我正在使用SQL Server 2008/2012。在我的數據庫中我有一個表有加密列。列是通過使用下面的查詢加密 -獲取加密列名與他們的加密密鑰和證書在SQL服務器
創建示例表
CREATE TABLE [HR].[Employees](
[EmployeeID] [int] NOT NULL,
[EmployeeName] [varchar](50) NULL,
[SSN] [varchar](20) NOT NULL,
[EncryptedSSN] [varbinary] (200) NULL,
CONSTRAINT [PK_Employees] PRIMARY KEY CLUSTERED
( [EmployeeID] ASC)
)
GO
設置主密鑰
CREATE MASTER KEY ENCRYPTION BY
PASSWORD = '[email protected]'
GO
創建對稱密鑰和證書
CREATE CERTIFICATE TestCert
WITH SUBJECT = 'SSN Encryption';
GO
CREATE SYMMETRIC KEY HRKey
WITH ALGORITHM = DES
ENCRYPTION BY CERTIFICATE TestCert;
GO
加密數據
OPEN SYMMETRIC KEY HRKey
DECRYPTION BY CERTIFICATE TestCert;
Now we can update the EncryptedSSN column of our Employees table.
UPDATE [HR].[Employees]
SET [EncryptedSSN] = EncryptByKey(Key_GUID('HRKey'), SSN);
GO
我使用查詢解密這個數據 -
OPEN SYMMETRIC KEY HRKey
DECRYPTION BY CERTIFICATE TestCert;
SELECT [SSN],
CONVERT(VARCHAR, DecryptByKey([EncryptedSSN]))
AS 'Decrypted SSN'
FROM [HR].[Employees]
GO
下面我們就給鑰匙/證書值硬編碼。
我對這個查詢獲取加密列名與他們的桌子 -
SELECT stab.name Table_Name, sc.name Column_Name FROM sys.columns sc
INNER JOIN sys.types st ON sc.system_type_id=st.system_type_id
INNER JOIN sys.tables stab ON stab.object_id=sc.object_id
WHERE st.name='varbinary'
AND stab.is_ms_shipped=0
和密鑰及證書列表此查詢 -
SELECT name, key_length, algorithm_desc, create_date, modify_date
FROM sys.symmetric_keys;
SELECT name, subject, start_date, expiry_date
FROM sys.certificates
現在,我想哪個鍵/證書屬於哪個加密列,所以我可以在該列上應用解密而不提供硬編碼值。請幫我....