Microsoft Adding Elliptic Curve Cryptography Support to Azure Websites

You never have enough of securing your machines, have you? As a developer, you are probably continuously striving the good balance between functionality and security of your platform. As a Cloud Developer, possibly on a well-known PaaS platform, you are relieved of most of the encumbrance, which is off-loaded to your provider, but still will need to deploy strategies to ensure that your app is as safe as possible for both you and your users. Well, nowadays we have plenty of resources to defend our website, especially on the cryptography side. Well, probably it’s not the right time to celebrate OpenSSL, the most common and used encryption layer around, but apart from bugs who might cause your heart to bleed (pun intended), the modern asymmetric cryptography technologies are quite robust and well-known, and upon them relies the vast majority of security of the Internet nowadays.

Nevertheless, cryptographers keep looking for ways to make things even more secure, and somehow new technology is slowly making its way to the tier-1 set of security algorithms: the Elliptic Curve Cryptography. Today’s news is: Microsoft added ECC to Azure Web Sites.

Wait, elliptic…what?

ECC is not the latest acronym in the computer world: mind immediately goes to Error Correcting Code RAM memory. When speaking about cryptography, though, ECC is an “approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields“, Wikipedia says. Quite easy, right?
Elliptic Curve

Let’s take it one bite a time. Mathematically speaking, Elliptic curves are based on equations like “y^2 = x^3 + ax + b”. Once drawn, they produce graphs like this one on the left here. As you might see, the curve has a peculiar elliptic shape and is symmetric. A long and deep (and boring, probably) analysis of the mathematical properties of this kind of curves should be here, but long story short: elliptic curves have a number of interesting features that we can use to derive public keys from private ones very easily, while the other way round is extremely more complex, by at least one order of magnitude. For example, a reasonably strong 3072 bit RSA key is equivalent to a small 256 bit ECC key. Quite impressive, I’d daresay.

ECC in Azure Web Sites

To unleash all the computational efficiency of ECC cryptography in Azure Web Sites is quite easy thanks to the new feature Microsoft added. The starting point is buying an ECC certificate instead of an ordinary SSL one. ECC is quite a new technology out there, so you might find a little bit difficult to provide one for yourself. Right now, Symantec and Entrust sell them, but you can expect more companies will join the band soon. Once you have it, enough you upload it to Azure as a PFX file, just like for your usual RSA certificate, and assign it to your site, and you’re done. Azure will take care of everything it’s needed in the background to make it up and running. Anyway, caution ahead: ECC is not yet supported by all the clients around. The most recent ones support this new toy in a good way but ensure to provide a backup for the older ones, just in case.

Avatar

Written by

Andrea Colangelo

Software Engineer with a solid focus on QA and an extensive experience in ICT. Above all, Andrea has a very strong interest in Free and Open Source Software, and he is a Debian and Ubuntu Developer since years. Non-tech interests include: Rugby, Jazz music and Cooking.


Related Posts

Alisha Reyes
Alisha Reyes
— December 5, 2019

New on Cloud Academy: AWS Solution Architect Lab Challenge, Azure Hands-on Labs, Foundation Certificate in Cyber Security, and Much More

Now that Thanksgiving is over and the craziness of Black Friday has died down, it's now time for the busiest season of the year. Whether you're a last-minute shopper or you already have your shopping done, the holidays bring so much more excitement than any other time of year. Since our...

Read more
  • AWS
  • AWS solution architect
  • AZ-203
  • Azure
  • cyber security
  • FCCS
  • Foundation Certificate in Cyber Security
  • Google Cloud Platform
  • Kubernetes
Avatar
Cloud Academy Team
— December 4, 2019

Understanding Enterprise Cloud Migration

What is enterprise cloud migration? Cloud migration is about moving your data, applications, and even infrastructure from your on-premises computers or infrastructure to a virtual pool of on-demand, shared resources that offer compute, storage, and network services at scale. Why d...

Read more
  • AWS
  • Azure
  • Data Migration
Nisar Ahmad
Nisar Ahmad
— November 12, 2019

Kubernetes Services: AWS vs. Azure vs. Google Cloud

Kubernetes is a popular open-source container orchestration platform that allows us to deploy and manage multi-container applications at scale. Businesses are rapidly adopting this revolutionary technology to modernize their applications. Cloud service providers — such as Amazon Web Ser...

Read more
  • AWS
  • Azure
  • Google Cloud
  • Kubernetes
Alisha Reyes
Alisha Reyes
— November 6, 2019

New on Cloud Academy: AZ-900 Exam Update; MS-100 Exam Prep; PRINCE2 Foundation; Azure, Kubernetes, and Google Hands-on Labs; and Much More

This month, our Content Team really kicked it into overdrive with tons of new content. If you're Team Azure, then you'll be amazed at the number of Azure Courses and Hands-on Labs we published this month alone!  At any time, you can find all of our new releases by going to our Training ...

Read more
  • AZ-900
  • Azure
  • Google Cloud Platform
  • Kubernetes
  • MS-100
  • New content
  • PRINCE2
  • Product Feature
Joe Nemer
Joe Nemer
— October 30, 2019

How to Get Hands-on Experience on AWS, Azure, and GCP: Lab Challenges

Meaningful cloud skills require more than book knowledge. Hands-on experience is required to translate knowledge into real-world results. We see this time and time again in studies about how kids and adults best learn — doing the actual learning task is key. Hands-on Labs and Lab Challe...

Read more
  • AWS Labs
  • Azure
  • Google Cloud Platform
  • Hands-on Labs
Avatar
Cloud Academy Team
— October 23, 2019

Which Certifications Should I Get?

As we mentioned in an earlier post, the old AWS slogan, “Cloud is the new normal” is indeed a reality today. Really, cloud has been the new normal for a while now and getting credentials has become an increasingly effective way to quickly showcase your abilities to recruiters and compan...

Read more
  • AWS
  • Azure
  • Certifications
  • Cloud Computing
  • Google Cloud Platform
Alisha Reyes
Alisha Reyes
— October 1, 2019

New on Cloud Academy: ITIL® 4, Microsoft 365 Tenant, Jenkins, TOGAF® 9.1, and more

At Cloud Academy, we're always striving to make improvements to our training platform. Based on your feedback, we released some new features to help make it easier for you to continue studying. These new features allow you to: Remove content from “Continue Studying” section Disc...

Read more
  • AWS
  • Azure
  • Google Cloud Platform
  • ITIL® 4
  • Jenkins
  • Microsoft 365 Tenant
  • New content
  • Product Feature
  • Python programming
  • TOGAF® 9.1
Avatar
Jeremy Cook
— September 17, 2019

Cloud Migration Risks & Benefits

If you’re like most businesses, you already have at least one workload running in the cloud. However, that doesn’t mean that cloud migration is right for everyone. While cloud environments are generally scalable, reliable, and highly available, those won’t be the only considerations dri...

Read more
  • AWS
  • Azure
  • Cloud Migration
Joe Nemer
Joe Nemer
— September 6, 2019

Google Cloud Functions vs. AWS Lambda: The Fight for Serverless Cloud Domination

Serverless computing: What is it and why is it important? A quick background The general concept of serverless computing was introduced to the market by Amazon Web Services (AWS) around 2014 with the release of AWS Lambda. As we know, cloud computing has made it possible for users to ...

Read more
  • AWS
  • Azure
  • Google Cloud Platform
Alisha Reyes
Alisha Reyes
— August 30, 2019

New on Cloud Academy: CISSP, AWS, Azure, & DevOps Labs, Python for Beginners, and more…

As Hurricane Dorian intensifies, it looks like Floridians across the entire state might have to hunker down for another big one. If you've gone through a hurricane, you know that preparing for one is no joke. You'll need a survival kit with plenty of water, flashlights, batteries, and n...

Read more
  • AWS
  • Azure
  • Google Cloud Platform
  • New content
  • Product Feature
  • Python programming
Alisha Reyes
Alisha Reyes
— August 22, 2019

How to Unlock Complimentary Access to Cloud Academy

Are you looking to get trained or certified on AWS, Azure, Google Cloud Platform, DevOps, Cloud Security, Python, Java, or another technical skill? Then you'll want to mark your calendars for August 23, 2019. Starting Friday at 12:00 a.m. PDT (3:00 a.m. EDT), Cloud Academy is offering c...

Read more
  • AWS
  • Azure
  • cloud academy content
  • complimentary access
  • GCP
  • on the house
Avatar
Andrew Larkin
— August 13, 2019

Content Roadmap: AZ-500, ITIL 4, MS-100, Google Cloud Associate Engineer, and More

Last month, Cloud Academy joined forces with QA, the UK’s largest B2B skills provider, and it put us in an excellent position to solve a massive skills gap problem. As a result of this collaboration, you will see our training library grow with additions from QA’s massive catalog of 500+...

Read more
  • AWS
  • Azure
  • content roadmap
  • Google Cloud Platform