public static void UploadEncryptedFileSymmetric(string path, CloudBlobContainer container)
{
// Create a blob named after the file we are uploading
CloudBlockBlob blob = container.GetBlockBlobReference("SymmetricUploadTest.jpg");
// Create an Azure Encryption Extensions symmetric encryption provider
// We are not passing any key material so a 256-bit AES key will be generated for us.
var provider = new SymmetricBlobCryptoProvider();
// Since we let the library generate a new key for us, we need to persist it somewhere
// so we can decrypt our blob later. We can use a simple JSON storage format built into
// the library to store our key on disk.
// Remember: If we lose this key we can never retrieve our blob.
provider.WriteKeyFile("symmetricKey.dat");
// Encrypt and upload the file to Azure, passing in our provider
// The file will be prepended with a random IV and encrypted with AES256.
// This 'Encrypted' extension method mirrors the native methods but takes a provider.
blob.UploadFromFileEncrypted(provider, path, FileMode.Open);
}
public void ToKeyFileAndBackTest()
{
IBlobCryptoProvider symmetricProvider = new SymmetricBlobCryptoProvider();
symmetricProvider.WriteKeyFile("keyfile.txt");
IBlobCryptoProvider clonedProvider = ProviderFactory.CreateProviderFromKeyFile("keyfile.txt");
var encryptedStream = symmetricProvider.EncryptedStream(streamSample);
var decryptedStream = clonedProvider.DecryptedStream(encryptedStream);
byte[] result = new byte[sampleStreamSize];
decryptedStream.Read(result, 0, result.Length);
Assert.IsTrue(
result.SequenceEqual(streamSample.ToArray()),
"Decrypted data does not match original data");
}