azure-encryption-extensions
azure-encryption-extensions copied to clipboard
stefangordon
Write key into a Stream
What about storing the key into a stream? on the SymmetricBlobCryptoProvider class I have added the following code
public void WriteKeyStream(System.IO.Stream stream)
{
System.IO.StreamWriter writer = new System.IO.StreamWriter(stream);
writer.Write(ToKeyFileString());
writer.Flush();
}
Yeah we can add that to the interface (IBlobCryptoProvider) and throw it on both providers perhaps. I guess if someone wants it in a stream it keeps their code cleaner this way. Do you mind sharing your use case? Is something like this less useful for you?
public stream GetKeyStream()
{
return new MemoryStream(Encoding.UTF8.GetBytes(ToKeyFileString()));
}
Thanks for your prompt reply
We are working on an security related product, and by requirement, we should not store any file locally. What I did was to actually remove the WriteKeyFile function because I don't want my developers to 'misuse' the functionality. Then, I just thought that would be nice to have the WriteKeyStream already on your library. Your solution looks nicer than mine :)
Regards,
On Wed, Jun 17, 2015 at 6:02 PM, Stefan Gordon [email protected] wrote:
Yeah we can add that to the interface (IBlobCryptoProvider) and throw it on both providers perhaps. I guess if someone wants it in a stream it keeps their code cleaner this way. Do you mind sharing your use case? Is something like this less useful for you?
public stream GetKeyStream() { return new MemoryStream(Encoding.UTF8.GetBytes(ToKeyFileString())); }
— Reply to this email directly or view it on GitHub https://github.com/stefangordon/azure-encryption-extensions/issues/6#issuecomment-112949025 .
Hi Stefan,
I found out one issue with the Asymmetric sample
The RunAsymmetricUploadAndDownload is using the Symmetric functions instead of the Asymmetric ones After changing it to use the Asymmetric functions, I found out that you have to load the certificate twice, one time to upload the file and again to download it. Here are my changes
private static void RunAsymmetricUploadAndDownload() { // Get container Console.WriteLine("Uploading an image to blob storage and encrypting using a 4096bit certificate."); Console.WriteLine("Retrieving blob container..."); var container = Samples.GetAzureContainer();
// Upload
X509Certificate2 uploadCert = new
X509Certificate2(@"SampleCertificates\4096.pfx", string.Empty, X509KeyStorageFlags.Exportable); Console.WriteLine(@"Encrypting and uploading image \SampleFiles\catbread.jpg");
Samples.UploadEncryptedFileAsymmetric(@"SampleFiles\catbread.jpg", uploadCert, container);
// Download
X509Certificate2 downloadCert = new
X509Certificate2(@"SampleCertificates\4096.pfx", string.Empty, X509KeyStorageFlags.Exportable); Console.WriteLine("Downloading and decrypting file using saved key");
Samples.DownloadEncryptedFileAsymmetric(@"decrypted_catbread2.jpg", downloadCert, container); }
Regards,
PS, is that your cat? :)
Santiago
On Wed, Jun 17, 2015 at 6:25 PM, Santiago Robledo [email protected] wrote:
Thanks for your prompt reply
We are working on an security related product, and by requirement, we should not store any file locally. What I did was to actually remove the WriteKeyFile function because I don't want my developers to 'misuse' the functionality. Then, I just thought that would be nice to have the WriteKeyStream already on your library. Your solution looks nicer than mine :)
Regards,
On Wed, Jun 17, 2015 at 6:02 PM, Stefan Gordon [email protected] wrote:
Yeah we can add that to the interface (IBlobCryptoProvider) and throw it on both providers perhaps. I guess if someone wants it in a stream it keeps their code cleaner this way. Do you mind sharing your use case? Is something like this less useful for you?
public stream GetKeyStream() { return new MemoryStream(Encoding.UTF8.GetBytes(ToKeyFileString())); }
— Reply to this email directly or view it on GitHub https://github.com/stefangordon/azure-encryption-extensions/issues/6#issuecomment-112949025 .