EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Silverlight and Azure: solution guidance

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#19971
Posted: 04/29/2012 17:57:56
by Mark Arnold (Basic support level)
Joined: 04/29/2012
Posts: 2

I'm working on an application to capture image files and metadata with WPF, then save to Azure BLOBs and Table Services. Users can then view and edit the image files and metadata with a Silverlight 5 viewer.

I've completed the above but now I need to add encryption and integrity. It looks like CloudBlackBox may be the solution but I need some guidance.

Solution Requirements:
- data must never be persisted without encryption, therefore...
- encrypt images in WPF before upload to BLOB: must be AES 256
- encrypt metadata for save to Table Services, but only some columns
- must be able to check data integrity (SHA hash?)
- data must be transmitted securely over SSL
- decrypt data in Silverlight after download and verify integrity

Can someone suggest the basic process I should follow for implementing the above with CloudBlackBox? I'm unclear whether to use symmetric keys or certificates. I prefer the easiest, best performing solution that still meets the solution requirements.

Thanks!
Mark
#19976
Posted: 04/30/2012 09:52:30
by Ken Ivanov (EldoS Corp.)

Thank you for getting in touch with us.

CloudBlackbox can address all aspects of your setup out of the box for data stored within the Azure BLOB service. Unfortunately, Table service is not supported at the moment, however, protection of Table data can be implemented separately with the use of lower-level encryption and hashing classes shipped with SecureBlackbox.

Quote
Can someone suggest the basic process I should follow for implementing the above with CloudBlackBox?

Please take a look at the WinAzureDSDemo sample (Users\Public\Documents\EldoS\SecureBlackbox.NET\Samples\C#\CloudBlackbox\WinAzure\). It illustrates the basics of secure placing and retrieving objects from the Azure BLOB storage.

Quote
I'm unclear whether to use symmetric keys or certificates. I prefer the easiest, best performing solution that still meets the solution requirements.

Which type of encryption to use depends on the specifics of the environment the components will be working in and the relations between uploading and downloading actor(s). Certificate-based encryption allows "everyone" to encrypt data for a particular addressee, who is in possession of the corresponding private key, which they can use for decryption. Symmetric encryption works with a generic encryption key, which should be known to both sender and addressee(s) and kept in secret by both/all of them.

Reply

Statistics

Topic viewed 800 times

none




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!