locked
How can I transparently encrypt PageBlob data at rest? (cross post from Stackoverflow) RRS feed

  • Question

  • I need to encrypt PageBlob data as it resides on disk in the Azure Datacenter.  How can I modify the storage client to accomodate this?

    I asked this question on Stack Overflow: http://stackoverflow.com/q/10035223/328397 and was able to do the same thing for Table storage; I just haven't been able to do it for PageBlobs yet.

    Here is a link to by Table Storage encryption library

    http://azuretableencrypt.codeplex.com/

    Friday, April 6, 2012 3:48 PM

Answers

  • Hi,

      >> however the link you provided doesn't give me enough information to implement it myself.   Actually it gives too many options ....

    You can use any algorithm you like, just as encrypting other data (such as data in a database). It is difficult to say which algorithm works best for your scenario. This article may provide some help.

    In addition, if you have any issues about how to use encryption on .NET, you can also post a thread on http://social.msdn.microsoft.com/Forums/en-US/netfxbcl/.

    Best Regards,

    Ming Xu.


    Please mark the replies as answers if they help or unmark if not.
    If you have any feedback about my replies, please contact msdnmg@microsoft.com.
    Microsoft One Code Framework

    • Marked as answer by Arwind - MSFT Friday, April 13, 2012 9:18 AM
    Monday, April 9, 2012 10:52 AM

All replies

  • Hi,

    Since you're using page blob, I take you want to encrypt portions of the blob instead of the whole blob. In this case, you can just use any encryption algorithm to encrypt the data before uploading it to Azure, and decrypt the data after downloading it. For example, you can use classes on http://msdn.microsoft.com/en-us/library/system.security.cryptography.aspx.
     
    However, if you want to encrypt the whole blob, it may be more complex. We have to download the complete blob to our compute node, encrypt it, and then upload it to cloud again. Page blobs tend to be very big, and can be changed frequently, so I don't think it is a good option. I would like to suggest you to encrypt only portions of the blob when necessary.

    Best Regards,

    Ming Xu.


    Please mark the replies as answers if they help or unmark if not.
    If you have any feedback about my replies, please contact msdnmg@microsoft.com.
    Microsoft One Code Framework

    Sunday, April 8, 2012 2:32 PM
  • Encrypting on a per-page basis makes a lot of sense, however the link you provided doesn't give me enough information to implement it myself.   Actually it gives too many options ....

    According to this respected computer security site the namespace System.Security.Cryptography contains many low level components that can be assembled or configured in a way that creates security holes in the encryption.   

    Can you provide sample code to implement on the fly, CloudPageBlob , encryption properly?


    Sunday, April 8, 2012 2:48 PM
  • Hi,

      >> however the link you provided doesn't give me enough information to implement it myself.   Actually it gives too many options ....

    You can use any algorithm you like, just as encrypting other data (such as data in a database). It is difficult to say which algorithm works best for your scenario. This article may provide some help.

    In addition, if you have any issues about how to use encryption on .NET, you can also post a thread on http://social.msdn.microsoft.com/Forums/en-US/netfxbcl/.

    Best Regards,

    Ming Xu.


    Please mark the replies as answers if they help or unmark if not.
    If you have any feedback about my replies, please contact msdnmg@microsoft.com.
    Microsoft One Code Framework

    • Marked as answer by Arwind - MSFT Friday, April 13, 2012 9:18 AM
    Monday, April 9, 2012 10:52 AM