Skip to main content

Microsoft Adding Elliptic Curve Cryptography Support to Azure Websites

You never have enough of securing your machines, have you? As a developer, you are probably continuously striving the good balance between functionality and security of your platform. As a Cloud Developer, possibly on a well-known PaaS platform, you are relieved of most of the encumbrance, which is off-loaded to your provider, but still will need to deploy strategies to ensure that your app is as safe as possible for both you and your users. Well, nowadays we have plenty of resources to defend our website, especially on the cryptography side. Well, probably it’s not the right time to celebrate OpenSSL, the most common and used encryption layer around, but apart from bugs who might cause your heart to bleed (pun intended), the modern asymmetric cryptography technologies are quite robust and well-known, and upon them relies the vast majority of security of the Internet nowadays.

Nevertheless, cryptographers keep looking for ways to make things even more secure, and somehow new technology is slowly making its way to the tier-1 set of security algorithms: the Elliptic Curve Cryptography. Today’s news is: Microsoft added ECC to Azure Web Sites.

Wait, elliptic…what?

ECC is not the latest acronym in the computer world: mind immediately goes to Error Correcting Code RAM memory. When speaking about cryptography, though, ECC is an “approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields“, Wikipedia says. Quite easy, right?
Elliptic Curve

Let’s take it one bite a time. Mathematically speaking, Elliptic curves are based on equations like “y^2 = x^3 + ax + b”. Once drawn, they produce graphs like this one on the left here. As you might see, the curve has a peculiar elliptic shape and is symmetric. A long and deep (and boring, probably) analysis of the mathematical properties of this kind of curves should be here, but long story short: elliptic curves have a number of interesting features that we can use to derive public keys from private ones very easily, while the other way round is extremely more complex, by at least one order of magnitude. For example, a reasonably strong 3072 bit RSA key is equivalent to a small 256 bit ECC key. Quite impressive, I’d daresay.

ECC in Azure Web Sites

To unleash all the computational efficiency of ECC cryptography in Azure Web Sites is quite easy thanks to the new feature Microsoft added. The starting point is buying an ECC certificate instead of an ordinary SSL one. ECC is quite a new technology out there, so you might find a little bit difficult to provide one for yourself. Right now, Symantec and Entrust sell them, but you can expect more companies will join the band soon. Once you have it, enough you upload it to Azure as a PFX file, just like for your usual RSA certificate, and assign it to your site, and you’re done. Azure will take care of everything it’s needed in the background to make it up and running. Anyway, caution ahead: ECC is not yet supported by all the clients around. The most recent ones support this new toy in a good way but ensure to provide a backup for the older ones, just in case.

Written by

Andrea Colangelo

Software Engineer with a solid focus on QA and an extensive experience in ICT. Above all, Andrea has a very strong interest in Free and Open Source Software, and he is a Debian and Ubuntu Developer since years. Non-tech interests include: Rugby, Jazz music and Cooking.

Related Posts

Giacomo Marinangeli
— March 29, 2019

NEW: Custom Hands-On Labs for Azure and Google Cloud Platform

Harvard Business Review recently estimated that some 90% of corporate training never gets applied on the job. Given the $200B training industry, that is a staggering amount of waste. One reason for the disconnect? Lack of context.Cloud Academy’s platform was built to make it extraor...

Read more
  • Azure
  • Content Engine
  • Google Cloud Platform
  • hands-on labs
Guy Hummel
— March 28, 2019

How to Become a Microsoft Certified Azure Solutions Architect

Microsoft Azure is the fastest growing cloud provider. Azure’s revenue grew an incredible 76% in the last quarter of 2018. As more and more businesses move their IT infrastructure to Microsoft’s cloud platform, the demand for Azure professionals keeps rising. Since there are relatively ...

Read more
  • Azure
  • microsoft azure
Nitheesh Poojary
— March 20, 2019

What is Heroku? Getting Started with PaaS Development

So just what is Heroku? It's a service for developers eager to get their applications online without having to worry about infrastructure details.Metered, pay-as-you-go Cloud Computing services come in all kinds of flavors. Infrastructure as a Service (IaaS) offerings like AWS allow e...

Read more
  • Azure
  • Development & deploy
Nitheesh Poojary
— March 12, 2019

Understanding Object Storage and Block Storage Use Cases

Cloud Computing, like any computing, is a combination of CPU, memory, networking, and storage. Infrastructure as a Service (IaaS) platforms allow you to store your data in either Block Storage or Object Storage formats.Understanding the differences between these two formats - and how ...

Read more
  • Azure
  • Storage
Thomas Mitchell
— January 22, 2019

Azure Hybrid Identity Authentication Methods

The move to the cloud is picking up steam.  As such, many corporations are beginning to find themselves supporting a mixture of on-prem apps as well as cloud apps. Users are finding that they need access to this mix of applications as well.  As one would expect, this can become a challe...

Read more
  • Azure
  • Hybrid Cloud
  • Hybrid Identity
Guy Hummel
— November 21, 2018

Google Cloud Certification: Preparation and Prerequisites

Google Cloud Platform (GCP) has evolved from being a niche player to a serious competitor to Amazon Web Services and Microsoft Azure. In 2018, research firm Gartner placed Google in the Leaders quadrant in its Magic Quadrant for Cloud Infrastructure as a Service for the first time. In t...

Read more
  • AWS
  • Azure
  • Google Cloud
Thomas Mitchell
— October 30, 2018

Azure Stack Use Cases and Applications

This is the second of a two-part series covering Azure Stack. Our first post provided an introduction to Azure Stack. Why would your organization consider using Azure Stack? What are the key differences between Azure Stack and Microsoft Azure? In this post, we'll begin to answer bot...

Read more
  • Azure
  • Hybrid Cloud
  • Virtualization
Guy Hummel
— October 3, 2018

Highlights from Microsoft Ignite 2018

Microsoft Ignite 2018 was a big success. Over 26,000 people attended Microsoft’s flagship conference for IT professionals in sunny Orlando, Florida. As usual, Microsoft made a huge number of announcements, ranging from minor to major in importance. To save you the trouble of sifting thr...

Read more
  • Azure
  • Ignite
Guy Hummel
— September 20, 2018

Planning for Microsoft Ignite 2018 Sessions: What Not to Miss

Cloud Academy is proud to be a sponsor of the Microsoft Ignite Conference to be held September 24 - 28 in Orlando, Florida. This is Microsoft’s biggest event of the year and is a great way to stay up to date on how to get the most from Microsoft’s products. In this post, I’ll help you p...

Read more
  • Azure
Cloud Academy Team
— September 18, 2018

How to Optimize Cloud Costs with Spot Instances: New on Cloud Academy

One of the main promises of cloud computing is access to nearly endless capacity. However, it doesn’t come cheap. With the introduction of Spot Instances for Amazon Web Services’ Elastic Compute Cloud (AWS EC2) in 2009, spot instances have been a way for major cloud providers to sell sp...

Read more
  • AWS
  • Azure
  • Google Cloud
  • SpotInst
Guy Hummel and Jeremy Cook
— August 23, 2018

What are the Benefits of Machine Learning in the Cloud?

A Comparison of Machine Learning Services on AWS, Azure, and Google CloudArtificial intelligence and machine learning are steadily making their way into enterprise applications in areas such as customer support, fraud detection, and business intelligence. There is every reason to beli...

Read more
  • AWS
  • Azure
  • Google Cloud
  • Machine Learning
Dwayne Monroe
— July 5, 2018

How Does Azure Encrypt Data?

In on-premises environments, data security is typically a siloed activity, with a company's security team telling the internal technology groups (server administration, database, networking, and so on) what needs to be protected against intrusion.This approach is absolutely a bad idea...

Read more
  • Azure