Client-side encryption in a distributed environment

摘要

Methods and systems for encrypting and decrypting data are described. In one embodiment, a client computing system sends to a server computing system over a network a first network request to perform multiple operations such as a lease operation and a fetch operation. In response, the server computing system performs the operations. Subsequently, the client computing system can send subsequent network requests to write re-encrypted data and to relinquish the lease. The subsequent network requests may also be single network requests that perform lease operations, as well as other operations, such as operations for block alignment purposes. The client computing system can send an actual end of file when relinquishing the lease so that the server computing system can handle a remainder of data that is used for subsequently decrypting the re-encrypted data.

主权项

1. A method comprising:
sending to a server computing system, by a processing device of a client computing system, a first network request to obtain a lease granting exclusive access to a data range of encrypted data for a fixed quantity of time and fetch contents of the data range as a first single atomic operation; in response to the first network request, receiving by the processing device the contents of the data range of encrypted data; sending to the server computing system, by the processing device, a second network request to write re-encrypted data; and sending to the server computing system after the second network request, by the processing device, a third network request to relinquish the lease and indicate an actual end of file for the data range when the data range includes the end of the file as a second single atomic operation.