I am frequently asked about data security in Azure and specifically Azure Blob Storage. For many scenarios the best option is to encrypt data before storing it in Azure, however this is non-trivial, even with the cryptography support in the .net Framework.
To make some of these common encryption scenarios easier I’ve created a library called Azure Encryption Extensions. The purpose of the library is to provide a set of extension methods over the .Net Azure storage library to easily store and retrieve encrypted data from Azure Blob Storage. It takes care of properly implementing the .Net cryptographic service providers for RSA and AES encryption in a way that is easy to integrate into existing Azure applications.
Here is a little example of using A.E.E. to encrypt a blob using an X509Certificate2, upload it to Azure, and retrieve it again:
CloudBlockBlob blob = container.GetBlockBlobReference("TestBlob"); // Create an Asymmetric provider from an X509Certificate2 var provider = new AsymmetricBlobCryptoProvider(certificate); // Encrypt and upload the file to Azure, passing in our provider blob.UploadFromFileEncrypted(provider, path, FileMode.Open); // Download and decrypt the file blob.DownloadToFileEncrypted(provider, destinationPath, FileMode.Create);
For more information go check out the documentation on the project page:
Or grab the library via Nuget:
<code>PM> Install-Package AzureEncryptionExtensions</code>