public void ClientEncryption4Queue()
{
var kv = new KeyVaultTester("624c0e2f-6122-4b26-a229-06431f82e6b3", "C35CBFF9FA6C51E51E1DE97B6D1E246F27661301", "https://kvsignalrdeva.vault.azure.net");
var name = "AzSignalR-Storage-ClientEncryptionKey";
var rsaValue = kv.GetSecretAsync(name).Result;
string kid = "signalrkeyid";
StorageRunnerContext.RunOnQueue(storage,
"jwtestqueuea" + Guid.NewGuid().ToString().Substring(0, 8),
(cloudQueue) =>
{
var csp1 = new RSACryptoServiceProvider();
csp1.FromXmlString(rsaValue);
var rsa1 = new RsaKey(kid, csp1);
QueueEncryptionPolicy policy = new QueueEncryptionPolicy(rsa1, null);
QueueRequestOptions options = new QueueRequestOptions()
{
EncryptionPolicy = policy
};
cloudQueue.AddMessage(new CloudQueueMessage("messageContentABC"), null, null, options, null);
// Retrieve message
var csp2 = new RSACryptoServiceProvider();
csp2.FromXmlString(rsaValue);
var rsa2 = new RsaKey(kid, csp2);
QueueEncryptionPolicy policy2 = new QueueEncryptionPolicy(rsa2, null);
QueueRequestOptions options2 = new QueueRequestOptions()
{
EncryptionPolicy = policy2
};
CloudQueueMessage retrMessage = cloudQueue.GetMessage(null, options2, null);
Console.WriteLine(retrMessage.AsString);
});
}
static void Main(string[] args)
{
Console.WriteLine("Queue encryption sample");
// Retrieve storage account information from connection string
// How to create a storage connection string - https://azure.microsoft.com/en-us/documentation/articles/storage-configure-connection-string/
CloudStorageAccount storageAccount = EncryptionShared.Utility.CreateStorageAccountFromConnectionString();
CloudQueueClient client = storageAccount.CreateCloudQueueClient();
CloudQueue queue = client.GetQueueReference(DemoQueue + Guid.NewGuid().ToString("N"));
try
{
queue.Create();
// Create the IKey used for encryption.
RsaKey key = new RsaKey("private:key1");
// Create the encryption policy to be used for insert and update.
QueueEncryptionPolicy insertPolicy = new QueueEncryptionPolicy(key, null);
// Set the encryption policy on the request options.
QueueRequestOptions insertOptions = new QueueRequestOptions()
{
EncryptionPolicy = insertPolicy
};
string messageStr = Guid.NewGuid().ToString();
CloudQueueMessage message = new CloudQueueMessage(messageStr);
// Add message
Console.WriteLine("Inserting the encrypted message.");
queue.AddMessage(message, null, null, insertOptions, null);
Console.WriteLine("Inserting message is" + message.AsString);
// For retrieves, a resolver can be set up that will help pick the key based on the key id.
LocalResolver resolver = new LocalResolver();
resolver.Add(key);
QueueEncryptionPolicy retrPolicy = new QueueEncryptionPolicy(null, resolver);
QueueRequestOptions retrieveOptions = new QueueRequestOptions()
{
EncryptionPolicy = retrPolicy
};
// Retrieve message
Console.WriteLine("Retrieving the encrypted message.");
CloudQueueMessage retrMessage = queue.GetMessage(null, retrieveOptions, null);
Console.WriteLine("Message is " + retrMessage.AsString);
// Update message
Console.WriteLine("Updating the encrypted message.");
string updatedMessage = Guid.NewGuid().ToString("N");
Console.WriteLine("updated Message is " + updatedMessage);
retrMessage.SetMessageContent(updatedMessage);
queue.UpdateMessage(retrMessage, TimeSpan.FromSeconds(0), MessageUpdateFields.Content | MessageUpdateFields.Visibility, insertOptions, null);
// Retrieve updated message
Console.WriteLine("Retrieving the updated encrypted message.");
retrMessage = queue.GetMessage(null, retrieveOptions, null);
Console.WriteLine("Message is " + retrMessage.AsString);
Console.WriteLine("Press enter key to exit");
Console.ReadLine();
}
finally
{
queue.DeleteIfExists();
}
}
