初次使用数据库的【对称证书加密技术】,
有如下问题想请教下:
1:如果之前创建的证书或者对称密钥丢失怎么办?
2:当我把数据库放到另外一台服务器,这些加密是否还能正常使用?(过会自己测试下)
3:备份 Master Key 、证书、对称密钥的作用
4:加密的算法,通常都使用哪些种类?目前使用的是DES。
5:加密后,以后要注意哪些事宜。
6:帮忙看下这个帖子:
http://topic.csdn.net/u/20120615/12/12be04c7-c56d-40c6-8450-710366f079e3.html
以下是自己写的一个使用案例,
如果有不合适的地方,望指点下
- SQL code
if object_id('t_encryption','u') is not null drop table t_encryption gocreate table t_Encryption( DCNO int identity primary key, DCNAME varchar(50) , SalaryInfo varbinary(max))go---------------------------------------------------创建加密证书create certificate cert_SalaryInfoEncryption by [email protected]'with subject=N'Salary Information Encryption', expiry_date='9999-12-31'-----删除证书 ----- drop certificate cert_SalaryInfogo---------------------------------------------------创建对称加密create symmetric key sym_SalaryInfowith algorithm=DES --使用DES 加密算法(*不知道原理)encryption by certificate cert_SalaryInfo----删除对称加密----drop symmetric key sym_SalaryInfogo---------------------------------------------------打开对称加密(插入数据前要打开对称加密,否则将无效)open symmetric key sym_SalaryInfodecryption by certificate cert_SalaryInfowith password [email protected]'go---------------------------------------------------插入加密数据insert into t_Encryption(DCNAME,SalaryInfo)select 'andy',ENCRYPTBYKEY(KEY_GUID('sym_SalaryInfo'),N'1000.00') union all select 'job',ENCRYPTBYKEY(KEY_GUID('sym_SalaryInfo'),N'2000.03')go---------------------------------------------------关闭密钥close symmetric key sym_SalaryInfogo---------------------------------------------------查询表数据select * from t_Encryption/*DCNO DCNAME SalaryInfo----------- -------------------------------------------------- -----------------------------------------------------------------------1 andy 0x00A4EFE20ABB16458517D289B626ECB20100000060F12ABBD792B7C542DC8AAEC496A3796A9C0B7D454F56CAC6AA60763953B6312 job 0x00A4EFE20ABB16458517D289B626ECB2010000003CAAC262CE95588561CA30139608AD380608F12F70E7271006702FA037D5AE1A(2 row(s) affected)*/go---------------------------------------------------使用对称加密直接查看(不开启对称加密)select DCNO, DCNAME, convert(nvarchar(500),DECRYPTBYKEY(SalaryInfo)) as SalaryInfofrom t_Encryption/*DCNO DCNAME ----------- -------------------------------------------------- -------------------1 andy NULL2 job NULL(2 row(s) affected)*/go--------------------------------------------------查询数据前要打开加密open symmetric key sym_SalaryInfodecryption by certificate cert_SalaryInfowith password [email protected]'goselect DCNO, DCNAME, convert(nvarchar(500),DECRYPTBYKEY(SalaryInfo)) as SalaryInfofrom t_Encryption/*DCNO DCNAME SalaryInfo----------- -------------------------------------------------- ------------------1 andy 1000.002 job 2000.03(2 row(s) affected)*/go--------------------------------------------------更新DCNO=1的salaryinfo 变为1500update t_Encryption set SalaryInfo=ENCRYPTBYKEY(KEY_GUID('sym_SalaryInfo'),N'1500')where DCNO=1go--------------------------------------------------再次插入一条记录insert into t_Encryption(DCNAME,SalaryInfo)select 'Ivan',ENCRYPTBYKEY(KEY_GUID('sym_SalaryInfo'),N'3000')goselect DCNO, DCNAME, convert(nvarchar(500),DECRYPTBYKEY(SalaryInfo)) as SalaryInfofrom t_Encryption /*DCNO DCNAME SalaryInfo----------- -------------------------------------------------- ---------------------1 andy 15002 job 2000.033 Ivan 3000(3 row(s) affected)*/go--------------------------------------------------使用完成后一定要记住关闭掉close symmetric key sym_SalaryInfogo--------------------------------------------------关闭后查询(在没有开锁的情况下)select DCNO, DCNAME, SalaryInfo as SalaryInfo_, convert(nvarchar(500),DECRYPTBYKEY(SalaryInfo)) as SalaryInfofrom t_Encryption/*DCNO DCNAME SalaryInfo_ SalaryInfo1 andy 0x00A4EFE20ABB16458517D289B626ECB201000000DF23BA3059585CF3C6F0D3C3CA7EB685B201DAEAEF4351570FEE080D5927DD46 NULL2 job 0x00A4EFE20ABB16458517D289B626ECB2010000003CAAC262CE95588561CA30139608AD380608F12F70E7271006702FA037D5AE1A NULL4 Ivan 0x00A4EFE20ABB16458517D289B626ECB201000000D39FA6B1F9090FFC9488DD8947BD068D9B995776FC1A6E018DED081EA3150D5C NULL*/