SearchRetrieveEncryptedFiles demonstrates the use of searchable policies and hashing feature of the Trust Services SDK to build a search index on encrypted files, such as those created in the EncryptedFiles sample. The search words to look up the index are
hashed, so it can be stored in the cloud without exposing the contents of the encrypted files.
The HelperFiles directory contains:
(a) The certificate files for the TSPA (Admin.*), Publisher (Pub.*), and Subscriber (Sub.*) roles.  See Note below.
(b) .\Trusted directory with text files
The sample performs the following steps:
(a) The TSPA creates an encrypt data policy for each text file under the Trusted directory, and a search data policy that can be applied to all the text files
(b) The TSPA authorizes the Publisher to all the policies
(c) The TSPA authorizes the Subscriber to the search data policy and to the encrypt data policy for one file.
(d) The Publisher encrypts all the files under .\Trusted and uploads them to the untrusted/remote directory. In this sample, this is .\Untrusted, a local directory.
(e) The Publisher creates an inverted search index of the text files, i.e. a dictionary with each word found in the text files, and the corresponding files that contain it. This data structures lets one look up which files contain a given word. The keys to
this search index are hashed using the search data policy, so that it can be securely stored in the .\Untrusted directory.
(f) The sample now enters a loop that demonstrates actions that can be taken by the Subscriber role - e.g. find a file that contains a given word and then download it.
Note: As search and encrypt data policies defined on the protected files are different, even though the subscriber can see the name of the file that contains a given word, he may not be able to access the file contents (i.e. decrypt it) if he is not authorized
to the encrypt data policy used to protect it.
To run the sample:
Prepare the trust server:
1. Login to trust portal (https://trustservices2.cloudapp.net/)
2. Create trust server
3. Set TSPA (upload Admin.cer from under HelperFiles directory)
4. Open the solution in VS2010
5. Edit the program's App.config with the trust server name created in step 2.
6. Build and run the solution
Play with the Search API demo loop (as the Subscriber role):
(f) (F)ind files containing word
(g) (G)et file
Scenario (f) returns the names of the files that contain the word, or indicates no matching files were found.
Scenario (g) returns the decrypted contents of the file requested for download. This can fail in two scenarios with an error indicating that no policy is found for the file: (1) If you request a file you are not authorized to, or (2) If you request a non-existant
file, or a file that is not encrypted as part of this sample.
 Note: The certificate files are provided to keep minimal the overhead of getting started with the sample. Do not reuse these certificates in critical security related scenarios. To create your own self-signed certificates, run the following
commands from a Visual Studio command prompt to create a self-signed certificate in .pfx format.
makecert -r -pe -n
You will be prompted for a password to secure the private key three times. Enter a password of your choice. (NOTE: You must also modify the filename and password as appropriate in the App.config)
Then enter the following command to create the .pfx file. After the –pi switch, enter the password you chose.
You can verify that the certificate has been created by looking in the current directory in the Visual Studio command prompt.
Getting Started Tutorial
Download "Trust Services" SDK
Access "Trust Services" Portal
SQL Azure Labs Forums