Azure · laiapat · Oct 11, 2023 · Sep 8, 2023 · Sep 8, 2023 · Sep 8, 2023
@@ -831,7 +831,8 @@
     {
       "filename": "sdk/keyvault/**",
       "words": [
-        "eddsa"
+        "eddsa",
+        "Thawte"
       ]
     },
     {

@@ -1,14 +1,12 @@
 # Release History
 
-## 4.9.0b2 (Unreleased)
+## 4.9.0b2 (2023-10-12)
 
 ### Features Added
-
-### Breaking Changes
-
-### Bugs Fixed
-
-### Other Changes
+- The `cryptography` library's `RSAPrivateKey` and `RSAPublicKey` interfaces are now implemented by
+  `KeyVaultRSAPrivateKey` and `KeyVaultRSAPublicKey` classes that can use keys managed by Key Vault
+- `CryptographyClient` has `create_rsa_private_key` and `create_rsa_public_key` methods that return a
+  `KeyVaultRSAPrivateKey` and `KeyVaultRSAPublicKey`, respectively
 
 ## 4.9.0b1 (2023-05-16)
 

@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "python",
   "TagPrefix": "python/keyvault/azure-keyvault-keys",
-  "Tag": "python/keyvault/azure-keyvault-keys_28b4323b48"
+  "Tag": "python/keyvault/azure-keyvault-keys_8ef3422a55"
 }
@@ -2,7 +2,16 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
 # ------------------------------------
-from ._models import DecryptResult, EncryptResult, SignResult, WrapResult, VerifyResult, UnwrapResult
+from ._models import (
+    DecryptResult,
+    EncryptResult,
+    KeyVaultRSAPrivateKey,
+    KeyVaultRSAPublicKey,
+    SignResult,
+    WrapResult,
+    VerifyResult,
+    UnwrapResult,
+)
 from ._enums import EncryptionAlgorithm, KeyWrapAlgorithm, SignatureAlgorithm
 from ._client import CryptographyClient
 
@@ -12,6 +21,8 @@
     "DecryptResult",
     "EncryptionAlgorithm",
     "EncryptResult",
+    "KeyVaultRSAPrivateKey",
+    "KeyVaultRSAPublicKey",
     "KeyWrapAlgorithm",
     "SignatureAlgorithm",
     "SignResult",

@@ -10,6 +10,7 @@
 
 from . import DecryptResult, EncryptionAlgorithm, EncryptResult, SignResult, VerifyResult, UnwrapResult, WrapResult
 from ._key_validity import raise_if_time_invalid
+from ._models import KeyVaultRSAPrivateKey, KeyVaultRSAPublicKey
 from ._providers import get_local_cryptography_provider, NoLocalCryptography
 from .. import KeyOperation
 from .._models import JsonWebKey, KeyVaultKey
@@ -211,6 +212,30 @@ def _initialize(self, **kwargs) -> None:
             # try to get the key again next time unless we know we're forbidden to do so
             self._initialized = self._keys_get_forbidden
 
+    @distributed_trace
+    def create_rsa_private_key(self) -> KeyVaultRSAPrivateKey:  # pylint:disable=client-method-missing-kwargs
+        """Create an `RSAPrivateKey` implementation backed by this `CryptographyClient`, as a `KeyVaultRSAPrivateKey`.
+
+        The `CryptographyClient` will attempt to download the key, if it hasn't been already, as part of this operation.
+
+        :returns: A `KeyVaultRSAPrivateKey`, which implements `cryptography`'s `RSAPrivateKey` interface.
+        :rtype: :class:`~azure.keyvault.keys.crypto.KeyVaultRSAPrivateKey`
+        """
+        self._initialize()
+        return KeyVaultRSAPrivateKey(client=self, key_material=cast(JsonWebKey, self._key))
+
+    @distributed_trace
+    def create_rsa_public_key(self) -> KeyVaultRSAPublicKey:  # pylint:disable=client-method-missing-kwargs
+        """Create an `RSAPublicKey` implementation backed by this `CryptographyClient`, as a `KeyVaultRSAPublicKey`.
+
+        The `CryptographyClient` will attempt to download the key, if it hasn't been already, as part of this operation.
+
+        :returns: A `KeyVaultRSAPublicKey`, which implements `cryptography`'s `RSAPublicKey` interface.
+        :rtype: :class:`~azure.keyvault.keys.crypto.KeyVaultRSAPublicKey`
+        """
+        self._initialize()
+        return KeyVaultRSAPublicKey(client=self, key_material=cast(JsonWebKey, self._key))
+
     @distributed_trace
     def encrypt(self, algorithm: "EncryptionAlgorithm", plaintext: bytes, **kwargs) -> EncryptResult:
         """Encrypt bytes using the client's key.