Skip to content
/ HSM_AES256 Public

These programs implement secure encryption and key management using AES-256-GCM and HMAC-SHA-256, integrating with Azure Key Vault for storing and retrieving Key Encryption Keys (KEK). They include password hashing and salting with PBKDF2-HMAC-SHA256, ensuring strong key derivation, and use wrapped encryption keys for added security.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

adriank31/HSM_AES256

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
Notes.pdf
Notes.pdf
 
 
README.md
README.md
 
 

Repository files navigation

LinkedIn Badge

Secure Encryption & Azure Key Vault Integration

Releases

All versions of the programs are available in the Releases section under the following tags:

  • 🏷 v1 - Password Hashing & HMAC Authentication
  • 🏷 v2 - Secure Key Derivation & AES Encryption
  • 🏷 v3 - Azure Key Vault Integration & HSM Simulation

Project Overview

This project provides secure encryption, key wrapping, and Azure Key Vault integration using OpenSSL and cURL. It includes:

  • PBKDF2-HMAC-SHA256 for password hashing
  • AES-256-GCM encryption for secure message encryption
  • Azure Key Vault integration for cloud-based key management
  • HSM simulation for secure key handling

Installation Guide

Step 1: Install Required Dependencies

For Linux/macOS

sudo apt update && sudo apt install -y openssl libssl-dev curl jq azure-cli
brew install openssl curl jq azure-cli  # macOS (Homebrew)

For Windows

  1. Download and install OpenSSL
  2. Download and install Azure CLI
  3. Install cURL & jq using Chocolatey:
choco install curl jq

Program Versions & Usage

v1: Secure Key Derivation & AES Encryption

Features:

  • PBKDF2-HMAC-SHA256 derives keys from passwords
  • AES-256-GCM provides authenticated encryption
  • Random IV generation with OpenSSL

To Compile and Run:

gcc PBKDF2_AES256.c -o PBKDF2_AES256 -lcrypto
./PBKDF2_AES256

v2: AES Encryption & HSM Simulation

Features:

  • Encrypted DEK/KEK inside Database(HSM)
  • Encrypts user-provided-message using AES-256-GCM with unencrypted DEK
  • Authentication tag to ensure message integrity
  • Random IV generation with OpenSSL

To Compile and Run:

gcc HSM_AES256.c -o HSM_AES256 -lcrypto
./HSM_AES256

v3: Azure Key Vault Integration & HSM Simulation

Features:

  • Generates KEK & DEK inside a simulated HSM
  • Encrypts & wraps the DEK using KEK
  • Fetches KEK from Azure Key Vault
  • Encrypts messages securely with AES-256-GCM

To Compile and Run:

gcc HSM_AZURE_AES256.c -o HSM_AZURE_AES256 -lcrypto -lcurl
./HSM_AZURE_AES256

Set Environment Variables:

export AZURE_KEY_VAULT="https://yourvault.vault.azure.net"
export AZURE_KEY_NAME="KEK"

Example Usage

Run the Program:

./HSM_AZURE_AES256

User Input:

Enter message to encrypt: Secure Encryption Works!

Output:

Generated IV: f8d3a9e2c5a4
Encrypted Message: 7d9a1b04d87a34e2bcf9
Authentication Tag: 3e5a9f1e8b73

Troubleshooting

Azure Key Vault Permission Issues?

az role assignment list --assignee $(az ad signed-in-user show --query id -o tsv)

Invalid Azure Access Token

az logout && az login

OpenSSL Errors

openssl version

License

This project is licensed under the MIT License. See the LICENSE file for details.

Notes

Check out my uploaded notes for an in-depth explanation of encryption/decryption with code analysis.

About

These programs implement secure encryption and key management using AES-256-GCM and HMAC-SHA-256, integrating with Azure Key Vault for storing and retrieving Key Encryption Keys (KEK). They include password hashing and salting with PBKDF2-HMAC-SHA256, ensuring strong key derivation, and use wrapped encryption keys for added security.

Topics

azure pbkdf2 sha256 aes256 hsm aes-encryption decryption azurekeyvault aes256-gcm

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

HSM_AZURE_AES256 Latest
Feb 15, 2025
+ 2 releases

Packages

No packages published