BlackBerry Spark Communications Services Guide

Azure Cosmos DB for Cloud Key Storage

Spark Communications Services uses cryptographic keys to protect communications. You can chose to store and distribute keys using the SDK's Cloud Key Storage option.

The SDK can use any cloud storage service that meets some basic requirements. Azure Cosmos DB is a popular cloud storage service that you can use in combination with an application server that enforces access control for your security keys. The Key Provider Server is provided with the SDK examples, and it satisfies all Cloud Key Storage requirements to securely store and distribute keys to authenticated users using Azure Cosmos DB.

Configuring Azure

First, create an instance of Azure Cosmos DB by following these steps:

  1. Visit the Azure Portal.
  2. Create an Azure Cosmos DB instance (Table API).
  3. Create a new table inside the database.

Example

Here is an example showing protected user keys stored in Azure Cosmos DB.

  
{
  "RowKey": {
    //Private keys readable only by the record creator
    "private": {
      "profile": {
        "sign": {
          "payload": "uZcuUJeSMzmGKGFpq43B8ThoUzY...",
          "nonce": "-qA_DfcoqFaO5v-a9l2OzA",
          "mac": "bEkUiECwZkiQn_XfVpLj5Cb2f0..."
        },
        "encrypt": {
          "payload": "P7Kc-rUidDi7xafS5lAORb6c8g3...",
          "nonce": "5rDE8OTHBsohUDrlKY9kFQ",
          "mac": "sHxtvbd4NS06DgYACp6kXLYDRQ..."
        }
      },
      //Management Keys
      "manage": {
        "sign": {
          "payload": "QlsbY_WTNNWCcKUugqrdyBbhqWm7xIG...",
          "nonce": "i7G2-1M3gSqziQAlGl7jfw",
          "mac": "RZIIgdBSpXG_Oy7QXXic017SU_3gFJU2j..."
        },
        "encrypt": {
          "payload": "P0mmcUNsKLDWcdMfi5tE1PcmmdIb...",
          "nonce": "QQu46b7kVeSSfAwVcjgH6Q",
          "mac": "MnKe_KWYK0rfTwrpDTChizsyUuGnS6..."
        }
      },
      //Private Chat Keys
      "mailboxes": {
        "NzU4ZjFlZDZjNjkxZWEyNjMzYmFlMjE0Y2NiNTNiZDQ...": {
          "payload": "Cree3hNwDSTXmZOpBFbmufpLsOWXPQrNSr...",
          "nonce": "2BJti4IauAqxXQiK46mJdg",
          "mac": "sSEA1OWAH_bYqIxjbB7asfekug6JFm..."
        },
        "YzM2OWQ1YTZkMmRjM2Y2MTRmYTBhODVhOWE1ZTk...": {
          "payload": "OkwXugamgd8A6v2CTCR249lLC2...",
          "nonce": "VJTcq0khweTaCBOVs8s0KQ",
          "mac": "Wuvnqw7OpO9hd8OwQ1p7jZfRUaEeL0..."
        }
      }
    },
    //Public User Keys. Readable by all, writable only by the record creator
    "public": {
      "sign": {
        "key": "BAAhZ7xaKF-bCexzDV3rTE..."
      },
      "encrypt": {
        "key": "BAFNB_vo0mDG-xXALrmYaA..."
      }
    }
  }
}