Q: What real-world problem does this code solve?

A: There is general concern about storing encrypted data in the cloud, and most business-oriented developers shouldn't be bothered with implementing this security "plumbing" that ensures the confidentiality of their data. This project ensures that "data at rest" will be encrypted, even as authorized infrastructure personnel at your company or Microsoft will not be able decrypt this data.

Bottom line: It's easy.

Q: Doesn't SSL protect my data?
No, SSL only protects data as it's being transported. Developers are familiar with Fiddler, a diagnostic tool, that inspects the contents of local SSL packets. In addition some corporate SSL proxies can actively inspect the contents of an SSL communication. This almost always involves adding a certificate to the Trusted Roots of the target machines, which is similar to how Fiddler and most other solutions operate.

That is why I use the term "data-at-rest", as when the data passes through an SSL tunnel, we need to ensure that no passerby can casually browse, or edit that data.

Q: How do you encrypt data at rest?

There are a few ways to store private keys in Azure; each one has their own security tradeoffs:
  • Upload the cert into the Azure Management portal at http://windows.azure.com
  • Include the cert in the project with "Copy Always" or "Copy when newer" set
  • Embed the cert as an embedded resource within your project (dll)
  • Stored the pfx file unencrypted in Azure Table or Blob Storage

The first option (Azure Management Portal) is the the most secure and plays a significant role in the deployment of your roles. For more information see this Azure Security whitepaper: http://www.globalfoundationservices.com/security/documents/WindowsAzureSecurityOverview1_0Aug2010.pdf. However, since it relies on x509 certificates, the maximum amount of data you can is limited to the modulus of the certificate (almost always a very tiny amount), and it takes a very long time to encrypt/decrypt information when compared to a symmetric key.

In addition there is a limit to the number of x509 certificates you can upload into the portal.

This project (see the source code tab) will allow you to encrypt an arbitrary amount of data, while maintaining the security of the Azure Certificate store, while also not losing any performance thanks to the symmetric key. It truly is the best of both worlds.

Last edited May 12, 2011 at 8:37 PM by clamont, version 5


No comments yet.