public void IsActuallyEncryptedTest()
{
// Make a key
byte[] key;
int ivLength;
using (AesCryptoServiceProvider aes = new AesCryptoServiceProvider())
{
key = aes.Key;
ivLength = aes.BlockSize / 8;
}
// Make a provider
IBlobCryptoProvider symmetricProvider = new SymmetricBlobCryptoProvider(key);
var encryptedStream = symmetricProvider.EncryptedStream(streamSample);
byte[] result = new byte[sampleStreamSize + ivLength];
encryptedStream.Read(result, 0, result.Length);
Assert.IsFalse(
result.SequenceEqual(streamSample.ToArray()),
"Encrypted stream is not encrypted");
Assert.IsFalse(
result.Take(5).SequenceEqual(streamSample.ToArray().Take(5)),
"Encrypted stream is not encrypted");
}
public void BlockBlob_UploadDownload_File()
{
using (var file = new TemporaryFile(512))
{
CloudStorageAccount storageAccount = CloudStorageAccount.DevelopmentStorageAccount;
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference("testcontainer");
container.CreateIfNotExists();
CloudBlockBlob blob = container.GetBlockBlobReference(file.fileInfo.Name);
// Create provider
var provider = new SymmetricBlobCryptoProvider();
// Upload file
blob.UploadFromFileEncrypted(provider, file.fileInfo.FullName, FileMode.Open);
// Download file
string destinationFile = file.fileInfo.FullName + "decrypted";
blob.DownloadToFileEncrypted(provider, destinationFile, FileMode.Create);
// Compare raw and decrypted files
Assert.AreEqual(GetFileHash(file.fileInfo.FullName), GetFileHash(destinationFile));
// Download file again, without our library, to ensure it was actually encrypted
string encryptedDestinationFile = file.fileInfo.FullName + "encrypted";
blob.DownloadToFile(encryptedDestinationFile, FileMode.Create);
// Delete blob
blob.DeleteIfExists();
// Compare raw and encrypted files
Assert.AreNotEqual(GetFileHash(file.fileInfo.FullName), GetFileHash(encryptedDestinationFile));
// Cleanup
if (File.Exists(destinationFile))
{
File.Delete(destinationFile);
}
if (File.Exists(encryptedDestinationFile))
{
File.Delete(encryptedDestinationFile);
}
}
}
public static void UploadEncryptedFileSymmetric(string path, CloudBlobContainer container)
{
// Create a blob named after the file we are uploading
CloudBlockBlob blob = container.GetBlockBlobReference("SymmetricUploadTest.jpg");
// Create an Azure Encryption Extensions symmetric encryption provider
// We are not passing any key material so a 256-bit AES key will be generated for us.
var provider = new SymmetricBlobCryptoProvider();
// Since we let the library generate a new key for us, we need to persist it somewhere
// so we can decrypt our blob later. We can use a simple JSON storage format built into
// the library to store our key on disk.
// Remember: If we lose this key we can never retrieve our blob.
provider.WriteKeyFile("symmetricKey.dat");
// Encrypt and upload the file to Azure, passing in our provider
// The file will be prepended with a random IV and encrypted with AES256.
// This 'Encrypted' extension method mirrors the native methods but takes a provider.
blob.UploadFromFileEncrypted(provider, path, FileMode.Open);
}
public void EncryptAndDecryptStreamTest()
{
// Make a key
byte[] key;
using (AesCryptoServiceProvider aes = new AesCryptoServiceProvider())
key = aes.Key;
// Make a provider
IBlobCryptoProvider symmetricProvider = new SymmetricBlobCryptoProvider(key);
// In all cases we are READING from streams
// (read from original, read from encrypted, read from decrypted).
var encryptedStream = symmetricProvider.EncryptedStream(streamSample);
var decryptedStream = symmetricProvider.DecryptedStream(encryptedStream);
byte[] result = new byte[sampleStreamSize];
decryptedStream.Read(result, 0, result.Length);
Assert.IsTrue(
result.SequenceEqual(streamSample.ToArray()),
"Decrypted data does not match original data");
}
public void BlockBlob_UploadDownload_Stream_KeyFileString()
{
// Prepare random memory stream
Random random = new Random();
byte[] buffer = new byte[51200];
random.NextBytes(buffer);
MemoryStream testStream = new MemoryStream(buffer);
// Get a blob reference
CloudStorageAccount storageAccount = CloudStorageAccount.DevelopmentStorageAccount;
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference("testcontainer");
container.CreateIfNotExists();
String blobId = Guid.NewGuid().ToString();
CloudBlockBlob blob = container.GetBlockBlobReference(blobId);
// Create provider
var provider = new SymmetricBlobCryptoProvider();
// Upload stream
blob.UploadFromStreamEncrypted(provider, testStream);
// Recreate provider from keyfile string
var restoredProvider = ProviderFactory.CreateProviderFromKeyFileString(provider.ToKeyFileString());
// Download stream
MemoryStream downloadedStream = new MemoryStream();
CloudBlockBlob blobRestored = container.GetBlockBlobReference(blobId);
blobRestored.DownloadToStreamEncrypted(restoredProvider, downloadedStream);
// Compare raw and decrypted streams
Assert.IsTrue(testStream.ToArray().SequenceEqual(downloadedStream.ToArray()));
// Download file again, without our library, to ensure it was actually encrypted
MemoryStream encryptedStream = new MemoryStream();
blob.DownloadToStream(encryptedStream);
// Delete blob
blob.DeleteIfExists();
// Compare raw and encrypted streams
Assert.IsFalse(testStream.ToArray().SequenceEqual(encryptedStream.ToArray()));
}
public void BlockBlob_UploadDownload_File_Stream()
{
using (var file = new TemporaryFile(512))
{
CloudStorageAccount storageAccount = CloudStorageAccount.DevelopmentStorageAccount;
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference("testcontainer");
container.CreateIfNotExists();
CloudBlockBlob blob = container.GetBlockBlobReference(file.fileInfo.Name);
// Create provider
var provider = new SymmetricBlobCryptoProvider();
// Upload file
blob.UploadFromFileEncrypted(provider, file.fileInfo.FullName, FileMode.Open);
// Download stream
MemoryStream downloadedStream = new MemoryStream();
blob.DownloadToStreamEncrypted(provider, downloadedStream);
// Compare raw and decrypted data
Assert.AreEqual(GetFileHash(file.fileInfo.FullName), GetStreamHash(downloadedStream));
// Download file again, without our library, to ensure it was actually encrypted
MemoryStream encryptedStream = new MemoryStream();
blob.DownloadToStream(encryptedStream);
// Delete blob
blob.DeleteIfExists();
}
}
public void ToKeyFileStringAndBackTest()
{
IBlobCryptoProvider symmetricProvider = new SymmetricBlobCryptoProvider();
string keyString = symmetricProvider.ToKeyFileString();
IBlobCryptoProvider clonedProvider = ProviderFactory.CreateProviderFromKeyFileString(keyString);
var encryptedStream = symmetricProvider.EncryptedStream(streamSample);
var decryptedStream = clonedProvider.DecryptedStream(encryptedStream);
byte[] result = new byte[sampleStreamSize];
decryptedStream.Read(result, 0, result.Length);
Assert.IsTrue(
result.SequenceEqual(streamSample.ToArray()),
"Decrypted data does not match original data");
}
