REST API Update blog post discussion RRS feed

All replies

  • Hi Amit,

    What the maximum size of data that can be encrypted using keys? When I call EncryptAsync, I cannot send byte array longer than 214 bytes. If this is maximum size, is there any recommendation or sample code on how to encrypt/decrypt large data that can be stored in Azure Blobs?



    Tuesday, April 21, 2015 5:32 AM
  • Asymmetric keys stored in Key Vault are not intended for bulk data encryption. They are to be used as master keys. For bulk data encryption recommended method is to use an AES key and then WRAP this AES key with the RSA key stored in the key vault. Then Store the WRAPPED AES key and the URI to the key in Key Vault as metadata with the encrypted data.

    Depending on the scenario one could use a chain of keys that end in an asymmetric key in the Key Vault. It's difficult to recommend a solution without knowing your specific scenario. There can be several things to consider and many trade-off of different approaches.

    Reach out to the Key Vault Team via azurekeyvault at microsoft dot com if you want to discuss more.

    Amit [ambapat@MSFT]

    Tuesday, April 21, 2015 10:14 PM