public void ClientEncryption4Queue() { var kv = new KeyVaultTester("624c0e2f-6122-4b26-a229-06431f82e6b3", "C35CBFF9FA6C51E51E1DE97B6D1E246F27661301", "https://kvsignalrdeva.vault.azure.net"); var name = "AzSignalR-Storage-ClientEncryptionKey"; var rsaValue = kv.GetSecretAsync(name).Result; string kid = "signalrkeyid"; StorageRunnerContext.RunOnQueue(storage, "jwtestqueuea" + Guid.NewGuid().ToString().Substring(0, 8), (cloudQueue) => { var csp1 = new RSACryptoServiceProvider(); csp1.FromXmlString(rsaValue); var rsa1 = new RsaKey(kid, csp1); QueueEncryptionPolicy policy = new QueueEncryptionPolicy(rsa1, null); QueueRequestOptions options = new QueueRequestOptions() { EncryptionPolicy = policy }; cloudQueue.AddMessage(new CloudQueueMessage("messageContentABC"), null, null, options, null); // Retrieve message var csp2 = new RSACryptoServiceProvider(); csp2.FromXmlString(rsaValue); var rsa2 = new RsaKey(kid, csp2); QueueEncryptionPolicy policy2 = new QueueEncryptionPolicy(rsa2, null); QueueRequestOptions options2 = new QueueRequestOptions() { EncryptionPolicy = policy2 }; CloudQueueMessage retrMessage = cloudQueue.GetMessage(null, options2, null); Console.WriteLine(retrMessage.AsString); }); }
static void Main(string[] args) { Console.WriteLine("Queue encryption sample"); // Retrieve storage account information from connection string // How to create a storage connection string - https://azure.microsoft.com/en-us/documentation/articles/storage-configure-connection-string/ CloudStorageAccount storageAccount = EncryptionShared.Utility.CreateStorageAccountFromConnectionString(); CloudQueueClient client = storageAccount.CreateCloudQueueClient(); CloudQueue queue = client.GetQueueReference(DemoQueue + Guid.NewGuid().ToString("N")); try { queue.Create(); // Create the IKey used for encryption. RsaKey key = new RsaKey("private:key1"); // Create the encryption policy to be used for insert and update. QueueEncryptionPolicy insertPolicy = new QueueEncryptionPolicy(key, null); // Set the encryption policy on the request options. QueueRequestOptions insertOptions = new QueueRequestOptions() { EncryptionPolicy = insertPolicy }; string messageStr = Guid.NewGuid().ToString(); CloudQueueMessage message = new CloudQueueMessage(messageStr); // Add message Console.WriteLine("Inserting the encrypted message."); queue.AddMessage(message, null, null, insertOptions, null); Console.WriteLine("Inserting message is" + message.AsString); // For retrieves, a resolver can be set up that will help pick the key based on the key id. LocalResolver resolver = new LocalResolver(); resolver.Add(key); QueueEncryptionPolicy retrPolicy = new QueueEncryptionPolicy(null, resolver); QueueRequestOptions retrieveOptions = new QueueRequestOptions() { EncryptionPolicy = retrPolicy }; // Retrieve message Console.WriteLine("Retrieving the encrypted message."); CloudQueueMessage retrMessage = queue.GetMessage(null, retrieveOptions, null); Console.WriteLine("Message is " + retrMessage.AsString); // Update message Console.WriteLine("Updating the encrypted message."); string updatedMessage = Guid.NewGuid().ToString("N"); Console.WriteLine("updated Message is " + updatedMessage); retrMessage.SetMessageContent(updatedMessage); queue.UpdateMessage(retrMessage, TimeSpan.FromSeconds(0), MessageUpdateFields.Content | MessageUpdateFields.Visibility, insertOptions, null); // Retrieve updated message Console.WriteLine("Retrieving the updated encrypted message."); retrMessage = queue.GetMessage(null, retrieveOptions, null); Console.WriteLine("Message is " + retrMessage.AsString); Console.WriteLine("Press enter key to exit"); Console.ReadLine(); } finally { queue.DeleteIfExists(); } }