I have previously implement Client Side Data Encryption using Azure Key Vault using the following approach:
- Every record that needs to be encrypted gets a Content Encryption Key (CEK)
- The content is encrypted symmetrically using this CEK.
- The CEK is then encrypted asymmetrically using a Master Key which is stored in Azure Key Vault.
- The encrypted CEK, the Master Key identifier and the encrypted data are persisted to the Mongo DB.
Decryption Approach: 1. When a User needs decrypted information, the encrypted CEK is first decrypted using the Master Key 2. The decrypted CEK is then used to symmetrically decrypt the encrypted data.
This approach works great if you want to decrypt records one record at a time.
This approach has a performance overhead when you consider decrypting 100s of records at the same time.
For each record, you need to first decrypt the CEK. This is an expensive call over the network using Azure Key Vault Rest API. Imagine someone wanting to export 1000s of decrypted records (as is the case in my scenario now). This would be not just a time consuming operation, but also an expensive one.
Does anyone have any suggestions on how to accomplish this? I have dabbled with the following approaches:
Establish a Key Daily (or Monthly) and use it as a CEK for all of the Day/Month’s Orders so that the number of CEKs to decrypt reduces when exporting/pulling reports to view en-masse. Use in-memory caching strategies to cache decrypted CEKs and only make a network call when not decrypted CEK not found in cache.
Establish a one time CEK for the Client and use it for all records.
Don’t use a CEK at all and simply encrypt all data using a master key (suicide in my opinion as asymmetric encryption of large data is not recommended at all) and will increase overheads.
Wondering if people have any suggestions!
✓ Extra quality
ExtraProxies brings the best proxy quality for you with our private and reliable proxies
✓ Extra anonymity
Top level of anonymity and 100% safe proxies – this is what you get with every proxy package
✓ Extra speed
1,ooo mb/s proxy servers speed – we are way better than others – just enjoy our proxies!
USA proxy location
We offer premium quality USA private proxies – the most essential proxies you can ever want from USA
Our proxies have TOP level of anonymity + Elite quality, so you are always safe and secure with your proxies
Use your proxies as much as you want – we have no limits for data transfer and bandwidth, unlimited usage!
Superb fast proxy servers with 1,000 mb/s speed – sit back and enjoy your lightning fast private proxies!
99,9% servers uptime
Alive and working proxies all the time – we are taking care of our servers so you can use them without any problems
No usage restrictions
You have freedom to use your proxies with every software, browser or website you want without restrictions
Perfect for SEO
We are 100% friendly with all SEO tasks as well as internet marketing – feel the power with our proxies
Buy more proxies and get better price – we offer various proxy packages with great deals and discounts
We are working 24/7 to bring the best proxy experience for you – we are glad to help and assist you!