stefangordon / azure-encryption-extensions Goto Github PK

Your extensions is very useful !!
Could you please implement the Async methods as well?

Thanks

Hi,

when change the Samples.cs from

blob.UploadFromFileEncrypted(provider, path, FileMode.Open);
to
blob.UploadFromFileEncryptedAsync(provider, path, FileMode.Open).GetAwaiter().GetResult();

and run the program i get this error:
"Stream does not support reading."

Is there some issue or do i use it wrong? I debugged and checked and both streams (Memory and Crypto) have CanRead "true".

Thanks!

Hi there,
we are using this extension in our project and it's really nice, but want to check if there is any plan to migrate this solution to .net core, or do you mind if I do the migration based on your code?

Thanks and regards,
Nick

Hi Stefan,

I found out one issue with the Asymmetric sample

The RunAsymmetricUploadAndDownload is using the Symmetric functions instead of the Asymmetric ones. After changing it to use the Asymmetric functions, I found out that you have to load the certificate twice, one time to upload the file and again to download it. Here are my changes:

private static void RunAsymmetricUploadAndDownload()
{
// Get container
Console.WriteLine("Uploading an image to blob storage and encrypting using a 4096bit certificate.");
Console.WriteLine("Retrieving blob container...");
var container = Samples.GetAzureContainer();

        // Upload
        X509Certificate2 uploadCert = new X509Certificate2(@"SampleCertificates\4096.pfx", string.Empty, X509KeyStorageFlags.Exportable);
        Console.WriteLine(@"Encrypting and uploading image \SampleFiles\catbread.jpg");
        Samples.UploadEncryptedFileAsymmetric(@"SampleFiles\catbread.jpg", uploadCert, container);

        // Download
        X509Certificate2 downloadCert = new X509Certificate2(@"SampleCertificates\4096.pfx", string.Empty, X509KeyStorageFlags.Exportable);
        Console.WriteLine("Downloading and decrypting file using saved key");
        Samples.DownloadEncryptedFileAsymmetric(@"decrypted_catbread2.jpg", downloadCert, container);
    }

Regards,

Santiago

What about storing the key into a stream? on the SymmetricBlobCryptoProvider class I have added the following code

public void WriteKeyStream(System.IO.Stream stream)
{
    System.IO.StreamWriter writer = new System.IO.StreamWriter(stream);
    writer.Write(ToKeyFileString());
    writer.Flush();
}

We have encrypting file and storing in the Azure blob using AesCryptoServiceProvider, no issues in storing the file in the Azure blob.

When we try to decrypt and download the file using MemomryStream, file is not downloading from the blob.

Always, MemoryStream will be empty. Please let us know if any solution to decrypt and download Azure Blob using MemoryStream

Below code is being used.

CloudStorageAccount storageAccount = CloudStorageAccount.Parse(ConfigurationManager.AppSettings["TestConnectionString"]);

  CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
  CloudBlobContainer container = blobClient.GetContainerReference("TestStorage");
  container.CreateIfNotExists();
         CloudBlockBlob blockBlob = container.GetBlockBlobReference(blobName);
         using (Stream blobStream = blockBlob.OpenRead(AccessCondition.GenerateEmptyCondition(), null, null))
         {

              Stream st = DecryptAzureBlob(blobStream, KeyIdentifier);

               using (var memoryStream = new MemoryStream())
               {
                 fileStream.Write(memoryStream);
               }
                 Response.Clear();
                 Response.ContentType = blockBlob.Properties.ContentType;
                 Response.AddHeader("content-disposition", "attachment;    filename=" + blobName.ToString());
                 Response.BinaryWrite(memoryStream.ToArray());
                 Response.End();
         }

Decryption Code

Public Stream DecryptAzureBlob(Stream blobStream, string KeyIdentifier)
{
using (AesCryptoServiceProvider aesAlg = new AesCryptoServiceProvider())
{
byte[] ivBytes = new byte[aesAlg.BlockSize / 8];
streamToDecrypt.Read(ivBytes, 0, ivBytes.Length);

             aesAlg.Key = GetEncryptedKey(KeyIdentifier);  // getting the key from Azure Blob
             aesAlg.IV = ivBytes;

           ICryptoTransform decryptor = aesAlg.CreateDecryptor();

           CryptoStream cryptoStream = new CryptoStream(streamToDecrypt, decryptor, CryptoStreamMode.Read);

           return cryptoStream;
       }

}

I am using the DownloadToStreamEncrypted extension and it works fine for small files. I've noticed that it loads the entire stream into memory however.
I am using ASP.Net WebAPI. Here is my code:

var stream = new MemoryStream();
//some code
await blob.DownloadToStreamEncryptedAsync(provider, stream);

stream.Seek(0, SeekOrigin.Begin);

response.StatusCode = HttpStatusCode.OK;

response.Content = new StreamContent(stream, 1024 * 1024);

response.Content.Headers.ContentLength = doc.Length;
response.Content.Headers.ContentType = new MediaTypeHeaderValue(doc.MimeType);
response.Content.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment")
{
    FileName = "somefilename",
    Size = doc.Length
};
return response;

This works, but the memory used goes up by however big the file is. It doesn't actually stream the file back. Is there something I am doing wrong with the stream that is causing this high memory use? Ideally, it just streams back from the server without first getting loaded into memory in its entirety. I suspect the problem is the CopyToAsync method within the DownloadToStreamEncrypted but am not sure.

Using the memory stream download, the file stop downloading at 90%

Using the file download version, the file is downloaded correctly.

Any suggestion?