/// <summary> /// Initializes the crypto by reading symmetric keys from the specified storage account. /// This should be called once while the app is starting up. /// A WorkerRole.OnStart() method or the Global.Application_Start() function would be a good place for that. /// </summary> /// <param name="acct"></param> public static void Initialize(CloudStorageAccount acct) { //This is basically allowing only one keystore. First configured store wins. That could be annoying if you wanted to have multiple keystores, //but it's easier if you have multiple storage accounts and want them all to use the same keystore. //I figure the latter case is more likely, and it's the one I want anyway. if (keyStore == null) { keyStore = new AzureTableCryptoKeyStore(acct); } }
public void CreateNewKey() { keyGen.CreateNewKey(CloudStorageAccount.DevelopmentStorageAccount, KEYGEN_TESTS_ENCRYPTION_VERSION); List<SymmetricKey> keys = keysTable.GetAllKeys(); SymmetricKey key = keys.FirstOrDefault(k => k.Version == KEYGEN_TESTS_ENCRYPTION_VERSION); Assert.IsNotNull(key, "Could not find the newly-generated key"); Assert.AreEqual(SetupFixture.TEST_CERT_THUMBPRINT.Replace(" ", "").ToUpperInvariant(), key.CertificateThumbprint, "Incorrect certificate thumbprint"); Assert.AreEqual(KEYGEN_TESTS_ENCRYPTION_VERSION, key.Version, "Incorrect encryption version"); AzureTableCryptoKeyStore keyStore = new AzureTableCryptoKeyStore(CloudStorageAccount.DevelopmentStorageAccount); Assert.DoesNotThrow(() => { using (var decryptor = keyStore.GetDecryptor(KEYGEN_TESTS_ENCRYPTION_VERSION)) { } }); }
/// <summary> /// Reload the key store from storage. eg, if a new certificate and/or symmetric key has been created, this will pick up those changes. /// Note, you should try to avoid calling this too much, as it does not currently Dispose() of resources deterministically. /// </summary> internal static void ReloadKeyStore(CloudStorageAccount acct) { AzureTableCryptoKeyStore newKeyStore = new AzureTableCryptoKeyStore(acct); AzureTableCryptoKeyStore oldKeyStore = Interlocked.Exchange(ref keyStore, newKeyStore); if (oldKeyStore != null) { //Crap, this isn't threadsafe at all - others could have a reference to the keystore or the objects in it //For the moment I'm going to just let the GC do all the disposal for us, as there shouldn't be too much and this shouldn't happen too much //oldKeyStore.Dispose(); } }