Disk Encryption

Azure disk encryption is facilitated through VM extensions:

The extensions both obtain the specified KEK from a key vault, then create a new secret (the Wrapped BEK) that must be decrypted with the KEK in order to obtain the passphrase for the volume. This additional layer of wrapping ensures that the key cannot be easily compromised in transit. To identify which keys are provisioned for which volumes the agent will set the following tags on each secret:

  • MachineName containing the name of the VM.
  • DiskEncryptionKeyEncryptionUrl will contain the complete URI of the KEK specified during provisioning (KeyEncryptionKeyURL in the extension settings).
  • DiskEncryptionKeyFileName contains the name of the key file on the BEK disk (see below).
  • DiskEncryptionKeyEncryptionAlgorithm will contain the encryption algorithm used to encrypt the passphrase (KeyEncryptionAlgorithm in the extension settings).

Once disk encryption has been enabled on a VM an additional disk containing the keys will be attached to the volume at boot time. For Windows systems this will assume the first available drive letter (D: or later). On Linux systems it'll be mounted at /mnt/azure_bek_disk.

Recovering encrypted disks from a different machine

The steps for accessing the contents of an encrypted container are the same as with ordinary dm-crypt containers. Encrypting the passphrase with a KEK means that we must also derive the BEK:

  1. Find the name and version of the KEK for the disk you're recovering.
  2. Perform an unwrapKey operation against the hosting key vault. a. alg should always be "RSA-OAEP" for Azure-created disk encryption keys. b. value should be the value of the disk's secrets.
  3. Take the generated value and try to base64 decode it. To avoid leaking secrets, do this offline. To do this with Python: import base64; base64.urlsafe_b64decode(b"<the result>").
  4. If you see an binascii.Error exception about padding, append an equals sign (=) to the result and retry -- it seems the values are incorrectly formatted. The amount of padding required varies between one and two characters.
  5. Once you have a result, continue to open the volume with dm-crypt or BitLocker recovery processes.

  1. Linux