-1

My Requirement:

I have a Azure Storage Account with 2 containers named Normal and Encrypted.

Now a zip file will be uploaded into "Normal" container which I need to encrypt and place it into "Encrypted" Container.

File can be anywhere between 3GB to 5GB.

Currently, I have used AES CBC with padding PKCS7 (I have not used HMAC). and this works fine. But based on some security concerns, we have found that AES CBC does not provide integrity.

Challenges:

As AES GCM is more secure, I am exploring on how can be the bigger files can be encrypted using AES GCM. If we encrypt in chunks, then for each Chunk different Auth Tag is generating. How can this be addressed? as I need to give Key, IV and Auth Tag for decryption team to decrypt it.

Is it good and is it possible to encrypted 5GB files using AES GCM? If so, can anyone help me out with some example code in C# or link to refer?

If AES GCM is not good for this, then how can I implement HMAC to my AES CBC code. As I am working on Azure Blobs, I am using CryptoStream to encrypt and write the content into "Encrypted" container.

Pathrudu Majji
  • 69
  • 6
  • Does this answer your question: [Client-side encryption for blobs](https://learn.microsoft.com/en-us/azure/storage/blobs/client-side-encryption?tabs=dotnet) ? – Fildor Jul 12 '22 at 09:52
  • BTW: Questions starting with "Best way to ..." tend to get closed for being opinion-based. You may want to rephrase that. – Fildor Jul 12 '22 at 09:53

1 Answers1

0

AES-GCM will provide the inbuild authentication (integrity) mechanism. But through this mode, we can only encrypted limited content (say up to 1GB).

AES-CBC will support streaming through CryptoStream class and can encrypt the larger files in chunks without any issue. Only Issue with AES-CBC is it doesn't provide integrity. For this we can add some extra logic to implement HMAC though which we can achieve the integrity.

HMAC - Create SHA256 hash of your encrypted content and pass it to Decryption team. Decryption team needs to validate this hash. Only if Hash is matched, decryption team can proceed for decrypting the encrypted content. Through this, decryption team can ensure that encrypted content is not tampered.

One of the highlight point mentioned here is:

The authentication part of GCM (GHASH) is weaker than HMAC, GHASH provides a maximum 128-bit authentication tag, whereas HMAC allows lot longer tags (HMAC-SHA-256 would allow 256-bit authentication tag). In addition, forgery of GHASH tags in some cases is easier than HMAC

Hence, I went with option of AES-CBC with HMAC encryption.

Pathrudu Majji
  • 69
  • 6
  • AES-GCM is a streaming cipher and support files up to 64GB: https://crypto.stackexchange.com/questions/31793/plain-text-size-limits-for-aes-gcm-mode-just-64gb – Tom Raganowicz Jan 13 '23 at 19:02