首頁 > 開發者 > SQL Server
標籤:sql server 加密 security
SQL Server中加密是層級的,每一個上層為下提供保護。
650) this.width=650;" src="/e/u261/themes/default/images/spacer.gif" style="background:url("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center;border:1px solid #ddd;" alt="spacer.gif" />650) this.width=650;" src="http://s3.51cto.com/wyfs02/M00/70/99/wKioL1W583OjD3bXAAGJ5Fpwxlo470.jpg" title="enc.png" alt="wKioL1W583OjD3bXAAGJ5Fpwxlo470.jpg" />
執行個體:
/**
SMK(Service Master Key)在SQL Server安裝時產生,由Windows DPAPI(Data Protection API)提供保護
**/
/**建立資料庫層級DMK(Database Master Key),受SMK保護**/
create master key encryption by password=N‘Passw0rd‘
go
/**資料庫內的加密對象受DMK保護
支援的對稱式加密演算法:DES | TRIPLE_DES | TRIPLE_DES_3KEY | RC2 | RC4 | RC4_128| DESX | AES_128 | AES_192 | AES_256
非對稱式加密演算法:RSA_512 | RSA_1024 | RSA_2048
注意避免使用RC,DESX類演算法,2014之後會刪除此功能
**/
--1.建立非對稱金鑰.
create asymmetric key asyc_key_enc with algorithm=RSA_1024 encryption by password=N‘[email protected]‘ go
--2.建立對稱金鑰.
create symmetric key symc_key_enc with algorithm=Triple_DES encryption by password=N‘[email protected]‘ go
--3.建立認證.認證也可被其它方式保護
create certificate cert_ENC with subject=‘certificate for ENC‘,expiry_date=‘20990101‘ go
--4.對稱金鑰可由以上三種方式提供加密保護
--4.1 由非對稱金鑰密碼編譯
create symmetric key symc_key_enc_byAsyc with algorithm=AES_128 encryption by asymmetric key asyc_key_enc go
--4.2 由對稱金鑰密碼編譯
open symmetric key symc_key_enc decryption by password=N‘[email protected]‘; create symmetric key symc_key_enc_bySymc with algorithm = DES encryption by symmetric key symc_key_enc go
--4.3 由認證加密
create symmetric key symc_key_enc_byCert with algorithm =AES_128 encryption by certificate cert_ENC go
/**列級資料加密和解密.MSSQL提供以下4對加密/解密函數對列資料加密
EncryptByCert() 和DecryptByCert()—利用認證對資料進行加密和解密
EncryptByAsymKey() and DecryptByAsymKey()—利用非對稱金鑰對資料進行加密和解密
EncryptByKey() and DecryptByKey()—利用對稱金鑰對資料進行加密和解密
EncryptByPassphrase() and DecryptByPassphrase()—利用密碼欄位產生對稱金鑰對資料進行加密和解密
注意:被加密和解密的資料,必需是varbinary類型
**/
--以ENCRYPTBYKEY為例,其它的大同小異
--對***號IDN進行加密和解密
create table tb(IDN int,Name varchar(20)); insert into tb values (123456789,‘BigBrother‘),(090807001,‘SpiderMan‘),(336655789,‘SuperMan‘) go
--新增列Ency_IDN儲存加密資料,使用之前由非對稱金鑰密碼編譯的對稱金鑰symc_key_enc_byAsyc來加密資料
alter table tb add Ency_IDN varbinary(128); go open symmetric key symc_key_enc_byAsyc decryption by asymmetric key asyc_key_enc with password=N‘[email protected]‘; update tb set Ency_IDN=ENCRYPTBYKEY(KEY_GUID(‘symc_key_enc_byAsyc‘),CONVERT(Varbinary,IDN));--加密前要轉成varbinary close symmetric key symc_key_enc_byAsyc --顯式關閉對稱金鑰 go
--解密被加密的列資料
open symmetric key symc_key_enc_byAsyc decryption by asymmetric key asyc_key_enc with password=N‘[email protected]‘; select IDN,Ency_IDN,convert(int,DECRYPTBYKEY(Ency_IDN))as Decr_IDN from tb; close symmetric key symc_key_enc_byAsyc --顯式關閉對稱金鑰 go
本文出自 “Joe TJ” 部落格,請務必保留此出處http://joetang.blog.51cto.com/2296191/1680238
SQL Server 加密功能執行個體
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
