda24d..0000000000000
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesCbcEncryptOptions.java
+++ /dev/null
@@ -1,39 +0,0 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License.
-
-package com.azure.security.keyvault.keys.cryptography.options;
-
-import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
-
-/**
- * A class containing configuration parameters that can be applied when encrypting AES-CBC keys with and without
- * padding.
- */
-public class AesCbcEncryptOptions extends EncryptOptions {
-    /**
-     * Creates an instance of {@link AesCbcEncryptOptions} with the given parameters.
-     *
-     * @param algorithm The algorithm to be used for encryption.
-     * @param plaintext The content to be encrypted.
-     */
-    AesCbcEncryptOptions(EncryptionAlgorithm algorithm, byte[] plaintext) {
-        super(algorithm, plaintext);
-    }
-
-    /**
-     * Set the given initialization vector to be used in this encryption operation.
-     *
-     * @param iv Initialization vector for the encryption operation.
-     * @return The updated {@link AesCbcEncryptOptions} object.
-     */
-    public AesCbcEncryptOptions setIv(byte[] iv) {
-        if (iv == null) {
-            this.iv = null;
-        } else {
-            this.iv = new byte[iv.length];
-            System.arraycopy(iv, 0, this.iv, 0, iv.length);
-        }
-
-        return this;
-    }
-}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesGcmDecryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesGcmDecryptOptions.java
deleted file mode 100644
index 003ab82fee95a..0000000000000
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesGcmDecryptOptions.java
+++ /dev/null
@@ -1,65 +0,0 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License.
-
-package com.azure.security.keyvault.keys.cryptography.options;
-
-import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
-
-/**
- * A class containing configuration parameters that can be applied when decrypting AES-GCM keys.
- */
-public class AesGcmDecryptOptions extends DecryptOptions {
-    /**
-     * Creates an instance of {@link AesGcmDecryptOptions} with the given parameters.
-     *
-     * @param algorithm The algorithm to be used for decryption.
-     * @param ciphertext The content to be decrypted.
-     * @param iv Initialization vector for the decryption operation.
-     */
-    AesGcmDecryptOptions(EncryptionAlgorithm algorithm, byte[] ciphertext, byte[] iv) {
-        super(algorithm, ciphertext);
-
-        if (iv == null) {
-            this.iv = null;
-        } else {
-            this.iv = new byte[iv.length];
-            System.arraycopy(iv, 0, this.iv, 0, iv.length);
-        }
-    }
-
-    /**
-     * Set additional data to authenticate when using authenticated crypto algorithms.
-     *
-     * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
-     * @return The updated {@link AesGcmDecryptOptions} object.
-     */
-    public AesGcmDecryptOptions setAdditionalAuthenticatedData(byte[] additionalAuthenticatedData) {
-        if (additionalAuthenticatedData == null) {
-            this.additionalAuthenticatedData = null;
-        } else {
-            this.additionalAuthenticatedData = new byte[additionalAuthenticatedData.length];
-            System.arraycopy(additionalAuthenticatedData, 0, this.additionalAuthenticatedData, 0,
-                additionalAuthenticatedData.length);
-        }
-
-        return this;
-    }
-
-    /**
-     * Set the tag to authenticate when performing decryption.
-     *
-     * @param authenticationTag The tag to authenticate when performing decryption.
-     * @return The updated {@link AesGcmDecryptOptions} object.
-     */
-    public AesGcmDecryptOptions setAuthenticationTag(byte[] authenticationTag) {
-        if (authenticationTag == null) {
-            this.authenticationTag = null;
-        } else {
-            this.authenticationTag = new byte[authenticationTag.length];
-            System.arraycopy(authenticationTag, 0, this.authenticationTag, 0,
-                authenticationTag.length);
-        }
-
-        return this;
-    }
-}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesGcmEncryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesGcmEncryptOptions.java
deleted file mode 100644
index da62fa804706b..0000000000000
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/AesGcmEncryptOptions.java
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License.
-
-package com.azure.security.keyvault.keys.cryptography.options;
-
-import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
-
-/**
- * A class containing configuration parameters that can be applied when encrypting AES-GCM keys.
- */
-public class AesGcmEncryptOptions extends EncryptOptions {
-    /**
-     * Creates an instance of {@link AesGcmEncryptOptions} with the given parameters.
-     *
-     * @param algorithm The algorithm to be used for encryption.
-     * @param ciphertext The content to be encrypted.
-     * @param iv Initialization vector for the encryption operation.
-     */
-    AesGcmEncryptOptions(EncryptionAlgorithm algorithm, byte[] ciphertext, byte[] iv) {
-        super(algorithm, ciphertext);
-
-        if (iv == null) {
-            this.iv = null;
-        } else {
-            this.iv = new byte[iv.length];
-            System.arraycopy(iv, 0, this.iv, 0, iv.length);
-        }
-    }
-
-    /**
-     * Set additional data to authenticate when using authenticated crypto algorithms.
-     *
-     * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
-     * @return The updated {@link AesGcmEncryptOptions} object.
-     */
-    public AesGcmEncryptOptions setAdditionalAuthenticatedData(byte[] additionalAuthenticatedData) {
-        if (additionalAuthenticatedData == null) {
-            this.additionalAuthenticatedData = null;
-        } else {
-            this.additionalAuthenticatedData = new byte[additionalAuthenticatedData.length];
-            System.arraycopy(additionalAuthenticatedData, 0, this.additionalAuthenticatedData, 0,
-                additionalAuthenticatedData.length);
-        }
-
-        return this;
-    }
-}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/DecryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/DecryptOptions.java
deleted file mode 100644
index 1a8573efe236e..0000000000000
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/DecryptOptions.java
+++ /dev/null
@@ -1,148 +0,0 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License.
-
-package com.azure.security.keyvault.keys.cryptography.options;
-
-import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
-
-import java.util.Objects;
-
-/**
- * A class containing various configuration parameters that can be applied when performing decryption operations.
- */
-public class DecryptOptions {
-    /**
-     * The algorithm to be used for decryption.
-     */
-    final EncryptionAlgorithm algorithm;
-
-    /**
-     * The content to be decrypted.
-     */
-    final byte[] cipherText;
-
-    /**
-     * Initialization vector to be used in the decryption operation using a symmetric algorithm.
-     */
-    byte[] iv;
-
-    /**
-     * Get additional data to authenticate when performing decryption with an authenticated algorithm.
-     */
-    byte[] additionalAuthenticatedData;
-
-    /**
-     * The tag to authenticate when performing decryption with an authenticated algorithm.
-     */
-    byte[] authenticationTag;
-
-    /**
-     * Factory method to create an instance of {@link DecryptOptions} with the given parameters.
-     *
-     * @param algorithm The algorithm to be used for decryption.
-     * @param ciphertext The content to be decrypted.
-     * @return The {@link DecryptOptions}.
-     */
-    public static DecryptOptions createOptions(EncryptionAlgorithm algorithm, byte[] ciphertext) {
-        return new DecryptOptions(algorithm, ciphertext);
-    }
-
-    /**
-     * Factory method to create an instance of {@link AesCbcDecryptOptions} with the given parameters.
-     *
-     * @param algorithm The algorithm to be used for decryption.
-     * @param ciphertext The content to be decrypted.
-     * @return The {@link AesCbcDecryptOptions}.
-     */
-    public static AesCbcDecryptOptions createAesCbcOptions(EncryptionAlgorithm algorithm, byte[] ciphertext) {
-        return new AesCbcDecryptOptions(algorithm, ciphertext);
-    }
-
-    /**
-     * Factory method to create an instance of {@link AesGcmDecryptOptions} with the given parameters.
-     *
-     * @param algorithm The algorithm to be used for decryption.
-     * @param ciphertext The content to be decrypted.
-     * @param iv Initialization vector for the decryption operation.
-     * @return The {@link AesGcmDecryptOptions}.
-     */
-    public static AesGcmDecryptOptions createAesGcmOptions(EncryptionAlgorithm algorithm, byte[] ciphertext, byte[] iv) {
-        return new AesGcmDecryptOptions(algorithm, ciphertext, iv);
-    }
-
-    /**
-     * Creates an instance of {@link DecryptOptions} with the given parameters.
-     *
-     * @param algorithm The algorithm to be used for decryption.
-     * @param cipherText The content to be decrypted.
-     */
-    DecryptOptions(EncryptionAlgorithm algorithm, byte[] cipherText) {
-        Objects.requireNonNull(algorithm, "'algorithm cannot be null'");
-        Objects.requireNonNull(cipherText, "'ciphertext' cannot be null");
-
-        this.algorithm = algorithm;
-        this.cipherText = new byte[cipherText.length];
-        System.arraycopy(cipherText, 0, this.cipherText, 0, cipherText.length);
-    }
-
-    /**
-     * The algorithm to be used for encryption.
-     *
-     * @return The algorithm to be used for encryption.
-     */
-    public EncryptionAlgorithm getAlgorithm() {
-        return algorithm;
-    }
-
-    /**
-     * Get the content to be encrypted.
-     *
-     * @return The content to be encrypted.
-     */
-    public byte[] getCipherText() {
-        if (cipherText == null) {
-            return null;
-        } else {
-            return cipherText.clone();
-        }
-    }
-
-    /**
-     * Get the initialization vector to be used in the decryption operation using a symmetric algorithm.
-     *
-     * @return The initialization vector.
-     */
-    public byte[] getIv() {
-        if (iv == null) {
-            return null;
-        } else {
-            return iv.clone();
-        }
-    }
-
-    /**
-     * Get additional data to authenticate when performing decryption with an authenticated algorithm.
-     *
-     * @return The additional authenticated data.
-     */
-    public byte[] getAdditionalAuthenticatedData() {
-        if (additionalAuthenticatedData == null) {
-            return null;
-        } else {
-            return additionalAuthenticatedData.clone();
-        }
-    }
-
-    /**
-     * Get the tag to authenticate when performing decryption with an authenticated algorithm.
-     *
-     * @return The authentication tag.
-     */
-    public byte[] getAuthenticationTag() {
-        if (authenticationTag == null) {
-            return null;
-        } else {
-            return authenticationTag.clone();
-        }
-    }
-}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/EncryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/EncryptOptions.java
deleted file mode 100644
index 64db353a689ab..0000000000000
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/EncryptOptions.java
+++ /dev/null
@@ -1,130 +0,0 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License.
-
-package com.azure.security.keyvault.keys.cryptography.options;
-
-import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
-
-import java.util.Objects;
-
-/**
- * A class containing various configuration parameters that can be applied when performing encryption operations.
- */
-public class EncryptOptions {
-    /**
-     * The algorithm to be used for encryption.
-     */
-    final EncryptionAlgorithm algorithm;
-
-    /**
-     * The content to be encrypted.
-     */
-    final byte[] plainText;
-
-    /**
-     * Initialization vector to be used in the encryption operation using a symmetric algorithm.
-     */
-    byte[] iv;
-
-    /**
-     * Get additional data to authenticate when performing encryption with an authenticated algorithm.
-     */
-    byte[] additionalAuthenticatedData;
-
-    /**
-     * Factory method to create an instance of {@link EncryptOptions} with the given parameters.
-     *
-     * @param algorithm The algorithm to be used for encryption.
-     * @param plaintext The content to be encryption.
-     * @return The {@link EncryptOptions}.
-     */
-    public static EncryptOptions createOptions(EncryptionAlgorithm algorithm, byte[] plaintext) {
-        return new EncryptOptions(algorithm, plaintext);
-    }
-
-    /**
-     * Factory method to create an instance of {@link AesCbcEncryptOptions} with the given parameters.
-     *
-     * @param algorithm The algorithm to be used for encryption.
-     * @param plaintext The content to be encryption.
-     * @return The {@link AesCbcEncryptOptions}.
-     */
-    public static AesCbcEncryptOptions createAesCbcOptions(EncryptionAlgorithm algorithm, byte[] plaintext) {
-        return new AesCbcEncryptOptions(algorithm, plaintext);
-    }
-
-    /**
-     * Factory method to create an instance of {@link AesGcmEncryptOptions} with the given parameters.
-     *
-     * @param algorithm The algorithm to be used for encryption.
-     * @param plaintext The content to be encryption.
-     * @param iv Initialization vector for the encryption operation.
-     * @return The {@link AesGcmEncryptOptions}.
-     */
-    public static AesGcmEncryptOptions createAesGcmOptions(EncryptionAlgorithm algorithm, byte[] plaintext, byte[] iv) {
-        return new AesGcmEncryptOptions(algorithm, plaintext, iv);
-    }
-
-    /**
-     * Creates an instance of {@link EncryptOptions} with the given parameters.
-     *
-     * @param algorithm The algorithm to be used for encryption.
-     * @param plainText The content to be encrypted.
-     */
-    EncryptOptions(EncryptionAlgorithm algorithm, byte[] plainText) {
-        Objects.requireNonNull(algorithm, "'algorithm cannot be null'");
-        Objects.requireNonNull(plainText, "'plaintext' cannot be null");
-
-        this.algorithm = algorithm;
-        this.plainText = new byte[plainText.length];
-        System.arraycopy(plainText, 0, this.plainText, 0, plainText.length);
-    }
-
-    /**
-     * The algorithm to be used for encryption.
-     *
-     * @return The algorithm to be used for encryption.
-     */
-    public EncryptionAlgorithm getAlgorithm() {
-        return algorithm;
-    }
-
-    /**
-     * Get the content to be encrypted.
-     *
-     * @return The content to be encrypted.
-     */
-    public byte[] getPlainText() {
-        if (plainText == null) {
-            return null;
-        } else {
-            return plainText.clone();
-        }
-    }
-
-    /**
-     * Get the initialization vector to be used in the encryption operation using a symmetric algorithm.
-     *
-     * @return The initialization vector.
-     */
-    public byte[] getIv() {
-        if (iv == null) {
-            return null;
-        } else {
-            return iv.clone();
-        }
-    }
-
-    /**
-     * Get additional data to authenticate when performing encryption with an authenticated algorithm.
-     *
-     * @return The additional authenticated data.
-     */
-    public byte[] getAdditionalAuthenticatedData() {
-        if (additionalAuthenticatedData == null) {
-            return null;
-        } else {
-            return additionalAuthenticatedData.clone();
-        }
-    }
-}
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/package-info.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/package-info.java
deleted file mode 100644
index a5f252b7b3e5c..0000000000000
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/options/package-info.java
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License.
-
-/**
- * Package containing classes used for representing options for encryption, decryption, signing, verifying, key wrapping
- * and unwrapping operations.
- */
-package com.azure.security.keyvault.keys.cryptography.options;
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/module-info.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/module-info.java
index 03c02ebdfe946..35421e19f8e0f 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/module-info.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/module-info.java
@@ -9,7 +9,6 @@
     exports com.azure.security.keyvault.keys;
     exports com.azure.security.keyvault.keys.cryptography;
     exports com.azure.security.keyvault.keys.cryptography.models;
-    exports com.azure.security.keyvault.keys.cryptography.options;
     exports com.azure.security.keyvault.keys.models;
 
     opens com.azure.security.keyvault.keys to com.fasterxml.jackson.databind;
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
index bcaebac85c701..25a7592786412 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClientJavaDocCodeSnippets.java
@@ -12,8 +12,6 @@
 import com.azure.core.http.policy.RetryPolicy;
 import com.azure.identity.DefaultAzureCredentialBuilder;
 import com.azure.security.keyvault.keys.KeyAsyncClient;
-import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
-import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.implementation.KeyVaultCredentialPolicy;
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
 import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
@@ -134,9 +132,7 @@ public void encrypt() {
             (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
             (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
-
-        EncryptOptions encryptOptions = EncryptOptions.createAesCbcOptions(EncryptionAlgorithm.A128CBC, plainTextBytes)
-            .setIv(iv);
+        EncryptOptions encryptOptions = EncryptOptions.createAes128CbcOptions(plainTextBytes, iv);
 
         cryptographyAsyncClient.encrypt(encryptOptions)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
@@ -173,9 +169,7 @@ public void decrypt() {
             (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
             (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
-
-        DecryptOptions decryptOptions = DecryptOptions.createAesCbcOptions(EncryptionAlgorithm.A128CBC, cipherTextBytes)
-            .setIv(iv);
+        DecryptOptions decryptOptions = DecryptOptions.createAes128CbcOptions(cipherTextBytes, iv);
 
         cryptographyAsyncClient.decrypt(decryptOptions)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
index aeef0b76dee4f..533907acf8b30 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientJavaDocCodeSnippets.java
@@ -16,8 +16,6 @@
 import com.azure.security.keyvault.keys.cryptography.models.SignResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
-import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
-import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.KeyVaultKey;
 
 import java.security.MessageDigest;
@@ -110,10 +108,7 @@ public void encrypt() {
             (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
             (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
-
-        EncryptOptions encryptOptions = EncryptOptions.createAesCbcOptions(EncryptionAlgorithm.A128CBC, myPlainText)
-            .setIv(iv);
-
+        EncryptOptions encryptOptions = EncryptOptions.createAes128CbcOptions(myPlainText, iv);
         EncryptResult encryptedResult = cryptographyClient.encrypt(encryptOptions, new Context(key1, value1));
 
         System.out.printf("Received encrypted content of length %d with algorithm %s \n",
@@ -159,10 +154,7 @@ public void decrypt() {
             (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
             (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
-
-        DecryptOptions decryptOptions = DecryptOptions.createAesCbcOptions(EncryptionAlgorithm.A128CBC, myCipherText)
-            .setIv(iv);
-
+        DecryptOptions decryptOptions = DecryptOptions.createAes128CbcOptions(myCipherText, iv);
         DecryptResult decryptedResult = cryptographyClient.decrypt(decryptOptions, new Context(key1, value1));
 
         System.out.printf("Received decrypted content of length %d\n", decryptedResult.getPlainText().length);
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClientJavaDocCodeSnippets.java
index 8ebbd79e84c91..271c35b0b3a33 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClientJavaDocCodeSnippets.java
@@ -7,8 +7,6 @@
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
 import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
 import com.azure.security.keyvault.keys.cryptography.models.SignatureAlgorithm;
-import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
-import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 
 import java.security.MessageDigest;
@@ -64,8 +62,7 @@ public void encrypt() {
             (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
             (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
-        EncryptOptions encryptOptions = EncryptOptions.createAesCbcOptions(EncryptionAlgorithm.A128CBC, plainTextBytes)
-            .setIv(iv);
+        EncryptOptions encryptOptions = EncryptOptions.createAes128CbcOptions(plainTextBytes, iv);
 
         cryptographyAsyncClient.encrypt(encryptOptions)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
@@ -97,8 +94,7 @@ public void decrypt() {
             (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
             (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
-        DecryptOptions decryptOptions = DecryptOptions.createAesCbcOptions(EncryptionAlgorithm.A128CBC, plainTextBytes)
-            .setIv(iv);
+        DecryptOptions decryptOptions = DecryptOptions.createAes128CbcOptions(plainTextBytes, iv);
 
         cryptographyAsyncClient.decrypt(decryptOptions)
             .subscriberContext(reactor.util.context.Context.of(key1, value1, key2, value2))
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientJavaDocCodeSnippets.java b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientJavaDocCodeSnippets.java
index c16f6601a6066..6cefc6c630743 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientJavaDocCodeSnippets.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/samples/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientJavaDocCodeSnippets.java
@@ -13,8 +13,6 @@
 import com.azure.security.keyvault.keys.cryptography.models.UnwrapResult;
 import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
 import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
-import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
-import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 
 import java.security.MessageDigest;
@@ -67,8 +65,7 @@ public void encrypt() {
             (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
             (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
-        EncryptOptions encryptOptions = EncryptOptions.createAesCbcOptions(EncryptionAlgorithm.RSA_OAEP, plainTextBytes)
-            .setIv(iv);
+        EncryptOptions encryptOptions = EncryptOptions.createAes128CbcOptions(plainTextBytes, iv);
         EncryptResult encryptedResult = cryptographyClient.encrypt(encryptOptions);
 
         System.out.printf("Received encrypted content of length %d with algorithm %s \n",
@@ -96,8 +93,7 @@ public void decrypt() {
             (byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd,
             (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04
         };
-        DecryptOptions decryptOptions = DecryptOptions.createAesCbcOptions(EncryptionAlgorithm.A128CBC, encryptedBytes)
-            .setIv(iv);
+        DecryptOptions decryptOptions = DecryptOptions.createAes128CbcOptions(encryptedBytes, iv);
         DecryptResult decryptedResult = cryptographyClient.decrypt(decryptOptions);
 
         System.out.printf("Received decrypted content of length %d\n", decryptedResult.getPlainText().length);
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java
index eab49a0cce938..216db63a4cac9 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/CryptographyClientTest.java
@@ -12,8 +12,6 @@
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
 import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
 import com.azure.security.keyvault.keys.cryptography.models.SignatureAlgorithm;
-import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
-import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.KeyVaultKey;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import com.azure.security.keyvault.keys.models.KeyCurveName;
@@ -83,13 +81,13 @@ public void encryptDecryptRsa(HttpClient httpClient, CryptographyServiceVersion
                 byte[] plainText = new byte[100];
                 new Random(0x1234567L).nextBytes(plainText);
                 byte[] cipherText = cryptoClient.encrypt(algorithm, plainText).getCipherText();
-                byte[] decryptedText = serviceClient.decrypt(DecryptOptions.createOptions(algorithm, cipherText),
-                    Context.NONE).block().getPlainText();
+                byte[] decryptedText = serviceClient.decrypt(new DecryptOptions(algorithm, cipherText, null, null,
+                    null), Context.NONE).block().getPlainText();
 
                 assertArrayEquals(decryptedText, plainText);
 
-                cipherText = serviceClient.encrypt(EncryptOptions.createOptions(algorithm, plainText),
-                    Context.NONE).block().getCipherText();
+                cipherText = serviceClient.encrypt(new EncryptOptions(algorithm, plainText, null, null), Context.NONE)
+                    .block().getCipherText();
                 decryptedText = cryptoClient.decrypt(algorithm, cipherText).getPlainText();
 
                 assertArrayEquals(decryptedText, plainText);
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java
index 570d6af559d6f..458e94defd492 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java
@@ -8,8 +8,6 @@
 import com.azure.security.keyvault.keys.cryptography.models.DecryptResult;
 import com.azure.security.keyvault.keys.cryptography.models.EncryptResult;
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
-import com.azure.security.keyvault.keys.cryptography.options.DecryptOptions;
-import com.azure.security.keyvault.keys.cryptography.options.EncryptOptions;
 import com.azure.security.keyvault.keys.models.JsonWebKey;
 import com.azure.security.keyvault.keys.models.KeyOperation;
 import org.junit.jupiter.api.Test;
@@ -114,11 +112,10 @@ static void encryptDecryptAesCbc(int keySize, EncryptionAlgorithm algorithm) thr
         byte[] plaintext = "My16BitPlaintext".getBytes();
         byte[] iv = "My16BytesTestIv.".getBytes();
         LocalCryptographyClient localCryptographyClient = initializeCryptographyClient(getTestJsonWebKey(keySize));
-        EncryptOptions encryptOptions = EncryptOptions.createAesCbcOptions(algorithm, plaintext).setIv(iv);
+        EncryptOptions encryptOptions = EncryptOptions.createAes128CbcOptions(plaintext, iv);
         EncryptResult encryptResult =
             localCryptographyClient.encrypt(encryptOptions);
-        DecryptOptions decryptOptions = DecryptOptions.createAesCbcOptions(algorithm, encryptResult.getCipherText())
-            .setIv(iv);
+        DecryptOptions decryptOptions = DecryptOptions.createAes128CbcOptions(encryptResult.getCipherText(), iv);
         DecryptResult decryptResult =
             localCryptographyClient.decrypt(decryptOptions);
 
@@ -129,15 +126,15 @@ static void encryptDecryptAesGcm(int keySize, EncryptionAlgorithm algorithm) thr
         byte[] plaintext = "My16BitPlaintext".getBytes();
         byte[] iv = "My12BytesIv.".getBytes();
         LocalCryptographyClient localCryptographyClient = initializeCryptographyClient(getTestJsonWebKey(keySize));
-        EncryptOptions encryptOptions = EncryptOptions.createAesGcmOptions(algorithm, plaintext, iv);
+        EncryptOptions encryptOptions = EncryptOptions.createAes128GcmOptions(plaintext, iv);
         EncryptResult encryptResult =
             localCryptographyClient.encrypt(encryptOptions);
         byte[] authenticationTag = new byte[12];
 
         System.arraycopy(encryptResult.getCipherText(), 0, authenticationTag, 0, authenticationTag.length);
 
-        DecryptOptions decryptOptions = DecryptOptions.createAesGcmOptions(algorithm, encryptResult.getCipherText(), iv)
-            .setAuthenticationTag(authenticationTag);
+        DecryptOptions decryptOptions = DecryptOptions.createAes128GcmOptions(encryptResult.getCipherText(), iv,
+            authenticationTag);
         DecryptResult decryptResult =
             localCryptographyClient.decrypt(decryptOptions);
 

From ff77ba13802b18d690436a3ec2534f732fb3bc47 Mon Sep 17 00:00:00 2001
From: Victor Colin Amador <vicolina@microsoft.com>
Date: Thu, 12 Nov 2020 15:26:52 -0800
Subject: [PATCH 12/15] Added iv, additionalAuthenticatedDate and
 authenticationTag to EncryptResult.

---
 .../resources/spotbugs/spotbugs-exclude.xml   |  9 ---
 .../keyvault/keys/cryptography/AesCbc.java    | 17 +++---
 .../keys/cryptography/AesCbcHmacSha2.java     | 27 ++++----
 .../keyvault/keys/cryptography/AesCbcPad.java | 17 +++---
 .../keyvault/keys/cryptography/AesGcm.java    | 32 +++++-----
 .../CryptographyServiceClient.java            |  4 --
 .../keys/cryptography/DecryptOptions.java     | 59 ++++--------------
 .../keys/cryptography/EncryptOptions.java     | 46 +++-----------
 .../SymmetricEncryptionAlgorithm.java         | 18 +++---
 .../SymmetricKeyCryptographyClient.java       | 30 +++++----
 .../cryptography/models/EncryptResult.java    | 61 +++++++++++++++++++
 .../LocalCryptographyClientTestBase.java      | 15 ++---
 12 files changed, 167 insertions(+), 168 deletions(-)

diff --git a/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml b/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml
index 9054faef8bcbd..db06cdc17baf9 100755
--- a/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml
+++ b/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml
@@ -2414,13 +2414,4 @@
       <Method name="~(get|post)" />
       <Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE" />
   </Match>
-
-  <!-- Service accepts null byte arrays as input parameters -->
-  <Match>
-      <Or>
-          <Class name="com.azure.security.keyvault.keys.cryptography.DecryptOptions" />
-          <Class name="com.azure.security.keyvault.keys.cryptography.EncryptOptions" />
-      </Or>
-      <Bug pattern="PZLA_PREFER_ZERO_LENGTH_ARRAYS" />
-  </Match>
 </FindBugsFilter>
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbc.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbc.java
index a122849be8b56..d72fdf079b7a5 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbc.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbc.java
@@ -71,15 +71,17 @@ public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPad
     }
 
     @Override
-    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData)
+    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                            byte[] authenticationTag)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
 
-        return createEncryptor(key, iv, authenticationData, null);
+        return createEncryptor(key, iv, additionalAuthenticatedData, null, null);
     }
 
     @Override
-    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData, Provider provider)
+    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                            byte[] authenticationTag, Provider provider)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
 
@@ -91,16 +93,17 @@ public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authentica
     }
 
     @Override
-    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag)
+    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                            byte[] authenticationTag)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
 
-        return createDecryptor(key, iv, authenticationData, authenticationTag, null);
+        return createDecryptor(key, iv, additionalAuthenticatedData, authenticationTag, null);
     }
 
     @Override
-    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag,
-                                            Provider provider)
+    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                            byte[] authenticationTag, Provider provider)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcHmacSha2.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcHmacSha2.java
index 91f9d3e3f53be..96cbdb913d99e 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcHmacSha2.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcHmacSha2.java
@@ -188,15 +188,17 @@ protected AesCbcHmacSha2(String name) {
     }
 
     @Override
-    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag)
+    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                            byte[] authenticationTag)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
-        return createDecryptor(key, iv, authenticationData, authenticationTag, null);
+
+        return createDecryptor(key, iv, additionalAuthenticatedData, authenticationTag, null);
     }
 
     @Override
-    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag,
-                                            Provider provider)
+    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                            byte[] authenticationTag, Provider provider)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
         if (key == null) {
@@ -207,7 +209,7 @@ public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authentica
             throw logger.logExceptionAsWarning(new IllegalArgumentException("No initialization vector"));
         }
 
-        if (authenticationData == null) {
+        if (additionalAuthenticatedData == null) {
             throw logger.logExceptionAsWarning(new IllegalArgumentException("No authentication data"));
         }
 
@@ -216,18 +218,21 @@ public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authentica
         }
 
         // Create the Decryptor
-        return new AesCbcHmacSha2Decryptor(getName(), key, iv, authenticationData, authenticationTag, provider);
+        return new AesCbcHmacSha2Decryptor(getName(), key, iv, additionalAuthenticatedData, authenticationTag, provider);
     }
 
     @Override
-    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData)
+    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                            byte[] authenticationTag)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
-        return createEncryptor(key, iv, authenticationData, null);
+
+        return createEncryptor(key, iv, additionalAuthenticatedData, null, null);
     }
 
     @Override
-    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData, Provider provider)
+    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                            byte[] authenticationTag, Provider provider)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
 
@@ -239,11 +244,11 @@ public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authentica
             throw logger.logExceptionAsError(new IllegalArgumentException("No initialization vector"));
         }
 
-        if (authenticationData == null) {
+        if (additionalAuthenticatedData == null) {
             throw logger.logExceptionAsError(new IllegalArgumentException("No authentication data"));
         }
 
         // Create the Encryptor
-        return new AesCbcHmacSha2Encryptor(getName(), key, iv, authenticationData, provider);
+        return new AesCbcHmacSha2Encryptor(getName(), key, iv, additionalAuthenticatedData, provider);
     }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcPad.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcPad.java
index d62153e713765..114f4f90e32a7 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcPad.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcPad.java
@@ -71,15 +71,17 @@ public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPad
     }
 
     @Override
-    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData)
+    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                            byte[] authenticationTag)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
 
-        return createEncryptor(key, iv, authenticationData, null);
+        return createEncryptor(key, iv, additionalAuthenticatedData, null, null);
     }
 
     @Override
-    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData, Provider provider)
+    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                            byte[] authenticationTag, Provider provider)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
 
@@ -91,16 +93,17 @@ public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authentica
     }
 
     @Override
-    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag)
+    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                            byte[] authenticationTag)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
 
-        return createDecryptor(key, iv, authenticationData, authenticationTag, null);
+        return createDecryptor(key, iv, additionalAuthenticatedData, authenticationTag, null);
     }
 
     @Override
-    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag,
-                                            Provider provider)
+    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                            byte[] authenticationTag, Provider provider)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java
index 91bf80d4f96f1..d0a6ddd5e1465 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java
@@ -17,8 +17,6 @@
 import java.util.Objects;
 
 abstract class AesGcm extends SymmetricEncryptionAlgorithm {
-    static final int DEFAULT_TAG_LENGTH = 96;
-
     final int keySizeInBytes;
     final int keySize;
 
@@ -32,7 +30,8 @@ protected AesGcm(String name, int size) {
     static class AesGcmEncryptor implements ICryptoTransform {
         private final Cipher cipher;
 
-        AesGcmEncryptor(byte[] key, byte[] iv, byte[] authenticationData, Provider provider)
+        AesGcmEncryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData, byte[] authenticationTag,
+                        Provider provider)
             throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
             InvalidAlgorithmParameterException {
 
@@ -44,7 +43,7 @@ static class AesGcmEncryptor implements ICryptoTransform {
             }
 
             cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"),
-                new GCMParameterSpec(DEFAULT_TAG_LENGTH, iv));
+                new GCMParameterSpec(authenticationTag.length << 3, iv));
         }
 
         @Override
@@ -56,7 +55,8 @@ public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPad
     static class AesGcmDecryptor implements ICryptoTransform {
         private final Cipher cipher;
 
-        AesGcmDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag, Provider provider)
+        AesGcmDecryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData, byte[] authenticationTag,
+                        Provider provider)
             throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
             InvalidAlgorithmParameterException {
 
@@ -81,15 +81,17 @@ public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPad
     }
 
     @Override
-    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData)
+    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                            byte[] authenticationTag)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
 
-        return createEncryptor(key, iv, authenticationData, null);
+        return createEncryptor(key, iv, additionalAuthenticatedData, authenticationTag, null);
     }
 
     @Override
-    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData, Provider provider)
+    public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                            byte[] authenticationTag, Provider provider)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
 
@@ -97,20 +99,22 @@ public ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authentica
             throw new InvalidKeyException("key must be at least " + keySize + " bits in length");
         }
 
-        return new AesGcmEncryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, authenticationData, provider);
+        return new AesGcmEncryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, additionalAuthenticatedData,
+            authenticationTag, provider);
     }
 
     @Override
-    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag)
+    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                            byte[] authenticationTag)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
 
-        return createDecryptor(key, iv, authenticationData, authenticationTag, null);
+        return createDecryptor(key, iv, additionalAuthenticatedData, authenticationTag, null);
     }
 
     @Override
-    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag,
-                                            Provider provider)
+    public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                            byte[] authenticationTag, Provider provider)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException {
 
@@ -118,7 +122,7 @@ public ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authentica
             throw new InvalidKeyException("key must be at least " + keySize + " bits in length");
         }
 
-        return new AesGcmDecryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, authenticationData,
+        return new AesGcmDecryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, additionalAuthenticatedData,
             authenticationTag, provider);
     }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
index c20507cd74afd..d6b22b16da1c2 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
@@ -127,8 +127,6 @@ JsonWebKey transformSecretKey(SecretKey secretKey) throws JsonProcessingExceptio
 
     Mono<EncryptResult> encrypt(EncryptOptions encryptOptions, Context context) {
         Objects.requireNonNull(encryptOptions, "'encryptOptions' cannot be null.");
-        Objects.requireNonNull(encryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
-        Objects.requireNonNull(encryptOptions.getPlainText(), "Plain text content to be encrypted cannot be null.");
 
         EncryptionAlgorithm algorithm = encryptOptions.getAlgorithm();
         byte[] iv = encryptOptions.getIv();
@@ -153,8 +151,6 @@ Mono<EncryptResult> encrypt(EncryptOptions encryptOptions, Context context) {
 
     Mono<DecryptResult> decrypt(DecryptOptions decryptOptions, Context context) {
         Objects.requireNonNull(decryptOptions, "'decryptOptions' cannot be null.");
-        Objects.requireNonNull(decryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
-        Objects.requireNonNull(decryptOptions.getCipherText(), "Cipher text content to be decrypted cannot be null.");
 
         EncryptionAlgorithm algorithm = decryptOptions.getAlgorithm();
         byte[] iv = decryptOptions.getIv();
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
index 68e66d84b7896..d539aab3aa694 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
@@ -3,6 +3,7 @@
 
 package com.azure.security.keyvault.keys.cryptography;
 
+import com.azure.core.util.CoreUtils;
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
 
 import java.util.Objects;
@@ -202,35 +203,15 @@ public static DecryptOptions createAes256GcmOptions(byte[] plainText, byte[] iv,
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      */
     DecryptOptions(EncryptionAlgorithm algorithm, byte[] cipherText, byte[] iv, byte[] authenticationTag,
-                           byte[] additionalAuthenticatedData) {
-        Objects.requireNonNull(cipherText, "'cipherText' cannot be null");
+                   byte[] additionalAuthenticatedData) {
+        Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null.");
+        Objects.requireNonNull(cipherText, "Cipher text content to be decrypted cannot be null.");
 
         this.algorithm = algorithm;
-        this.cipherText = new byte[cipherText.length];
-        System.arraycopy(cipherText, 0, this.cipherText, 0, cipherText.length);
-
-        if (iv == null) {
-            this.iv = null;
-        } else {
-            this.iv = new byte[iv.length];
-            System.arraycopy(iv, 0, this.iv, 0, iv.length);
-        }
-
-        if (additionalAuthenticatedData == null) {
-            this.additionalAuthenticatedData = null;
-        } else {
-            this.additionalAuthenticatedData = new byte[additionalAuthenticatedData.length];
-            System.arraycopy(additionalAuthenticatedData, 0, this.additionalAuthenticatedData, 0,
-                additionalAuthenticatedData.length);
-        }
-
-        if (authenticationTag == null) {
-            this.authenticationTag = null;
-        } else {
-            this.authenticationTag = new byte[authenticationTag.length];
-            System.arraycopy(authenticationTag, 0, this.authenticationTag, 0,
-                authenticationTag.length);
-        }
+        this.cipherText = CoreUtils.clone(cipherText);
+        this.iv = CoreUtils.clone(iv);
+        this.additionalAuthenticatedData = CoreUtils.clone(additionalAuthenticatedData);
+        this.authenticationTag = CoreUtils.clone(authenticationTag);
     }
 
     /**
@@ -248,11 +229,7 @@ public EncryptionAlgorithm getAlgorithm() {
      * @return The content to be encrypted.
      */
     public byte[] getCipherText() {
-        if (cipherText == null) {
-            return null;
-        } else {
-            return cipherText.clone();
-        }
+        return CoreUtils.clone(cipherText);
     }
 
     /**
@@ -261,11 +238,7 @@ public byte[] getCipherText() {
      * @return The initialization vector.
      */
     public byte[] getIv() {
-        if (iv == null) {
-            return null;
-        } else {
-            return iv.clone();
-        }
+        return CoreUtils.clone(iv);
     }
 
     /**
@@ -274,11 +247,7 @@ public byte[] getIv() {
      * @return The additional authenticated data.
      */
     public byte[] getAdditionalAuthenticatedData() {
-        if (additionalAuthenticatedData == null) {
-            return null;
-        } else {
-            return additionalAuthenticatedData.clone();
-        }
+        return CoreUtils.clone(additionalAuthenticatedData);
     }
 
     /**
@@ -287,10 +256,6 @@ public byte[] getAdditionalAuthenticatedData() {
      * @return The authentication tag.
      */
     public byte[] getAuthenticationTag() {
-        if (authenticationTag == null) {
-            return null;
-        } else {
-            return authenticationTag.clone();
-        }
+        return CoreUtils.clone(authenticationTag);
     }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
index 560e3470b6db1..0f4a3ffeca1f5 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
@@ -3,6 +3,7 @@
 
 package com.azure.security.keyvault.keys.cryptography;
 
+import com.azure.core.util.CoreUtils;
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
 
 import java.util.Objects;
@@ -255,29 +256,14 @@ public static EncryptOptions createAes256GcmOptions(byte[] plainText, byte[] iv,
      * @param iv Initialization vector for the encryption operation.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      */
-    EncryptOptions(EncryptionAlgorithm algorithm, byte[] plainText, byte[] iv,
-                           byte[] additionalAuthenticatedData) {
-        Objects.requireNonNull(plainText, "'plaintext' cannot be null");
+    EncryptOptions(EncryptionAlgorithm algorithm, byte[] plainText, byte[] iv, byte[] additionalAuthenticatedData) {
+        Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null.");
+        Objects.requireNonNull(plainText, "Plain text content to be encrypted cannot be null.");
 
         this.algorithm = algorithm;
-        this.plainText = new byte[plainText.length];
-
-        System.arraycopy(plainText, 0, this.plainText, 0, plainText.length);
-
-        if (iv == null) {
-            this.iv = null;
-        } else {
-            this.iv = new byte[iv.length];
-            System.arraycopy(iv, 0, this.iv, 0, iv.length);
-        }
-
-        if (additionalAuthenticatedData == null) {
-            this.additionalAuthenticatedData = null;
-        } else {
-            this.additionalAuthenticatedData = new byte[additionalAuthenticatedData.length];
-            System.arraycopy(additionalAuthenticatedData, 0, this.additionalAuthenticatedData, 0,
-                additionalAuthenticatedData.length);
-        }
+        this.plainText = CoreUtils.clone(plainText);
+        this.iv = CoreUtils.clone(iv);
+        this.additionalAuthenticatedData = CoreUtils.clone(additionalAuthenticatedData);
     }
 
     /**
@@ -295,11 +281,7 @@ public EncryptionAlgorithm getAlgorithm() {
      * @return The content to be encrypted.
      */
     public byte[] getPlainText() {
-        if (plainText == null) {
-            return null;
-        } else {
-            return plainText.clone();
-        }
+        return CoreUtils.clone(plainText);
     }
 
     /**
@@ -308,11 +290,7 @@ public byte[] getPlainText() {
      * @return The initialization vector.
      */
     public byte[] getIv() {
-        if (iv == null) {
-            return null;
-        } else {
-            return iv.clone();
-        }
+        return CoreUtils.clone(iv);
     }
 
     /**
@@ -321,10 +299,6 @@ public byte[] getIv() {
      * @return The additional authenticated data.
      */
     public byte[] getAdditionalAuthenticatedData() {
-        if (additionalAuthenticatedData == null) {
-            return null;
-        } else {
-            return additionalAuthenticatedData.clone();
-        }
+        return CoreUtils.clone(additionalAuthenticatedData);
     }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricEncryptionAlgorithm.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricEncryptionAlgorithm.java
index 205c2f64f6327..5d2a5225fd130 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricEncryptionAlgorithm.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricEncryptionAlgorithm.java
@@ -28,11 +28,12 @@ abstract class SymmetricEncryptionAlgorithm extends LocalEncryptionAlgorithm {
      *
      * @param key The key material to be used.
      * @param iv The initialization vector to be used.
-     * @param authenticationData The authentication data to be used with authenticating encryption implementation
+     * @param additionalAuthenticatedData The authentication data to be used with authenticating encryption implementation
      * (ignored for non-authenticating implementation).
      * @return A {@link ICryptoTransform} implementation.
      */
-    abstract ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData)
+    abstract ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                              byte[] authenticationTag)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException;
 
@@ -42,12 +43,13 @@ abstract ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenti
      *
      * @param key The key material to be used.
      * @param iv The initialization vector to be used.
-     * @param authenticationData The authentication data to be used with authenticating encryption implementation
+     * @param additionalAuthenticatedData The authentication data to be used with authenticating encryption implementation
      * (ignored for non-authenticating implementation).
      * @param provider The provider to use.
      * @return A {@link ICryptoTransform} implementation.
      */
-    abstract ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenticationData, Provider provider)
+    abstract ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
+                                              byte[] authenticationTag, Provider provider)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException;
 
@@ -57,13 +59,13 @@ abstract ICryptoTransform createEncryptor(byte[] key, byte[] iv, byte[] authenti
      *
      * @param key The key material to be used.
      * @param iv The initialization vector to be used.
-     * @param authenticationData The authentication data to be used with authenticating encryption implementation
+     * @param additionalAuthenticatedData The authentication data to be used with authenticating encryption implementation
      * (ignored for non-authenticating implementation).
      * @param authenticationTag  The authentication tag to verify when using authenticating encryption implementation
      * (ignored for non-authenticating implementation).
      * @return A {@link ICryptoTransform} implementation.
      */
-    abstract ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenticationData,
+    abstract ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
                                               byte[] authenticationTag)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException;
@@ -74,14 +76,14 @@ abstract ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenti
      *
      * @param key The key material to be used.
      * @param iv The initialization vector to be used.
-     * @param authenticationData The authentication data to be used with authenticating encryption implementation
+     * @param additionalAuthenticatedData The authentication data to be used with authenticating encryption implementation
      * (ignored for non-authenticating implementation).
      * @param authenticationTag  The authentication tag to verify when using authenticating encryption implementation
      * (ignored for non-authenticating implementation).
      * @param provider The provider to use.
      * @return A {@link ICryptoTransform} implementation
      */
-    abstract ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] authenticationData,
+    abstract ICryptoTransform createDecryptor(byte[] key, byte[] iv, byte[] additionalAuthenticatedData,
                                               byte[] authenticationTag, Provider provider)
         throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
         InvalidAlgorithmParameterException;
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
index 5879183b4126d..14ff39bf849f5 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
@@ -22,6 +22,9 @@
 import java.util.Objects;
 
 class SymmetricKeyCryptographyClient extends LocalKeyCryptographyClient {
+    private static final int CBC_BLOCK_SIZE = 16;
+    private static final int GCM_NONCE_SIZE = 12;
+
     private final ClientLogger logger = new ClientLogger(SymmetricKeyCryptographyClient.class);
 
     private byte[] key;
@@ -73,22 +76,24 @@ Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context,
 
         byte[] iv = encryptOptions.getIv();
         byte[] additionalAuthenticatedData = encryptOptions.getAdditionalAuthenticatedData();
+        byte[] authenticationTag = generateRandomByteArray(GCM_NONCE_SIZE);
 
         if (iv == null) {
             if (algorithm == EncryptionAlgorithm.A128GCM || algorithm == EncryptionAlgorithm.A192GCM
                 || algorithm == EncryptionAlgorithm.A256GCM) {
 
-                iv = generateRandomIvForGcm();
+                iv = generateRandomByteArray(GCM_NONCE_SIZE);
             } else if (algorithm == EncryptionAlgorithm.A128CBC || algorithm == EncryptionAlgorithm.A192CBC
                 || algorithm == EncryptionAlgorithm.A256CBC || algorithm == EncryptionAlgorithm.A128CBCPAD
                 || algorithm == EncryptionAlgorithm.A192CBCPAD || algorithm == EncryptionAlgorithm.A256CBCPAD) {
 
-                iv = generateRandomIvForCbc();
+                iv = generateRandomByteArray(CBC_BLOCK_SIZE);
             }
         }
 
         try {
-            transform = symmetricEncryptionAlgorithm.createEncryptor(this.key, iv, additionalAuthenticatedData, null);
+            transform = symmetricEncryptionAlgorithm.createEncryptor(this.key, iv, additionalAuthenticatedData,
+                authenticationTag);
         } catch (Exception e) {
             return Mono.error(e);
         }
@@ -101,7 +106,8 @@ Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context,
             return Mono.error(e);
         }
 
-        return Mono.just(new EncryptResult(encrypted, algorithm, jsonWebKey.getId()));
+        return Mono.just(new EncryptResult(encrypted, algorithm, jsonWebKey.getId(), iv, additionalAuthenticatedData,
+            authenticationTag));
     }
 
     @Override
@@ -136,12 +142,12 @@ Mono<DecryptResult> decryptAsync(DecryptOptions decryptOptions, Context context,
             if (algorithm == EncryptionAlgorithm.A128GCM || algorithm == EncryptionAlgorithm.A192GCM
                 || algorithm == EncryptionAlgorithm.A256GCM) {
 
-                iv = generateRandomIvForGcm();
+                iv = generateRandomByteArray(GCM_NONCE_SIZE);
             } else if (algorithm == EncryptionAlgorithm.A128CBC || algorithm == EncryptionAlgorithm.A192CBC
                 || algorithm == EncryptionAlgorithm.A256CBC || algorithm == EncryptionAlgorithm.A128CBCPAD
                 || algorithm == EncryptionAlgorithm.A192CBCPAD || algorithm == EncryptionAlgorithm.A256CBCPAD) {
 
-                iv = generateRandomIvForCbc();
+                iv = generateRandomByteArray(CBC_BLOCK_SIZE);
             }
         }
 
@@ -251,21 +257,13 @@ Mono<VerifyResult> verifyDataAsync(SignatureAlgorithm algorithm, byte[] data, by
         return verifyAsync(algorithm, data, signature, context, key);
     }
 
-    private byte[] generateRandomIvForCbc() {
-        return generateRandomIv(16);
-    }
-
-    private byte[] generateRandomIvForGcm() {
-        return generateRandomIv(12);
-    }
-
-    private byte[] generateRandomIv(int ivSize) {
+    private byte[] generateRandomByteArray(int sizeInBytes) {
         byte[] iv = new byte[0];
         SecureRandom randomSecureRandom;
 
         try {
             randomSecureRandom = SecureRandom.getInstance("SHA1PRNG");
-            iv = new byte[ivSize];
+            iv = new byte[sizeInBytes];
             randomSecureRandom.nextBytes(iv);
         } catch (NoSuchAlgorithmException e) {
             logger.logThrowableAsError(e);
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/models/EncryptResult.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/models/EncryptResult.java
index 2ac529a70bfeb..6239bbcc85cde 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/models/EncryptResult.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/models/EncryptResult.java
@@ -5,6 +5,7 @@
 
 import com.azure.core.annotation.Immutable;
 import com.azure.core.util.CoreUtils;
+import com.fasterxml.jackson.annotation.JsonProperty;
 
 /**
  * Represents the details of encrypt operation result.
@@ -26,6 +27,22 @@ public final class EncryptResult {
      */
     private final String keyId;
 
+    /**
+     * Initialization vector for symmetric algorithms.
+     */
+    private final byte[] iv;
+
+    /**
+     * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
+     */
+    private final byte[] additionalAuthenticatedData;
+
+    /**
+     * The tag to authenticate when performing decryption with an authenticated algorithm.
+     */
+    private final byte[] authenticationTag;
+
+
     /**
      * Creates the instance of Encrypt Result holding encryption operation response information.
      * @param cipherText The encrypted content.
@@ -33,9 +50,26 @@ public final class EncryptResult {
      * @param keyId The identifier of the key usd for the encryption operation.
      */
     public EncryptResult(byte[] cipherText, EncryptionAlgorithm algorithm, String keyId) {
+        this(cipherText, algorithm, keyId, null, null, null);
+    }
+
+    /**
+     * Creates the instance of Encrypt Result holding encryption operation response information.
+     * @param cipherText The encrypted content.
+     * @param algorithm The algorithm used to encrypt the content.
+     * @param keyId The identifier of the key usd for the encryption operation.
+     * @param iv Initialization vector for symmetric algorithms.
+     * @param additionalAuthenticatedData Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.
+     * @param authenticationTag The tag to authenticate when performing decryption with an authenticated algorithm.
+     */
+    public EncryptResult(byte[] cipherText, EncryptionAlgorithm algorithm, String keyId, byte[] iv,
+                         byte[] additionalAuthenticatedData, byte[] authenticationTag) {
         this.cipherText = CoreUtils.clone(cipherText);
         this.algorithm = algorithm;
         this.keyId = keyId;
+        this.iv = CoreUtils.clone(iv);
+        this.additionalAuthenticatedData = CoreUtils.clone(additionalAuthenticatedData);
+        this.authenticationTag = CoreUtils.clone(authenticationTag);
     }
 
     /**
@@ -61,4 +95,31 @@ public byte[] getCipherText() {
     public EncryptionAlgorithm getAlgorithm() {
         return algorithm;
     }
+
+    /**
+     * Get the initialization vector used by symmetric algorithms.
+     *
+     * @return The initialization vector.
+     */
+    public byte[] getIv() {
+        return CoreUtils.clone(iv);
+    }
+
+    /**
+     * Get additional data to authenticate the encrypted content.
+     *
+     * @return The additional authenticated data.
+     */
+    public byte[] getAdditionalAuthenticatedData() {
+        return CoreUtils.clone(additionalAuthenticatedData);
+    }
+
+    /**
+     * Get the tag to authenticate the encrypted content.
+     *
+     * @return The authentication tag.
+     */
+    public byte[] getAuthenticationTag() {
+        return CoreUtils.clone(authenticationTag);
+    }
 }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java
index 458e94defd492..35b5c0ad77bcf 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/test/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClientTestBase.java
@@ -112,10 +112,10 @@ static void encryptDecryptAesCbc(int keySize, EncryptionAlgorithm algorithm) thr
         byte[] plaintext = "My16BitPlaintext".getBytes();
         byte[] iv = "My16BytesTestIv.".getBytes();
         LocalCryptographyClient localCryptographyClient = initializeCryptographyClient(getTestJsonWebKey(keySize));
-        EncryptOptions encryptOptions = EncryptOptions.createAes128CbcOptions(plaintext, iv);
+        EncryptOptions encryptOptions = new EncryptOptions(algorithm, plaintext, iv, null);
         EncryptResult encryptResult =
             localCryptographyClient.encrypt(encryptOptions);
-        DecryptOptions decryptOptions = DecryptOptions.createAes128CbcOptions(encryptResult.getCipherText(), iv);
+        DecryptOptions decryptOptions = new DecryptOptions(algorithm, encryptResult.getCipherText(), iv, null, null);
         DecryptResult decryptResult =
             localCryptographyClient.decrypt(decryptOptions);
 
@@ -126,15 +126,12 @@ static void encryptDecryptAesGcm(int keySize, EncryptionAlgorithm algorithm) thr
         byte[] plaintext = "My16BitPlaintext".getBytes();
         byte[] iv = "My12BytesIv.".getBytes();
         LocalCryptographyClient localCryptographyClient = initializeCryptographyClient(getTestJsonWebKey(keySize));
-        EncryptOptions encryptOptions = EncryptOptions.createAes128GcmOptions(plaintext, iv);
+        EncryptOptions encryptOptions = new EncryptOptions(algorithm, plaintext, iv, null);
         EncryptResult encryptResult =
             localCryptographyClient.encrypt(encryptOptions);
-        byte[] authenticationTag = new byte[12];
-
-        System.arraycopy(encryptResult.getCipherText(), 0, authenticationTag, 0, authenticationTag.length);
-
-        DecryptOptions decryptOptions = DecryptOptions.createAes128GcmOptions(encryptResult.getCipherText(), iv,
-            authenticationTag);
+        byte[] authenticationTag = encryptResult.getAuthenticationTag();
+        DecryptOptions decryptOptions = new DecryptOptions(algorithm, encryptResult.getCipherText(), iv,
+            authenticationTag, null);
         DecryptResult decryptResult =
             localCryptographyClient.decrypt(decryptOptions);
 

From 53c8771dbbc4324372056fa9388c25329fc2408d Mon Sep 17 00:00:00 2001
From: Victor Colin Amador <vicolina@microsoft.com>
Date: Thu, 12 Nov 2020 16:15:31 -0800
Subject: [PATCH 13/15] Made `plainText` and `cipherText` all lowercase.

---
 .../resources/spotbugs/spotbugs-exclude.xml   |   9 ++
 .../cryptography/CryptographyAsyncClient.java |  18 ++-
 .../keys/cryptography/CryptographyClient.java |  24 ++--
 .../CryptographyServiceClient.java            |   4 +-
 .../keys/cryptography/DecryptOptions.java     | 120 ++++++++---------
 .../keys/cryptography/EncryptOptions.java     | 122 +++++++++---------
 .../LocalCryptographyAsyncClient.java         |  22 ++--
 .../cryptography/LocalCryptographyClient.java |  22 ++--
 .../RsaKeyCryptographyClient.java             |   8 +-
 .../SymmetricKeyCryptographyClient.java       |  13 +-
 .../cryptography/models/EncryptResult.java    |   1 -
 11 files changed, 183 insertions(+), 180 deletions(-)

diff --git a/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml b/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml
index db06cdc17baf9..63ca92a03a8b5 100755
--- a/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml
+++ b/eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml
@@ -2414,4 +2414,13 @@
       <Method name="~(get|post)" />
       <Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE" />
   </Match>
+
+  <!-- Conflicting APIs have already been GA'd with incorrect capitalization  -->
+  <Match>
+    <Or>
+      <Class name="com.azure.security.keyvault.keys.cryptography.DecryptOptions" />
+      <Class name="com.azure.security.keyvault.keys.cryptography.EncryptOptions" />
+    </Or>
+    <Bug pattern="NM_CONFUSING" />
+  </Match>
 </FindBugsFilter>
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
index f2e39b9067911..2c2b999c9c0fd 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
@@ -219,7 +219,7 @@ Mono<JsonWebKey> getSecretKey() {
      * contains the encrypted content.
      * @throws ResourceNotFoundException If the key cannot be found for encryption.
      * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
+     * @throws NullPointerException If {@code algorithm} or {@code plaintext} are {@code null}.
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
@@ -255,10 +255,12 @@ public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainte
      * contains the encrypted content.
      * @throws ResourceNotFoundException If the key cannot be found for encryption.
      * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
+     * @throws NullPointerException If {@code encryptOptions} is {@code null}.
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<EncryptResult> encrypt(EncryptOptions encryptOptions) {
+        Objects.requireNonNull(encryptOptions, "'encryptOptions' cannot be null");
+
         try {
             return withContext(context -> encrypt(encryptOptions, context));
         } catch (RuntimeException ex) {
@@ -307,15 +309,15 @@ Mono<EncryptResult> encrypt(EncryptOptions encryptOptions, Context context) {
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte}
      *
      * @param algorithm The algorithm to be used for decryption.
-     * @param cipherText The content to be decrypted.
+     * @param ciphertext The content to be decrypted.
      * @return A {@link Mono} containing the decrypted blob.
      * @throws ResourceNotFoundException If the key cannot be found for decryption.
      * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
+     * @throws NullPointerException If {@code algorithm} or {@code ciphertext} are {@code null}.
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
-    public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
-        return decrypt(new DecryptOptions(algorithm, cipherText, null, null, null));
+    public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext) {
+        return decrypt(new DecryptOptions(algorithm, ciphertext, null, null, null));
     }
 
     /**
@@ -346,10 +348,12 @@ public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherT
      * @return A {@link Mono} containing the decrypted blob.
      * @throws ResourceNotFoundException If the key cannot be found for decryption.
      * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
+     * @throws NullPointerException If {@code decryptOptions} is {@code null}.
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
     public Mono<DecryptResult> decrypt(DecryptOptions decryptOptions) {
+        Objects.requireNonNull(decryptOptions, "'decryptOptions' cannot be null");
+
         try {
             return withContext(context -> decrypt(decryptOptions, context));
         } catch (RuntimeException ex) {
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
index a9d9429541085..790cfe5175367 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
@@ -108,7 +108,7 @@ public Response<KeyVaultKey> getKeyWithResponse(Context context) {
      * content.
      * @throws ResourceNotFoundException If the key cannot be found for encryption.
      * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
+     * @throws NullPointerException If {@code algorithm} or {@code plaintext} are {@code null}.
      */
     public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Context context) {
         return encrypt(new EncryptOptions(algorithm, plaintext, null, null), context);
@@ -144,7 +144,7 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Co
      * content.
      * @throws ResourceNotFoundException If the key cannot be found for encryption.
      * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
+     * @throws NullPointerException If {@code algorithm} or {@code plaintext} are {@code null}.
      */
     public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
         return encrypt(algorithm, plaintext, Context.NONE);
@@ -180,7 +180,7 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
      * content.
      * @throws ResourceNotFoundException If the key cannot be found for encryption.
      * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
+     * @throws NullPointerException If {@code encryptOptions} is {@code null}.
      */
     public EncryptResult encrypt(EncryptOptions encryptOptions, Context context) {
         return client.encrypt(encryptOptions, context).block();
@@ -211,15 +211,15 @@ public EncryptResult encrypt(EncryptOptions encryptOptions, Context context) {
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-Context}
      *
      * @param algorithm The algorithm to be used for decryption.
-     * @param cipherText The content to be decrypted.
+     * @param ciphertext The content to be decrypted.
      * @param context Additional context that is passed through the Http pipeline during the service call.
      * @return The decrypted blob.
      * @throws ResourceNotFoundException If the key cannot be found for encryption.
      * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
+     * @throws NullPointerException If {@code algorithm} or {@code ciphertext} are {@code null}.
      */
-    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, Context context) {
-        return decrypt(new DecryptOptions(algorithm, cipherText, null, null, null), context);
+    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext, Context context) {
+        return decrypt(new DecryptOptions(algorithm, ciphertext, null, null, null), context);
     }
 
     /**
@@ -247,14 +247,14 @@ public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, C
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte}
      *
      * @param algorithm The algorithm to be used for decryption.
-     * @param cipherText The content to be decrypted.
+     * @param ciphertext The content to be decrypted.
      * @return The decrypted blob.
      * @throws ResourceNotFoundException If the key cannot be found for encryption.
      * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
+     * @throws NullPointerException If {@code algorithm} or {@code ciphertext} are {@code null}.
      */
-    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
-        return decrypt(new DecryptOptions(algorithm, cipherText, null, null, null), Context.NONE);
+    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext) {
+        return decrypt(new DecryptOptions(algorithm, ciphertext, null, null, null), Context.NONE);
     }
 
     /**
@@ -286,7 +286,7 @@ public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
      * @return The decrypted blob.
      * @throws ResourceNotFoundException If the key cannot be found for encryption.
      * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
+     * @throws NullPointerException If {@code decryptOptions} is {@code null}.
      */
     public DecryptResult decrypt(DecryptOptions decryptOptions, Context context) {
         return client.decrypt(decryptOptions, context).block();
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
index d6b22b16da1c2..9a4a691d8ff1d 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
@@ -133,7 +133,7 @@ Mono<EncryptResult> encrypt(EncryptOptions encryptOptions, Context context) {
         byte[] authenticatedData = encryptOptions.getAdditionalAuthenticatedData();
         KeyOperationParameters parameters = new KeyOperationParameters()
             .setAlgorithm(algorithm)
-            .setValue(encryptOptions.getPlainText())
+            .setValue(encryptOptions.getPlaintext())
             .setIv(iv)
             .setAdditionalAuthenticatedData(authenticatedData);
         context = context == null ? Context.NONE : context;
@@ -158,7 +158,7 @@ Mono<DecryptResult> decrypt(DecryptOptions decryptOptions, Context context) {
         byte[] authenticationTag = decryptOptions.getAuthenticationTag();
         KeyOperationParameters parameters = new KeyOperationParameters()
             .setAlgorithm(algorithm)
-            .setValue(decryptOptions.getCipherText())
+            .setValue(decryptOptions.getCiphertext())
             .setIv(iv)
             .setAdditionalAuthenticatedData(additionalAuthenticatedData)
             .setAuthenticationTag(authenticationTag);
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
index d539aab3aa694..54dd9a8246e5b 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
@@ -20,7 +20,7 @@ public class DecryptOptions {
     /**
      * The content to be decrypted.
      */
-    private final byte[] cipherText;
+    private final byte[] ciphertext;
 
     /**
      * Initialization vector to be used in the decryption operation using a symmetric algorithm.
@@ -41,51 +41,51 @@ public class DecryptOptions {
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128CBC}.
      *
-     * @param plainText The content to be encryption.
-     * @param iv Initialization vector for the encryption operation.
+     * @param ciphertext The content to be decrypted.
+     * @param iv Initialization vector for the decryption operation.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes128CbcOptions(byte[] plainText, byte[] iv) {
-        return new DecryptOptions(EncryptionAlgorithm.A128CBC, plainText, iv, null, null);
+    public static DecryptOptions createAes128CbcOptions(byte[] ciphertext, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A128CBC, ciphertext, iv, null, null);
     }
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128CBCPAD}.
      *
-     * @param plainText The content to be encryption.
-     * @param iv Initialization vector for the encryption operation.
+     * @param ciphertext The content to be decrypted.
+     * @param iv Initialization vector for the decryption operation.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes128CbcPadOptions(byte[] plainText, byte[] iv) {
-        return new DecryptOptions(EncryptionAlgorithm.A128CBCPAD, plainText, iv, null, null);
+    public static DecryptOptions createAes128CbcPadOptions(byte[] ciphertext, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A128CBCPAD, ciphertext, iv, null, null);
     }
 
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128GCM}.
      *
-     * @param plainText The content to be encryption.
-     * @param iv Initialization vector for the encryption operation.
+     * @param ciphertext The content to be decrypted.
+     * @param iv Initialization vector for the decryption operation.
      * @param authenticationTag The tag to authenticate when performing decryption.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes128GcmOptions(byte[] plainText, byte[] iv, byte[] authenticationTag) {
-        return createAes128GcmOptions(plainText, iv, authenticationTag, null);
+    public static DecryptOptions createAes128GcmOptions(byte[] ciphertext, byte[] iv, byte[] authenticationTag) {
+        return createAes128GcmOptions(ciphertext, iv, authenticationTag, null);
     }
 
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128GCM}.
      *
-     * @param plainText The content to be encryption.
-     * @param iv Initialization vector for the encryption operation.
+     * @param ciphertext The content to be decrypted.
+     * @param iv Initialization vector for the decryption operation.
      * @param authenticationTag The tag to authenticate when performing decryption.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes128GcmOptions(byte[] plainText, byte[] iv, byte[] authenticationTag,
+    public static DecryptOptions createAes128GcmOptions(byte[] ciphertext, byte[] iv, byte[] authenticationTag,
                                                         byte[] additionalAuthenticatedData) {
-        return new DecryptOptions(EncryptionAlgorithm.A128GCM, plainText, iv, authenticationTag,
+        return new DecryptOptions(EncryptionAlgorithm.A128GCM, ciphertext, iv, authenticationTag,
             additionalAuthenticatedData);
     }
 
@@ -93,103 +93,103 @@ public static DecryptOptions createAes128GcmOptions(byte[] plainText, byte[] iv,
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192CBC}.
      *
-     * @param plainText The content to be encryption.
-     * @param iv Initialization vector for the encryption operation.
+     * @param ciphertext The content to be decrypted.
+     * @param iv Initialization vector for the decryption operation.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes192CbcOptions(byte[] plainText, byte[] iv) {
-        return new DecryptOptions(EncryptionAlgorithm.A192CBC, plainText, iv, null, null);
+    public static DecryptOptions createAes192CbcOptions(byte[] ciphertext, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A192CBC, ciphertext, iv, null, null);
     }
 
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192CBCPAD}.
      *
-     * @param plainText The content to be encryption.
-     * @param iv Initialization vector for the encryption operation.
+     * @param ciphertext The content to be decrypted.
+     * @param iv Initialization vector for the decryption operation.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes192CbcPadOptions(byte[] plainText, byte[] iv) {
-        return new DecryptOptions(EncryptionAlgorithm.A192CBCPAD, plainText, iv, null, null);
+    public static DecryptOptions createAes192CbcPadOptions(byte[] ciphertext, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A192CBCPAD, ciphertext, iv, null, null);
     }
 
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192GCM}.
      *
-     * @param plainText The content to be encryption.
-     * @param iv Initialization vector for the encryption operation.
+     * @param ciphertext The content to be decrypted.
+     * @param iv Initialization vector for the decryption operation.
      * @param authenticationTag The tag to authenticate when performing decryption.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes192GcmOptions(byte[] plainText, byte[] iv, byte[] authenticationTag) {
-        return createAes192GcmOptions(plainText, iv, authenticationTag, null);
+    public static DecryptOptions createAes192GcmOptions(byte[] ciphertext, byte[] iv, byte[] authenticationTag) {
+        return createAes192GcmOptions(ciphertext, iv, authenticationTag, null);
     }
 
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192GCM}.
      *
-     * @param plainText The content to be encryption.
-     * @param iv Initialization vector for the encryption operation.
+     * @param ciphertext The content to be decrypted.
+     * @param iv Initialization vector for the decryption operation.
      * @param authenticationTag The tag to authenticate when performing decryption.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes192GcmOptions(byte[] plainText, byte[] iv, byte[] authenticationTag,
+    public static DecryptOptions createAes192GcmOptions(byte[] ciphertext, byte[] iv, byte[] authenticationTag,
                                                         byte[] additionalAuthenticatedData) {
-        return new DecryptOptions(EncryptionAlgorithm.A192GCM, plainText, iv, authenticationTag,
+        return new DecryptOptions(EncryptionAlgorithm.A192GCM, ciphertext, iv, authenticationTag,
             additionalAuthenticatedData);
     }
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256CBC}.
      *
-     * @param plainText The content to be encryption.
-     * @param iv Initialization vector for the encryption operation.
+     * @param ciphertext The content to be decrypted.
+     * @param iv Initialization vector for the decryption operation.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes256CbcOptions(byte[] plainText, byte[] iv) {
-        return new DecryptOptions(EncryptionAlgorithm.A256CBC, plainText, iv, null, null);
+    public static DecryptOptions createAes256CbcOptions(byte[] ciphertext, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A256CBC, ciphertext, iv, null, null);
     }
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256CBCPAD}.
      *
-     * @param plainText The content to be encryption.
-     * @param iv Initialization vector for the encryption operation.
+     * @param ciphertext The content to be decrypted.
+     * @param iv Initialization vector for the decryption operation.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes256CbcPadOptions(byte[] plainText, byte[] iv) {
-        return new DecryptOptions(EncryptionAlgorithm.A256CBCPAD, plainText, iv, null, null);
+    public static DecryptOptions createAes256CbcPadOptions(byte[] ciphertext, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A256CBCPAD, ciphertext, iv, null, null);
     }
 
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256GCM}.
      *
-     * @param plainText The content to be encryption.
-     * @param iv Initialization vector for the encryption operation.
+     * @param ciphertext The content to be decrypted.
+     * @param iv Initialization vector for the decryption operation.
      * @param authenticationTag The tag to authenticate when performing decryption.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes256GcmOptions(byte[] plainText, byte[] iv, byte[] authenticationTag) {
-        return createAes256GcmOptions(plainText, iv, authenticationTag, null);
+    public static DecryptOptions createAes256GcmOptions(byte[] ciphertext, byte[] iv, byte[] authenticationTag) {
+        return createAes256GcmOptions(ciphertext, iv, authenticationTag, null);
     }
 
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256GCM}.
      *
-     * @param plainText The content to be encryption.
-     * @param iv Initialization vector for the encryption operation.
+     * @param ciphertext The content to be decrypted.
+     * @param iv Initialization vector for the decryption operation.
      * @param authenticationTag The tag to authenticate when performing decryption.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes256GcmOptions(byte[] plainText, byte[] iv, byte[] authenticationTag,
+    public static DecryptOptions createAes256GcmOptions(byte[] ciphertext, byte[] iv, byte[] authenticationTag,
                                                         byte[] additionalAuthenticatedData) {
-        return new DecryptOptions(EncryptionAlgorithm.A256GCM, plainText, iv, authenticationTag,
+        return new DecryptOptions(EncryptionAlgorithm.A256GCM, ciphertext, iv, authenticationTag,
             additionalAuthenticatedData);
     }
 
@@ -197,39 +197,39 @@ public static DecryptOptions createAes256GcmOptions(byte[] plainText, byte[] iv,
      * Creates an instance of {@link DecryptOptions} with the given parameters.
      *
      * @param algorithm The algorithm to be used for decryption.
-     * @param cipherText The content to be decrypted.
-     * @param iv Initialization vector for the encryption operation.
+     * @param ciphertext The content to be decrypted.
+     * @param iv Initialization vector for the decryption operation.
      * @param authenticationTag The tag to authenticate when performing decryption.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      */
-    DecryptOptions(EncryptionAlgorithm algorithm, byte[] cipherText, byte[] iv, byte[] authenticationTag,
+    DecryptOptions(EncryptionAlgorithm algorithm, byte[] ciphertext, byte[] iv, byte[] authenticationTag,
                    byte[] additionalAuthenticatedData) {
         Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null.");
-        Objects.requireNonNull(cipherText, "Cipher text content to be decrypted cannot be null.");
+        Objects.requireNonNull(ciphertext, "Cipher text content to be decrypted cannot be null.");
 
         this.algorithm = algorithm;
-        this.cipherText = CoreUtils.clone(cipherText);
+        this.ciphertext = CoreUtils.clone(ciphertext);
         this.iv = CoreUtils.clone(iv);
         this.additionalAuthenticatedData = CoreUtils.clone(additionalAuthenticatedData);
         this.authenticationTag = CoreUtils.clone(authenticationTag);
     }
 
     /**
-     * The algorithm to be used for encryption.
+     * The algorithm to be used for decryption.
      *
-     * @return The algorithm to be used for encryption.
+     * @return The algorithm to be used for decryption.
      */
     public EncryptionAlgorithm getAlgorithm() {
         return algorithm;
     }
 
     /**
-     * Get the content to be encrypted.
+     * Get the content to be decrypted.
      *
-     * @return The content to be encrypted.
+     * @return The content to be decrypted.
      */
-    public byte[] getCipherText() {
-        return CoreUtils.clone(cipherText);
+    public byte[] getCiphertext() {
+        return CoreUtils.clone(ciphertext);
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
index 0f4a3ffeca1f5..92e551609cf31 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
@@ -20,7 +20,7 @@ public class EncryptOptions {
     /**
      * The content to be encrypted.
      */
-    private final byte[] plainText;
+    private final byte[] plaintext;
 
     /**
      * Initialization vector to be used in the encryption operation using a symmetric algorithm.
@@ -36,232 +36,232 @@ public class EncryptOptions {
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128CBC}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes128CbcOptions(byte[] plainText) {
-        return createAes128CbcOptions(plainText, null);
+    public static EncryptOptions createAes128CbcOptions(byte[] plaintext) {
+        return createAes128CbcOptions(plaintext, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128CBC}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes128CbcOptions(byte[] plainText, byte[] iv) {
-        return new EncryptOptions(EncryptionAlgorithm.A128CBC, plainText, iv, null);
+    public static EncryptOptions createAes128CbcOptions(byte[] plaintext, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A128CBC, plaintext, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128CBCPAD}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes128CbcPadOptions(byte[] plainText) {
-        return createAes128CbcPadOptions(plainText, null);
+    public static EncryptOptions createAes128CbcPadOptions(byte[] plaintext) {
+        return createAes128CbcPadOptions(plaintext, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128CBCPAD}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes128CbcPadOptions(byte[] plainText, byte[] iv) {
-        return new EncryptOptions(EncryptionAlgorithm.A128CBCPAD, plainText, iv, null);
+    public static EncryptOptions createAes128CbcPadOptions(byte[] plaintext, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A128CBCPAD, plaintext, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128GCM}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes128GcmOptions(byte[] plainText, byte[] iv) {
-        return createAes128GcmOptions(plainText, iv, null);
+    public static EncryptOptions createAes128GcmOptions(byte[] plaintext, byte[] iv) {
+        return createAes128GcmOptions(plaintext, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128GCM}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes128GcmOptions(byte[] plainText, byte[] iv,
+    public static EncryptOptions createAes128GcmOptions(byte[] plaintext, byte[] iv,
                                                         byte[] additionalAuthenticatedData) {
-        return new EncryptOptions(EncryptionAlgorithm.A128GCM, plainText, iv, additionalAuthenticatedData);
+        return new EncryptOptions(EncryptionAlgorithm.A128GCM, plaintext, iv, additionalAuthenticatedData);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192CBC}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes192CbcOptions(byte[] plainText) {
-        return createAes192CbcOptions(plainText, null);
+    public static EncryptOptions createAes192CbcOptions(byte[] plaintext) {
+        return createAes192CbcOptions(plaintext, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192CBC}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes192CbcOptions(byte[] plainText, byte[] iv) {
-        return new EncryptOptions(EncryptionAlgorithm.A192CBC, plainText, iv, null);
+    public static EncryptOptions createAes192CbcOptions(byte[] plaintext, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A192CBC, plaintext, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192CBCPAD}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes192CbcPadOptions(byte[] plainText) {
-        return createAes192CbcPadOptions(plainText, null);
+    public static EncryptOptions createAes192CbcPadOptions(byte[] plaintext) {
+        return createAes192CbcPadOptions(plaintext, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192CBCPAD}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes192CbcPadOptions(byte[] plainText, byte[] iv) {
-        return new EncryptOptions(EncryptionAlgorithm.A192CBCPAD, plainText, iv, null);
+    public static EncryptOptions createAes192CbcPadOptions(byte[] plaintext, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A192CBCPAD, plaintext, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192GCM}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes192GcmOptions(byte[] plainText, byte[] iv) {
-        return createAes192GcmOptions(plainText, iv, null);
+    public static EncryptOptions createAes192GcmOptions(byte[] plaintext, byte[] iv) {
+        return createAes192GcmOptions(plaintext, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192GCM}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes192GcmOptions(byte[] plainText, byte[] iv,
+    public static EncryptOptions createAes192GcmOptions(byte[] plaintext, byte[] iv,
                                                         byte[] additionalAuthenticatedData) {
-        return new EncryptOptions(EncryptionAlgorithm.A192GCM, plainText, iv, additionalAuthenticatedData);
+        return new EncryptOptions(EncryptionAlgorithm.A192GCM, plaintext, iv, additionalAuthenticatedData);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256CBC}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes256CbcOptions(byte[] plainText) {
-        return createAes256CbcOptions(plainText, null);
+    public static EncryptOptions createAes256CbcOptions(byte[] plaintext) {
+        return createAes256CbcOptions(plaintext, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256CBC}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes256CbcOptions(byte[] plainText, byte[] iv) {
-        return new EncryptOptions(EncryptionAlgorithm.A256CBC, plainText, iv, null);
+    public static EncryptOptions createAes256CbcOptions(byte[] plaintext, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A256CBC, plaintext, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256CBCPAD}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes256CbcPadOptions(byte[] plainText) {
-        return createAes256CbcPadOptions(plainText, null);
+    public static EncryptOptions createAes256CbcPadOptions(byte[] plaintext) {
+        return createAes256CbcPadOptions(plaintext, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256CBCPAD}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes256CbcPadOptions(byte[] plainText, byte[] iv) {
-        return new EncryptOptions(EncryptionAlgorithm.A256CBCPAD, plainText, iv, null);
+    public static EncryptOptions createAes256CbcPadOptions(byte[] plaintext, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A256CBCPAD, plaintext, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256GCM}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes256GcmOptions(byte[] plainText, byte[] iv) {
-        return createAes256GcmOptions(plainText, iv, null);
+    public static EncryptOptions createAes256GcmOptions(byte[] plaintext, byte[] iv) {
+        return createAes256GcmOptions(plaintext, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256GCM}.
      *
-     * @param plainText The content to be encryption.
+     * @param plaintext The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes256GcmOptions(byte[] plainText, byte[] iv,
+    public static EncryptOptions createAes256GcmOptions(byte[] plaintext, byte[] iv,
                                                         byte[] additionalAuthenticatedData) {
-        return new EncryptOptions(EncryptionAlgorithm.A256GCM, plainText, iv, additionalAuthenticatedData);
+        return new EncryptOptions(EncryptionAlgorithm.A256GCM, plaintext, iv, additionalAuthenticatedData);
     }
 
     /**
      * Creates an instance of {@link EncryptOptions} with the given parameters.
      *
      * @param algorithm The algorithm to be used for encryption.
-     * @param plainText The content to be encrypted.
+     * @param plaintext The content to be encrypted.
      * @param iv Initialization vector for the encryption operation.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      */
-    EncryptOptions(EncryptionAlgorithm algorithm, byte[] plainText, byte[] iv, byte[] additionalAuthenticatedData) {
+    EncryptOptions(EncryptionAlgorithm algorithm, byte[] plaintext, byte[] iv, byte[] additionalAuthenticatedData) {
         Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null.");
-        Objects.requireNonNull(plainText, "Plain text content to be encrypted cannot be null.");
+        Objects.requireNonNull(plaintext, "Plain text content to be encrypted cannot be null.");
 
         this.algorithm = algorithm;
-        this.plainText = CoreUtils.clone(plainText);
+        this.plaintext = CoreUtils.clone(plaintext);
         this.iv = CoreUtils.clone(iv);
         this.additionalAuthenticatedData = CoreUtils.clone(additionalAuthenticatedData);
     }
@@ -280,8 +280,8 @@ public EncryptionAlgorithm getAlgorithm() {
      *
      * @return The content to be encrypted.
      */
-    public byte[] getPlainText() {
-        return CoreUtils.clone(plainText);
+    public byte[] getPlaintext() {
+        return CoreUtils.clone(plaintext);
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
index b8f174d1df5ef..491f212e49b41 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
@@ -69,8 +69,8 @@ Mono<String> getKeyId() {
      * @param plaintext The content to be encrypted.
      * @return A {@link Mono} containing a {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text}
      * contains the encrypted content.
-     * @throws UnsupportedOperationException if the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or  {@code plainText} is null.
+     * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
+     * @throws NullPointerException if {@code algorithm} or  {@code plaintext} is {@code null}.
      */
     public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
         return cryptographyAsyncClient.encrypt(algorithm, plaintext);
@@ -103,8 +103,8 @@ public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainte
      * @param encryptOptions The parameters to use in the encryption operation.
      * @return A {@link Mono} containing a {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text}
      * contains the encrypted content.
-     * @throws UnsupportedOperationException if the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or  {@code plainText} is null.
+     * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
+     * @throws NullPointerException if {@code encryptOptions} is {@code null}.
      */
     public Mono<EncryptResult> encrypt(EncryptOptions encryptOptions) {
         return cryptographyAsyncClient.encrypt(encryptOptions);
@@ -135,13 +135,13 @@ public Mono<EncryptResult> encrypt(EncryptOptions encryptOptions) {
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte}
      *
      * @param algorithm The algorithm to be used for decryption.
-     * @param cipherText The content to be decrypted.
+     * @param ciphertext The content to be decrypted.
      * @return A {@link Mono} containing the decrypted blob.
-     * @throws UnsupportedOperationException if the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or {@code cipherText} is null.
+     * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code ciphertext} are {@code null}.
      */
-    public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
-        return cryptographyAsyncClient.decrypt(algorithm, cipherText);
+    public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext) {
+        return cryptographyAsyncClient.decrypt(algorithm, ciphertext);
     }
 
     /**
@@ -170,8 +170,8 @@ public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherT
      *
      * @param decryptOptions The parameters to use in the decryption operation.
      * @return A {@link Mono} containing the decrypted blob.
-     * @throws UnsupportedOperationException if the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or {@code cipherText} is null.
+     * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code decryptOptions} is {@code null}.
      */
     public Mono<DecryptResult> decrypt(DecryptOptions decryptOptions) {
         return cryptographyAsyncClient.decrypt(decryptOptions);
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
index 0dc23643c0e34..2c55c84bfc0c4 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
@@ -65,8 +65,8 @@ public class LocalCryptographyClient {
      * @param plaintext The content to be encrypted.
      * @return The {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text} contains the encrypted
      *     content.
-     * @throws UnsupportedOperationException if the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or  {@code plainText} is null.
+     * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code decryptOptions} or {@code plaintext} is {@code null}.
      */
     public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
         return client.encrypt(algorithm, plaintext).block();
@@ -99,8 +99,8 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
      * @param encryptOptions The parameters to use in the encryption operation.
      * @return The {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text} contains the encrypted
      *     content.
-     * @throws UnsupportedOperationException if the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or  {@code plainText} is null.
+     * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code decryptOptions} is {@code null}.
      */
     public EncryptResult encrypt(EncryptOptions encryptOptions) {
         return client.encrypt(encryptOptions).block();
@@ -131,13 +131,13 @@ public EncryptResult encrypt(EncryptOptions encryptOptions) {
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.decrypt#EncryptionAlgorithm-byte}
      *
      * @param algorithm The algorithm to be used for decryption.
-     * @param cipherText The content to be decrypted.
+     * @param ciphertext The content to be decrypted.
      * @return The decrypted blob.
-     * @throws UnsupportedOperationException if the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or {@code cipherText} is null.
+     * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code algorithm} or {@code ciphertext} is {@code null}.
      */
-    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
-        return client.decrypt(algorithm, cipherText).block();
+    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext) {
+        return client.decrypt(algorithm, ciphertext).block();
     }
 
     /**
@@ -166,8 +166,8 @@ public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
      *
      * @param decryptOptions The parameters to use in the decryption operation.
      * @return The decrypted blob.
-     * @throws UnsupportedOperationException if the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or {@code cipherText} is null.
+     * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
+     * @throws NullPointerException If {@code decryptOptions} is {@code null}.
      */
     public DecryptResult decrypt(DecryptOptions decryptOptions) {
         return client.decrypt(decryptOptions).block();
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
index e6a3d34ee6cbf..98827d4ab14d8 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
@@ -56,7 +56,7 @@ private KeyPair getKeyPair(JsonWebKey key) {
     Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context, JsonWebKey jsonWebKey) {
         Objects.requireNonNull(encryptOptions, "'encryptOptions' cannot be null.");
         Objects.requireNonNull(encryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
-        Objects.requireNonNull(encryptOptions.getPlainText(), "Plain text content to be encrypted cannot be null.");
+        Objects.requireNonNull(encryptOptions.getPlaintext(), "Plain text content to be encrypted cannot be null.");
 
         keyPair = getKeyPair(jsonWebKey);
 
@@ -87,7 +87,7 @@ Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context,
 
         try {
             transform = algo.createEncryptor(keyPair);
-            return Mono.just(new EncryptResult(transform.doFinal(encryptOptions.getPlainText()), algorithm,
+            return Mono.just(new EncryptResult(transform.doFinal(encryptOptions.getPlaintext()), algorithm,
                 jsonWebKey.getId()));
         } catch (InvalidKeyException
             | NoSuchAlgorithmException
@@ -102,7 +102,7 @@ Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context,
     Mono<DecryptResult> decryptAsync(DecryptOptions decryptOptions, Context context, JsonWebKey jsonWebKey) {
         Objects.requireNonNull(decryptOptions, "'decryptOptions' cannot be null.");
         Objects.requireNonNull(decryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
-        Objects.requireNonNull(decryptOptions.getCipherText(), "Cipher text content to be decrypted cannot be null.");
+        Objects.requireNonNull(decryptOptions.getCiphertext(), "Cipher text content to be decrypted cannot be null.");
 
         keyPair = getKeyPair(jsonWebKey);
 
@@ -133,7 +133,7 @@ Mono<DecryptResult> decryptAsync(DecryptOptions decryptOptions, Context context,
 
         try {
             transform = algo.createDecryptor(keyPair);
-            return Mono.just(new DecryptResult(transform.doFinal(decryptOptions.getCipherText()), algorithm,
+            return Mono.just(new DecryptResult(transform.doFinal(decryptOptions.getCiphertext()), algorithm,
                 jsonWebKey.getId()));
         } catch (InvalidKeyException
             | NoSuchAlgorithmException
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
index 14ff39bf849f5..f253e52f8a23b 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
@@ -19,7 +19,6 @@
 
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
-import java.util.Objects;
 
 class SymmetricKeyCryptographyClient extends LocalKeyCryptographyClient {
     private static final int CBC_BLOCK_SIZE = 16;
@@ -52,10 +51,6 @@ private byte[] getKey(JsonWebKey key) {
 
     @Override
     Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context, JsonWebKey jsonWebKey) {
-        Objects.requireNonNull(encryptOptions, "'encryptOptions' cannot be null.");
-        Objects.requireNonNull(encryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
-        Objects.requireNonNull(encryptOptions.getPlainText(), "Plain text content to be encrypted cannot be null.");
-
         this.key = getKey(jsonWebKey);
 
         if (key == null || key.length == 0) {
@@ -101,7 +96,7 @@ Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context,
         byte[] encrypted;
 
         try {
-            encrypted = transform.doFinal(encryptOptions.getPlainText());
+            encrypted = transform.doFinal(encryptOptions.getPlaintext());
         } catch (Exception e) {
             return Mono.error(e);
         }
@@ -112,10 +107,6 @@ Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context,
 
     @Override
     Mono<DecryptResult> decryptAsync(DecryptOptions decryptOptions, Context context, JsonWebKey jsonWebKey) {
-        Objects.requireNonNull(decryptOptions, "'decryptOptions' cannot be null.");
-        Objects.requireNonNull(decryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
-        Objects.requireNonNull(decryptOptions.getCipherText(), "Cipher text content to be decrypted cannot be null.");
-
         this.key = getKey(jsonWebKey);
 
         if (key == null || key.length == 0) {
@@ -160,7 +151,7 @@ Mono<DecryptResult> decryptAsync(DecryptOptions decryptOptions, Context context,
         byte[] decrypted;
 
         try {
-            decrypted = transform.doFinal(decryptOptions.getCipherText());
+            decrypted = transform.doFinal(decryptOptions.getCiphertext());
         } catch (Exception e) {
             return Mono.error(e);
         }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/models/EncryptResult.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/models/EncryptResult.java
index 6239bbcc85cde..bce3f6e444d8b 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/models/EncryptResult.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/models/EncryptResult.java
@@ -5,7 +5,6 @@
 
 import com.azure.core.annotation.Immutable;
 import com.azure.core.util.CoreUtils;
-import com.fasterxml.jackson.annotation.JsonProperty;
 
 /**
  * Represents the details of encrypt operation result.

From 0bcd9cdafcd48fc0ca019709dbcf7f8eae9cccf8 Mon Sep 17 00:00:00 2001
From: Victor Colin Amador <vicolina@microsoft.com>
Date: Thu, 12 Nov 2020 16:58:36 -0800
Subject: [PATCH 14/15] Reverted capitalization change.

---
 .../keyvault/keys/cryptography/AesCbc.java    |   8 +-
 .../keyvault/keys/cryptography/AesCbcPad.java |   8 +-
 .../keyvault/keys/cryptography/AesGcm.java    |   8 +-
 .../keyvault/keys/cryptography/AesKw.java     |   8 +-
 .../cryptography/CryptographyAsyncClient.java |  20 +--
 .../keys/cryptography/CryptographyClient.java |  32 ++---
 .../CryptographyServiceClient.java            |   4 +-
 .../keys/cryptography/DecryptOptions.java     |  92 +++++++------
 .../keys/cryptography/EncryptOptions.java     | 122 +++++++++---------
 .../LocalCryptographyAsyncClient.java         |  20 +--
 .../cryptography/LocalCryptographyClient.java |  16 +--
 .../keyvault/keys/cryptography/Rsa15.java     |   8 +-
 .../RsaKeyCryptographyClient.java             |   8 +-
 .../keyvault/keys/cryptography/RsaOaep.java   |   8 +-
 .../SymmetricKeyCryptographyClient.java       |   4 +-
 15 files changed, 186 insertions(+), 180 deletions(-)

diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbc.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbc.java
index d72fdf079b7a5..c98d10ba05877 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbc.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbc.java
@@ -43,8 +43,8 @@ static class AesCbcEncryptor implements ICryptoTransform {
         }
 
         @Override
-        public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException {
-            return cipher.doFinal(plaintext);
+        public byte[] doFinal(byte[] plainText) throws IllegalBlockSizeException, BadPaddingException {
+            return cipher.doFinal(plainText);
         }
     }
 
@@ -65,8 +65,8 @@ static class AesCbcDecryptor implements ICryptoTransform {
         }
 
         @Override
-        public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException {
-            return cipher.doFinal(plaintext);
+        public byte[] doFinal(byte[] plainText) throws IllegalBlockSizeException, BadPaddingException {
+            return cipher.doFinal(plainText);
         }
     }
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcPad.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcPad.java
index 114f4f90e32a7..4e7230dd4072d 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcPad.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesCbcPad.java
@@ -43,8 +43,8 @@ static class AesCbcPadEncryptor implements ICryptoTransform {
         }
 
         @Override
-        public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException {
-            return cipher.doFinal(plaintext);
+        public byte[] doFinal(byte[] plainText) throws IllegalBlockSizeException, BadPaddingException {
+            return cipher.doFinal(plainText);
         }
     }
 
@@ -65,8 +65,8 @@ static class AesCbcPadDecryptor implements ICryptoTransform {
         }
 
         @Override
-        public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException {
-            return cipher.doFinal(plaintext);
+        public byte[] doFinal(byte[] plainText) throws IllegalBlockSizeException, BadPaddingException {
+            return cipher.doFinal(plainText);
         }
     }
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java
index d0a6ddd5e1465..eaf161c51339e 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesGcm.java
@@ -47,8 +47,8 @@ static class AesGcmEncryptor implements ICryptoTransform {
         }
 
         @Override
-        public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException {
-            return cipher.doFinal(plaintext);
+        public byte[] doFinal(byte[] plainText) throws IllegalBlockSizeException, BadPaddingException {
+            return cipher.doFinal(plainText);
         }
     }
 
@@ -75,8 +75,8 @@ static class AesGcmDecryptor implements ICryptoTransform {
         }
 
         @Override
-        public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException {
-            return cipher.doFinal(plaintext);
+        public byte[] doFinal(byte[] plainText) throws IllegalBlockSizeException, BadPaddingException {
+            return cipher.doFinal(plainText);
         }
     }
 
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw.java
index e7fe66a1be746..05c16becc1f4b 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/AesKw.java
@@ -48,10 +48,10 @@ static class AesKwDecryptor implements ICryptoTransform {
         }
 
         @Override
-        public byte[] doFinal(byte[] plaintext)
+        public byte[] doFinal(byte[] plainText)
             throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException {
 
-            return cipher.unwrap(plaintext, "AESWrap", Cipher.SECRET_KEY).getEncoded();
+            return cipher.unwrap(plainText, "AESWrap", Cipher.SECRET_KEY).getEncoded();
         }
 
     }
@@ -81,10 +81,10 @@ static class AesKwEncryptor implements ICryptoTransform {
         }
 
         @Override
-        public byte[] doFinal(byte[] plaintext)
+        public byte[] doFinal(byte[] plainText)
             throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException {
 
-            return cipher.wrap(new SecretKeySpec(plaintext, "AES"));
+            return cipher.wrap(new SecretKeySpec(plainText, "AES"));
         }
 
     }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
index 2c2b999c9c0fd..949d4554da6ef 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.java
@@ -196,7 +196,7 @@ Mono<JsonWebKey> getSecretKey() {
      * portion of the key is used for encryption. This operation requires the keys/encrypt permission.
      *
      * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for encrypting the
-     * specified {@code plaintext}. Possible values for asymmetric keys include:
+     * specified {@code plainText}. Possible values for asymmetric keys include:
      * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
      * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
      *
@@ -214,16 +214,16 @@ Mono<JsonWebKey> getSecretKey() {
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte}
      *
      * @param algorithm The algorithm to be used for encryption.
-     * @param plaintext The content to be encrypted.
+     * @param plainText The content to be encrypted.
      * @return A {@link Mono} containing a {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text}
      * contains the encrypted content.
      * @throws ResourceNotFoundException If the key cannot be found for encryption.
      * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code plaintext} are {@code null}.
+     * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
-    public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
-        return encrypt(new EncryptOptions(algorithm, plaintext, null, null), null);
+    public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainText) {
+        return encrypt(new EncryptOptions(algorithm, plainText, null, null), null);
     }
 
     /**
@@ -233,7 +233,7 @@ public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainte
      * portion of the key is used for encryption. This operation requires the keys/encrypt permission.
      *
      * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for encrypting the
-     * specified {@code plaintext}. Possible values for asymmetric keys include:
+     * specified {@code plainText}. Possible values for asymmetric keys include:
      * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
      * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
      *
@@ -309,15 +309,15 @@ Mono<EncryptResult> encrypt(EncryptOptions encryptOptions, Context context) {
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte}
      *
      * @param algorithm The algorithm to be used for decryption.
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @return A {@link Mono} containing the decrypted blob.
      * @throws ResourceNotFoundException If the key cannot be found for decryption.
      * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code ciphertext} are {@code null}.
+     * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
     @ServiceMethod(returns = ReturnType.SINGLE)
-    public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext) {
-        return decrypt(new DecryptOptions(algorithm, ciphertext, null, null, null));
+    public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
+        return decrypt(new DecryptOptions(algorithm, cipherText, null, null, null));
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
index 790cfe5175367..75f6c7e555dc1 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyClient.java
@@ -102,16 +102,16 @@ public Response<KeyVaultKey> getKeyWithResponse(Context context) {
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte-Context}
      *
      * @param algorithm The algorithm to be used for encryption.
-     * @param plaintext The content to be encrypted.
+     * @param plainText The content to be encrypted.
      * @param context Additional context that is passed through the Http pipeline during the service call.
      * @return A {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text} contains the encrypted
      * content.
      * @throws ResourceNotFoundException If the key cannot be found for encryption.
      * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code plaintext} are {@code null}.
+     * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
      */
-    public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Context context) {
-        return encrypt(new EncryptOptions(algorithm, plaintext, null, null), context);
+    public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plainText, Context context) {
+        return encrypt(new EncryptOptions(algorithm, plainText, null, null), context);
     }
 
     /**
@@ -139,15 +139,15 @@ public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext, Co
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.encrypt#EncryptionAlgorithm-byte}
      *
      * @param algorithm The algorithm to be used for encryption.
-     * @param plaintext The content to be encrypted.
+     * @param plainText The content to be encrypted.
      * @return The {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text} contains the encrypted
      * content.
      * @throws ResourceNotFoundException If the key cannot be found for encryption.
      * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code plaintext} are {@code null}.
+     * @throws NullPointerException If {@code algorithm} or {@code plainText} are {@code null}.
      */
-    public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
-        return encrypt(algorithm, plaintext, Context.NONE);
+    public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plainText) {
+        return encrypt(algorithm, plainText, Context.NONE);
     }
 
     /**
@@ -211,15 +211,15 @@ public EncryptResult encrypt(EncryptOptions encryptOptions, Context context) {
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte-Context}
      *
      * @param algorithm The algorithm to be used for decryption.
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @param context Additional context that is passed through the Http pipeline during the service call.
      * @return The decrypted blob.
      * @throws ResourceNotFoundException If the key cannot be found for encryption.
      * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code ciphertext} are {@code null}.
+     * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
-    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext, Context context) {
-        return decrypt(new DecryptOptions(algorithm, ciphertext, null, null, null), context);
+    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText, Context context) {
+        return decrypt(new DecryptOptions(algorithm, cipherText, null, null, null), context);
     }
 
     /**
@@ -247,14 +247,14 @@ public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext, C
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.CryptographyClient.decrypt#EncryptionAlgorithm-byte}
      *
      * @param algorithm The algorithm to be used for decryption.
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @return The decrypted blob.
      * @throws ResourceNotFoundException If the key cannot be found for encryption.
      * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code ciphertext} are {@code null}.
+     * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
-    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext) {
-        return decrypt(new DecryptOptions(algorithm, ciphertext, null, null, null), Context.NONE);
+    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
+        return decrypt(new DecryptOptions(algorithm, cipherText, null, null, null), Context.NONE);
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
index 9a4a691d8ff1d..d6b22b16da1c2 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.java
@@ -133,7 +133,7 @@ Mono<EncryptResult> encrypt(EncryptOptions encryptOptions, Context context) {
         byte[] authenticatedData = encryptOptions.getAdditionalAuthenticatedData();
         KeyOperationParameters parameters = new KeyOperationParameters()
             .setAlgorithm(algorithm)
-            .setValue(encryptOptions.getPlaintext())
+            .setValue(encryptOptions.getPlainText())
             .setIv(iv)
             .setAdditionalAuthenticatedData(authenticatedData);
         context = context == null ? Context.NONE : context;
@@ -158,7 +158,7 @@ Mono<DecryptResult> decrypt(DecryptOptions decryptOptions, Context context) {
         byte[] authenticationTag = decryptOptions.getAuthenticationTag();
         KeyOperationParameters parameters = new KeyOperationParameters()
             .setAlgorithm(algorithm)
-            .setValue(decryptOptions.getCiphertext())
+            .setValue(decryptOptions.getCipherText())
             .setIv(iv)
             .setAdditionalAuthenticatedData(additionalAuthenticatedData)
             .setAuthenticationTag(authenticationTag);
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
index 54dd9a8246e5b..7c7b7092a1590 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/DecryptOptions.java
@@ -20,7 +20,7 @@ public class DecryptOptions {
     /**
      * The content to be decrypted.
      */
-    private final byte[] ciphertext;
+    private final byte[] cipherText;
 
     /**
      * Initialization vector to be used in the decryption operation using a symmetric algorithm.
@@ -41,51 +41,51 @@ public class DecryptOptions {
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128CBC}.
      *
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @param iv Initialization vector for the decryption operation.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes128CbcOptions(byte[] ciphertext, byte[] iv) {
-        return new DecryptOptions(EncryptionAlgorithm.A128CBC, ciphertext, iv, null, null);
+    public static DecryptOptions createAes128CbcOptions(byte[] cipherText, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A128CBC, cipherText, iv, null, null);
     }
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128CBCPAD}.
      *
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @param iv Initialization vector for the decryption operation.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes128CbcPadOptions(byte[] ciphertext, byte[] iv) {
-        return new DecryptOptions(EncryptionAlgorithm.A128CBCPAD, ciphertext, iv, null, null);
+    public static DecryptOptions createAes128CbcPadOptions(byte[] cipherText, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A128CBCPAD, cipherText, iv, null, null);
     }
 
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128GCM}.
      *
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @param iv Initialization vector for the decryption operation.
      * @param authenticationTag The tag to authenticate when performing decryption.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes128GcmOptions(byte[] ciphertext, byte[] iv, byte[] authenticationTag) {
-        return createAes128GcmOptions(ciphertext, iv, authenticationTag, null);
+    public static DecryptOptions createAes128GcmOptions(byte[] cipherText, byte[] iv, byte[] authenticationTag) {
+        return createAes128GcmOptions(cipherText, iv, authenticationTag, null);
     }
 
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128GCM}.
      *
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @param iv Initialization vector for the decryption operation.
      * @param authenticationTag The tag to authenticate when performing decryption.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes128GcmOptions(byte[] ciphertext, byte[] iv, byte[] authenticationTag,
+    public static DecryptOptions createAes128GcmOptions(byte[] cipherText, byte[] iv, byte[] authenticationTag,
                                                         byte[] additionalAuthenticatedData) {
-        return new DecryptOptions(EncryptionAlgorithm.A128GCM, ciphertext, iv, authenticationTag,
+        return new DecryptOptions(EncryptionAlgorithm.A128GCM, cipherText, iv, authenticationTag,
             additionalAuthenticatedData);
     }
 
@@ -93,103 +93,103 @@ public static DecryptOptions createAes128GcmOptions(byte[] ciphertext, byte[] iv
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192CBC}.
      *
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @param iv Initialization vector for the decryption operation.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes192CbcOptions(byte[] ciphertext, byte[] iv) {
-        return new DecryptOptions(EncryptionAlgorithm.A192CBC, ciphertext, iv, null, null);
+    public static DecryptOptions createAes192CbcOptions(byte[] cipherText, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A192CBC, cipherText, iv, null, null);
     }
 
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192CBCPAD}.
      *
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @param iv Initialization vector for the decryption operation.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes192CbcPadOptions(byte[] ciphertext, byte[] iv) {
-        return new DecryptOptions(EncryptionAlgorithm.A192CBCPAD, ciphertext, iv, null, null);
+    public static DecryptOptions createAes192CbcPadOptions(byte[] cipherText, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A192CBCPAD, cipherText, iv, null, null);
     }
 
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192GCM}.
      *
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @param iv Initialization vector for the decryption operation.
      * @param authenticationTag The tag to authenticate when performing decryption.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes192GcmOptions(byte[] ciphertext, byte[] iv, byte[] authenticationTag) {
-        return createAes192GcmOptions(ciphertext, iv, authenticationTag, null);
+    public static DecryptOptions createAes192GcmOptions(byte[] cipherText, byte[] iv, byte[] authenticationTag) {
+        return createAes192GcmOptions(cipherText, iv, authenticationTag, null);
     }
 
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192GCM}.
      *
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @param iv Initialization vector for the decryption operation.
      * @param authenticationTag The tag to authenticate when performing decryption.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes192GcmOptions(byte[] ciphertext, byte[] iv, byte[] authenticationTag,
+    public static DecryptOptions createAes192GcmOptions(byte[] cipherText, byte[] iv, byte[] authenticationTag,
                                                         byte[] additionalAuthenticatedData) {
-        return new DecryptOptions(EncryptionAlgorithm.A192GCM, ciphertext, iv, authenticationTag,
+        return new DecryptOptions(EncryptionAlgorithm.A192GCM, cipherText, iv, authenticationTag,
             additionalAuthenticatedData);
     }
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256CBC}.
      *
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @param iv Initialization vector for the decryption operation.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes256CbcOptions(byte[] ciphertext, byte[] iv) {
-        return new DecryptOptions(EncryptionAlgorithm.A256CBC, ciphertext, iv, null, null);
+    public static DecryptOptions createAes256CbcOptions(byte[] cipherText, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A256CBC, cipherText, iv, null, null);
     }
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256CBCPAD}.
      *
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @param iv Initialization vector for the decryption operation.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes256CbcPadOptions(byte[] ciphertext, byte[] iv) {
-        return new DecryptOptions(EncryptionAlgorithm.A256CBCPAD, ciphertext, iv, null, null);
+    public static DecryptOptions createAes256CbcPadOptions(byte[] cipherText, byte[] iv) {
+        return new DecryptOptions(EncryptionAlgorithm.A256CBCPAD, cipherText, iv, null, null);
     }
 
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256GCM}.
      *
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @param iv Initialization vector for the decryption operation.
      * @param authenticationTag The tag to authenticate when performing decryption.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes256GcmOptions(byte[] ciphertext, byte[] iv, byte[] authenticationTag) {
-        return createAes256GcmOptions(ciphertext, iv, authenticationTag, null);
+    public static DecryptOptions createAes256GcmOptions(byte[] cipherText, byte[] iv, byte[] authenticationTag) {
+        return createAes256GcmOptions(cipherText, iv, authenticationTag, null);
     }
 
     /**
      * Factory method to create an instance of {@link DecryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256GCM}.
      *
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @param iv Initialization vector for the decryption operation.
      * @param authenticationTag The tag to authenticate when performing decryption.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      * @return The {@link DecryptOptions}.
      */
-    public static DecryptOptions createAes256GcmOptions(byte[] ciphertext, byte[] iv, byte[] authenticationTag,
+    public static DecryptOptions createAes256GcmOptions(byte[] cipherText, byte[] iv, byte[] authenticationTag,
                                                         byte[] additionalAuthenticatedData) {
-        return new DecryptOptions(EncryptionAlgorithm.A256GCM, ciphertext, iv, authenticationTag,
+        return new DecryptOptions(EncryptionAlgorithm.A256GCM, cipherText, iv, authenticationTag,
             additionalAuthenticatedData);
     }
 
@@ -197,18 +197,24 @@ public static DecryptOptions createAes256GcmOptions(byte[] ciphertext, byte[] iv
      * Creates an instance of {@link DecryptOptions} with the given parameters.
      *
      * @param algorithm The algorithm to be used for decryption.
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @param iv Initialization vector for the decryption operation.
      * @param authenticationTag The tag to authenticate when performing decryption.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      */
-    DecryptOptions(EncryptionAlgorithm algorithm, byte[] ciphertext, byte[] iv, byte[] authenticationTag,
+    DecryptOptions(EncryptionAlgorithm algorithm, byte[] cipherText, byte[] iv, byte[] authenticationTag,
                    byte[] additionalAuthenticatedData) {
         Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null.");
-        Objects.requireNonNull(ciphertext, "Cipher text content to be decrypted cannot be null.");
+        Objects.requireNonNull(cipherText, "Cipher text content to be decrypted cannot be null.");
+
+        if (algorithm == EncryptionAlgorithm.A128GCM || algorithm == EncryptionAlgorithm.A192GCM
+            || algorithm == EncryptionAlgorithm.A256GCM) {
+
+            Objects.requireNonNull(authenticationTag, "Authentication tag cannot be null for GCM encryption.");
+        }
 
         this.algorithm = algorithm;
-        this.ciphertext = CoreUtils.clone(ciphertext);
+        this.cipherText = CoreUtils.clone(cipherText);
         this.iv = CoreUtils.clone(iv);
         this.additionalAuthenticatedData = CoreUtils.clone(additionalAuthenticatedData);
         this.authenticationTag = CoreUtils.clone(authenticationTag);
@@ -228,8 +234,8 @@ public EncryptionAlgorithm getAlgorithm() {
      *
      * @return The content to be decrypted.
      */
-    public byte[] getCiphertext() {
-        return CoreUtils.clone(ciphertext);
+    public byte[] getCipherText() {
+        return CoreUtils.clone(cipherText);
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
index 92e551609cf31..0f4a3ffeca1f5 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/EncryptOptions.java
@@ -20,7 +20,7 @@ public class EncryptOptions {
     /**
      * The content to be encrypted.
      */
-    private final byte[] plaintext;
+    private final byte[] plainText;
 
     /**
      * Initialization vector to be used in the encryption operation using a symmetric algorithm.
@@ -36,232 +36,232 @@ public class EncryptOptions {
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128CBC}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes128CbcOptions(byte[] plaintext) {
-        return createAes128CbcOptions(plaintext, null);
+    public static EncryptOptions createAes128CbcOptions(byte[] plainText) {
+        return createAes128CbcOptions(plainText, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128CBC}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes128CbcOptions(byte[] plaintext, byte[] iv) {
-        return new EncryptOptions(EncryptionAlgorithm.A128CBC, plaintext, iv, null);
+    public static EncryptOptions createAes128CbcOptions(byte[] plainText, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A128CBC, plainText, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128CBCPAD}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes128CbcPadOptions(byte[] plaintext) {
-        return createAes128CbcPadOptions(plaintext, null);
+    public static EncryptOptions createAes128CbcPadOptions(byte[] plainText) {
+        return createAes128CbcPadOptions(plainText, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128CBCPAD}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes128CbcPadOptions(byte[] plaintext, byte[] iv) {
-        return new EncryptOptions(EncryptionAlgorithm.A128CBCPAD, plaintext, iv, null);
+    public static EncryptOptions createAes128CbcPadOptions(byte[] plainText, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A128CBCPAD, plainText, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128GCM}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes128GcmOptions(byte[] plaintext, byte[] iv) {
-        return createAes128GcmOptions(plaintext, iv, null);
+    public static EncryptOptions createAes128GcmOptions(byte[] plainText, byte[] iv) {
+        return createAes128GcmOptions(plainText, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A128GCM}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes128GcmOptions(byte[] plaintext, byte[] iv,
+    public static EncryptOptions createAes128GcmOptions(byte[] plainText, byte[] iv,
                                                         byte[] additionalAuthenticatedData) {
-        return new EncryptOptions(EncryptionAlgorithm.A128GCM, plaintext, iv, additionalAuthenticatedData);
+        return new EncryptOptions(EncryptionAlgorithm.A128GCM, plainText, iv, additionalAuthenticatedData);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192CBC}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes192CbcOptions(byte[] plaintext) {
-        return createAes192CbcOptions(plaintext, null);
+    public static EncryptOptions createAes192CbcOptions(byte[] plainText) {
+        return createAes192CbcOptions(plainText, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192CBC}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes192CbcOptions(byte[] plaintext, byte[] iv) {
-        return new EncryptOptions(EncryptionAlgorithm.A192CBC, plaintext, iv, null);
+    public static EncryptOptions createAes192CbcOptions(byte[] plainText, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A192CBC, plainText, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192CBCPAD}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes192CbcPadOptions(byte[] plaintext) {
-        return createAes192CbcPadOptions(plaintext, null);
+    public static EncryptOptions createAes192CbcPadOptions(byte[] plainText) {
+        return createAes192CbcPadOptions(plainText, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192CBCPAD}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes192CbcPadOptions(byte[] plaintext, byte[] iv) {
-        return new EncryptOptions(EncryptionAlgorithm.A192CBCPAD, plaintext, iv, null);
+    public static EncryptOptions createAes192CbcPadOptions(byte[] plainText, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A192CBCPAD, plainText, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192GCM}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes192GcmOptions(byte[] plaintext, byte[] iv) {
-        return createAes192GcmOptions(plaintext, iv, null);
+    public static EncryptOptions createAes192GcmOptions(byte[] plainText, byte[] iv) {
+        return createAes192GcmOptions(plainText, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A192GCM}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes192GcmOptions(byte[] plaintext, byte[] iv,
+    public static EncryptOptions createAes192GcmOptions(byte[] plainText, byte[] iv,
                                                         byte[] additionalAuthenticatedData) {
-        return new EncryptOptions(EncryptionAlgorithm.A192GCM, plaintext, iv, additionalAuthenticatedData);
+        return new EncryptOptions(EncryptionAlgorithm.A192GCM, plainText, iv, additionalAuthenticatedData);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256CBC}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes256CbcOptions(byte[] plaintext) {
-        return createAes256CbcOptions(plaintext, null);
+    public static EncryptOptions createAes256CbcOptions(byte[] plainText) {
+        return createAes256CbcOptions(plainText, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256CBC}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes256CbcOptions(byte[] plaintext, byte[] iv) {
-        return new EncryptOptions(EncryptionAlgorithm.A256CBC, plaintext, iv, null);
+    public static EncryptOptions createAes256CbcOptions(byte[] plainText, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A256CBC, plainText, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256CBCPAD}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes256CbcPadOptions(byte[] plaintext) {
-        return createAes256CbcPadOptions(plaintext, null);
+    public static EncryptOptions createAes256CbcPadOptions(byte[] plainText) {
+        return createAes256CbcPadOptions(plainText, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256CBCPAD}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes256CbcPadOptions(byte[] plaintext, byte[] iv) {
-        return new EncryptOptions(EncryptionAlgorithm.A256CBCPAD, plaintext, iv, null);
+    public static EncryptOptions createAes256CbcPadOptions(byte[] plainText, byte[] iv) {
+        return new EncryptOptions(EncryptionAlgorithm.A256CBCPAD, plainText, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256GCM}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes256GcmOptions(byte[] plaintext, byte[] iv) {
-        return createAes256GcmOptions(plaintext, iv, null);
+    public static EncryptOptions createAes256GcmOptions(byte[] plainText, byte[] iv) {
+        return createAes256GcmOptions(plainText, iv, null);
     }
 
     /**
      * Factory method to create an instance of {@link EncryptOptions} with the given parameters for
      * {@link EncryptionAlgorithm#A256GCM}.
      *
-     * @param plaintext The content to be encryption.
+     * @param plainText The content to be encryption.
      * @param iv Initialization vector for the encryption operation.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      * @return The {@link EncryptOptions}.
      */
-    public static EncryptOptions createAes256GcmOptions(byte[] plaintext, byte[] iv,
+    public static EncryptOptions createAes256GcmOptions(byte[] plainText, byte[] iv,
                                                         byte[] additionalAuthenticatedData) {
-        return new EncryptOptions(EncryptionAlgorithm.A256GCM, plaintext, iv, additionalAuthenticatedData);
+        return new EncryptOptions(EncryptionAlgorithm.A256GCM, plainText, iv, additionalAuthenticatedData);
     }
 
     /**
      * Creates an instance of {@link EncryptOptions} with the given parameters.
      *
      * @param algorithm The algorithm to be used for encryption.
-     * @param plaintext The content to be encrypted.
+     * @param plainText The content to be encrypted.
      * @param iv Initialization vector for the encryption operation.
      * @param additionalAuthenticatedData Additional data to authenticate when using authenticated crypto algorithms.
      */
-    EncryptOptions(EncryptionAlgorithm algorithm, byte[] plaintext, byte[] iv, byte[] additionalAuthenticatedData) {
+    EncryptOptions(EncryptionAlgorithm algorithm, byte[] plainText, byte[] iv, byte[] additionalAuthenticatedData) {
         Objects.requireNonNull(algorithm, "Encryption algorithm cannot be null.");
-        Objects.requireNonNull(plaintext, "Plain text content to be encrypted cannot be null.");
+        Objects.requireNonNull(plainText, "Plain text content to be encrypted cannot be null.");
 
         this.algorithm = algorithm;
-        this.plaintext = CoreUtils.clone(plaintext);
+        this.plainText = CoreUtils.clone(plainText);
         this.iv = CoreUtils.clone(iv);
         this.additionalAuthenticatedData = CoreUtils.clone(additionalAuthenticatedData);
     }
@@ -280,8 +280,8 @@ public EncryptionAlgorithm getAlgorithm() {
      *
      * @return The content to be encrypted.
      */
-    public byte[] getPlaintext() {
-        return CoreUtils.clone(plaintext);
+    public byte[] getPlainText() {
+        return CoreUtils.clone(plainText);
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
index 491f212e49b41..1d9f755a0885d 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyAsyncClient.java
@@ -48,7 +48,7 @@ Mono<String> getKeyId() {
      * portion of the key is used for encryption. This operation requires the keys/encrypt permission.
      *
      * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for encrypting the
-     * specified {@code plaintext}. Possible values for asymmetric keys include:
+     * specified {@code plainText}. Possible values for asymmetric keys include:
      * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
      * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
      *
@@ -66,14 +66,14 @@ Mono<String> getKeyId() {
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.encrypt#EncryptionAlgorithm-byte}
      *
      * @param algorithm The algorithm to be used for encryption.
-     * @param plaintext The content to be encrypted.
+     * @param plainText The content to be encrypted.
      * @return A {@link Mono} containing a {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text}
      * contains the encrypted content.
      * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException if {@code algorithm} or  {@code plaintext} is {@code null}.
+     * @throws NullPointerException if {@code algorithm} or  {@code plainText} is {@code null}.
      */
-    public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
-        return cryptographyAsyncClient.encrypt(algorithm, plaintext);
+    public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainText) {
+        return cryptographyAsyncClient.encrypt(algorithm, plainText);
     }
 
     /**
@@ -83,7 +83,7 @@ public Mono<EncryptResult> encrypt(EncryptionAlgorithm algorithm, byte[] plainte
      * portion of the key is used for encryption. This operation requires the keys/encrypt permission.
      *
      * <p>The {@link EncryptionAlgorithm encryption algorithm} indicates the type of algorithm to use for encrypting the
-     * specified {@code plaintext}. Possible values for asymmetric keys include:
+     * specified {@code plainText}. Possible values for asymmetric keys include:
      * {@link EncryptionAlgorithm#RSA1_5 RSA1_5}, {@link EncryptionAlgorithm#RSA_OAEP RSA_OAEP} and
      * {@link EncryptionAlgorithm#RSA_OAEP_256 RSA_OAEP_256}.
      *
@@ -135,13 +135,13 @@ public Mono<EncryptResult> encrypt(EncryptOptions encryptOptions) {
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyAsyncClient.decrypt#EncryptionAlgorithm-byte}
      *
      * @param algorithm The algorithm to be used for decryption.
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @return A {@link Mono} containing the decrypted blob.
      * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code ciphertext} are {@code null}.
+     * @throws NullPointerException If {@code algorithm} or {@code cipherText} are {@code null}.
      */
-    public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext) {
-        return cryptographyAsyncClient.decrypt(algorithm, ciphertext);
+    public Mono<DecryptResult> decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
+        return cryptographyAsyncClient.decrypt(algorithm, cipherText);
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
index 2c55c84bfc0c4..3ddb58fed44bc 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/LocalCryptographyClient.java
@@ -62,14 +62,14 @@ public class LocalCryptographyClient {
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.encrypt#EncryptionAlgorithm-byte}
      *
      * @param algorithm The algorithm to be used for encryption.
-     * @param plaintext The content to be encrypted.
+     * @param plainText The content to be encrypted.
      * @return The {@link EncryptResult} whose {@link EncryptResult#getCipherText() cipher text} contains the encrypted
      *     content.
      * @throws UnsupportedOperationException If the encrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code decryptOptions} or {@code plaintext} is {@code null}.
+     * @throws NullPointerException If {@code decryptOptions} or {@code plainText} is {@code null}.
      */
-    public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plaintext) {
-        return client.encrypt(algorithm, plaintext).block();
+    public EncryptResult encrypt(EncryptionAlgorithm algorithm, byte[] plainText) {
+        return client.encrypt(algorithm, plainText).block();
     }
 
     /**
@@ -131,13 +131,13 @@ public EncryptResult encrypt(EncryptOptions encryptOptions) {
      * {@codesnippet com.azure.security.keyvault.keys.cryptography.LocalCryptographyClient.decrypt#EncryptionAlgorithm-byte}
      *
      * @param algorithm The algorithm to be used for decryption.
-     * @param ciphertext The content to be decrypted.
+     * @param cipherText The content to be decrypted.
      * @return The decrypted blob.
      * @throws UnsupportedOperationException If the decrypt operation is not supported or configured on the key.
-     * @throws NullPointerException If {@code algorithm} or {@code ciphertext} is {@code null}.
+     * @throws NullPointerException If {@code algorithm} or {@code cipherText} is {@code null}.
      */
-    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] ciphertext) {
-        return client.decrypt(algorithm, ciphertext).block();
+    public DecryptResult decrypt(EncryptionAlgorithm algorithm, byte[] cipherText) {
+        return client.decrypt(algorithm, cipherText).block();
     }
 
     /**
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Rsa15.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Rsa15.java
index 5245441cd8809..ebc63e4e9eea8 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Rsa15.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/Rsa15.java
@@ -33,9 +33,9 @@ static class Rsa15Decryptor implements ICryptoTransform {
         }
 
         @Override
-        public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException {
+        public byte[] doFinal(byte[] plainText) throws IllegalBlockSizeException, BadPaddingException {
 
-            return cipher.doFinal(plaintext);
+            return cipher.doFinal(plainText);
         }
 
     }
@@ -59,9 +59,9 @@ static class Rsa15Encryptor implements ICryptoTransform {
         }
 
         @Override
-        public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException {
+        public byte[] doFinal(byte[] plainText) throws IllegalBlockSizeException, BadPaddingException {
 
-            return cipher.doFinal(plaintext);
+            return cipher.doFinal(plainText);
         }
 
     }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
index 98827d4ab14d8..e6a3d34ee6cbf 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.java
@@ -56,7 +56,7 @@ private KeyPair getKeyPair(JsonWebKey key) {
     Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context, JsonWebKey jsonWebKey) {
         Objects.requireNonNull(encryptOptions, "'encryptOptions' cannot be null.");
         Objects.requireNonNull(encryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
-        Objects.requireNonNull(encryptOptions.getPlaintext(), "Plain text content to be encrypted cannot be null.");
+        Objects.requireNonNull(encryptOptions.getPlainText(), "Plain text content to be encrypted cannot be null.");
 
         keyPair = getKeyPair(jsonWebKey);
 
@@ -87,7 +87,7 @@ Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context,
 
         try {
             transform = algo.createEncryptor(keyPair);
-            return Mono.just(new EncryptResult(transform.doFinal(encryptOptions.getPlaintext()), algorithm,
+            return Mono.just(new EncryptResult(transform.doFinal(encryptOptions.getPlainText()), algorithm,
                 jsonWebKey.getId()));
         } catch (InvalidKeyException
             | NoSuchAlgorithmException
@@ -102,7 +102,7 @@ Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context,
     Mono<DecryptResult> decryptAsync(DecryptOptions decryptOptions, Context context, JsonWebKey jsonWebKey) {
         Objects.requireNonNull(decryptOptions, "'decryptOptions' cannot be null.");
         Objects.requireNonNull(decryptOptions.getAlgorithm(), "Encryption algorithm cannot be null.");
-        Objects.requireNonNull(decryptOptions.getCiphertext(), "Cipher text content to be decrypted cannot be null.");
+        Objects.requireNonNull(decryptOptions.getCipherText(), "Cipher text content to be decrypted cannot be null.");
 
         keyPair = getKeyPair(jsonWebKey);
 
@@ -133,7 +133,7 @@ Mono<DecryptResult> decryptAsync(DecryptOptions decryptOptions, Context context,
 
         try {
             transform = algo.createDecryptor(keyPair);
-            return Mono.just(new DecryptResult(transform.doFinal(decryptOptions.getCiphertext()), algorithm,
+            return Mono.just(new DecryptResult(transform.doFinal(decryptOptions.getCipherText()), algorithm,
                 jsonWebKey.getId()));
         } catch (InvalidKeyException
             | NoSuchAlgorithmException
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaOaep.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaOaep.java
index a43a023fffd7f..d626676372059 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaOaep.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/RsaOaep.java
@@ -33,9 +33,9 @@ static class RsaOaepDecryptor implements ICryptoTransform {
         }
 
         @Override
-        public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException {
+        public byte[] doFinal(byte[] plainText) throws IllegalBlockSizeException, BadPaddingException {
 
-            return cipher.doFinal(plaintext);
+            return cipher.doFinal(plainText);
         }
 
     }
@@ -59,9 +59,9 @@ static class RsaOaepEncryptor implements ICryptoTransform {
         }
 
         @Override
-        public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException {
+        public byte[] doFinal(byte[] plainText) throws IllegalBlockSizeException, BadPaddingException {
 
-            return cipher.doFinal(plaintext);
+            return cipher.doFinal(plainText);
         }
 
     }
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
index f253e52f8a23b..18c0d58f01903 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
@@ -96,7 +96,7 @@ Mono<EncryptResult> encryptAsync(EncryptOptions encryptOptions, Context context,
         byte[] encrypted;
 
         try {
-            encrypted = transform.doFinal(encryptOptions.getPlaintext());
+            encrypted = transform.doFinal(encryptOptions.getPlainText());
         } catch (Exception e) {
             return Mono.error(e);
         }
@@ -151,7 +151,7 @@ Mono<DecryptResult> decryptAsync(DecryptOptions decryptOptions, Context context,
         byte[] decrypted;
 
         try {
-            decrypted = transform.doFinal(decryptOptions.getCiphertext());
+            decrypted = transform.doFinal(decryptOptions.getCipherText());
         } catch (Exception e) {
             return Mono.error(e);
         }

From 155c40fdb631cd41e2c2d302f8f878b7466e79d8 Mon Sep 17 00:00:00 2001
From: Victor Colin Amador <vicolina@microsoft.com>
Date: Thu, 12 Nov 2020 17:00:50 -0800
Subject: [PATCH 15/15] Added null check for `iv` in local decryption.

---
 .../SymmetricKeyCryptographyClient.java          | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
index 18c0d58f01903..57316a94f979a 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/main/java/com/azure/security/keyvault/keys/cryptography/SymmetricKeyCryptographyClient.java
@@ -19,6 +19,7 @@
 
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.util.Objects;
 
 class SymmetricKeyCryptographyClient extends LocalKeyCryptographyClient {
     private static final int CBC_BLOCK_SIZE = 16;
@@ -125,23 +126,10 @@ Mono<DecryptResult> decryptAsync(DecryptOptions decryptOptions, Context context,
 
         ICryptoTransform transform;
 
-        byte[] iv = decryptOptions.getIv();
+        byte[] iv = Objects.requireNonNull(decryptOptions.getIv(), "Initialization vector cannot be null in local decryption operations.");
         byte[] additionalAuthenticatedData = decryptOptions.getAdditionalAuthenticatedData();
         byte[] authenticationTag = decryptOptions.getAuthenticationTag();
 
-        if (iv == null) {
-            if (algorithm == EncryptionAlgorithm.A128GCM || algorithm == EncryptionAlgorithm.A192GCM
-                || algorithm == EncryptionAlgorithm.A256GCM) {
-
-                iv = generateRandomByteArray(GCM_NONCE_SIZE);
-            } else if (algorithm == EncryptionAlgorithm.A128CBC || algorithm == EncryptionAlgorithm.A192CBC
-                || algorithm == EncryptionAlgorithm.A256CBC || algorithm == EncryptionAlgorithm.A128CBCPAD
-                || algorithm == EncryptionAlgorithm.A192CBCPAD || algorithm == EncryptionAlgorithm.A256CBCPAD) {
-
-                iv = generateRandomByteArray(CBC_BLOCK_SIZE);
-            }
-        }
-
         try {
             transform = symmetricEncryptionAlgorithm.createDecryptor(this.key, iv, additionalAuthenticatedData, authenticationTag);
         } catch (Exception e) {