public void TearDown() { keysTable = new SymmetricKeyStore(CloudStorageAccount.DevelopmentStorageAccount); //Clear out any leftover test keys List<SymmetricKey> keys = keysTable.GetAllKeys(); SymmetricKey existingKey = keys.FirstOrDefault(k => k.Version == KEYGEN_TESTS_ENCRYPTION_VERSION); if (existingKey != null) { { keysTable.DeleteSymmetricKey(existingKey); keysTable = new SymmetricKeyStore(CloudStorageAccount.DevelopmentStorageAccount); } } }
/// <summary> /// Create a new symmetric key, encrypt it with the X509Certificate already supplied, and upload it to the SymmetricKeys table in the specified StorageAccount. /// Note you should be careful to not call this frequently - it is intended for offline/manual use or occasional testing. /// </summary> /// <param name="storageAccount"></param> /// <param name="versionNumber"></param> public void CreateNewKey(CloudStorageAccount storageAccount, int versionNumber) { //Create the key SymmetricKey newKeySet = CreateNewAESSymmetricKeyset(); newKeySet.Version = versionNumber; //Create the table (new SymmetricKeyStore(storageAccount)).Create(); //Save the new row SymmetricKeyStore ctx = new SymmetricKeyStore(storageAccount); ctx.SaveSymmetricKey(newKeySet); AzureTableCrypto.ReloadKeyStore(storageAccount); }
internal AzureTableCryptoKeyStore(CloudStorageAccount acct) { this.KeyStoreAccount = acct; SymmetricKeyStore keyTable = new SymmetricKeyStore(acct); List<SymmetricKey> allKeys = null; try { allKeys = keyTable.GetAllKeys(); } catch (DataServiceQueryException dsq) { if (dsq.Response.StatusCode == (int)HttpStatusCode.NotFound) { //Table hasn't been created, so there aren't any keys. Guess we'll just go with it. allKeys = new List<SymmetricKey>(0); } else { throw new AzureTableCryptoInitializationException("Failed to load encryption keys from storage", dsq); } } catch (DataServiceClientException dsce) { if (dsce.StatusCode == (int)HttpStatusCode.NotFound) { //Table hasn't been created, so there aren't any keys. Guess we'll just go with it. allKeys = new List<SymmetricKey>(0); } else { throw new AzureTableCryptoInitializationException("Failed to load encryption keys from storage", dsce); } } catch (Exception ex) { throw new AzureTableCryptoInitializationException("Could not load encryption keys table", ex); } foreach (var key in allKeys) { try { X509Certificate2 certificate = CertificateHelper.GetCertificateByThumbprint(key.CertificateThumbprint); if (certificate == null) { //Can't find the cert for this key, just continue continue; } RSACryptoServiceProvider RSA; try { RSA = (RSACryptoServiceProvider)certificate.PrivateKey; } catch (CryptographicException) { throw new AzureTableCryptoPrivateKeyNotAccessibleException(key.Version, key.CertificateThumbprint); } byte[] symmetricCryptoKey = RSA.Decrypt(key.Key, true); AesManaged algorithm = new AesManaged(); algorithm.IV = key.iv; algorithm.Key = symmetricCryptoKey; keyCache[key.Version] = algorithm; } catch (AzureTableCryptoException) { //Just rethrow these throw; } catch (Exception ex) { throw new AzureTableCryptoInitializationException("Error initializing crypto key version " + key.Version, ex); } } }
public void Setup() { keysTable = new SymmetricKeyStore(CloudStorageAccount.DevelopmentStorageAccount); keyGen = new AzureTableKeyGenerator(SetupFixture.TEST_CERT_THUMBPRINT); }