This could come be handy to know, encrypting sensitive data (at cell level) in SQL-Server.
- Source: Basit Farooq (http://basitaalishan.com/) - http://www.sqlmag.com/article/sql-server/sql-server-encryption-144904
His article goes into a lot of good details, but here is a small recap on how:
Demo on creating Symmetric Keys using Asymmetric Keys:
Demo on Creating Symmetric Keys using Certificate:
Note:
He states that cell level may not be an option because of schema changes are necessary for the encrypted field to be varbinary format. Instead use Transparent Data Encryption.
- Source: Basit Farooq (http://basitaalishan.com/) - http://www.sqlmag.com/article/sql-server/sql-server-encryption-144904
His article goes into a lot of good details, but here is a small recap on how:
Demo on creating Symmetric Keys using Asymmetric Keys:
Code Snippet
- --DEMO ON CREATING SYMETRIC KEYS
- --ENCRYPTING USING ASYMMETRIC KEY
- USE [master]
- GO
- --Create Database
- CREATE DATABASE [EncryptedDB]
- GO
- USE [EncryptedDB]
- GO
- --Create Table
- CREATE TABLE [dbo].[CreditCardInformation]
- (
- [PersonID] [int] PRIMARY KEY,
- [CreditCardNumber] [varbinary](max)
- )
- GO
- --Create Database Master Key (DMK)
- CREATE MASTER KEY ENCRYPTION BY PASSWORD = '$tr0nGPa$$w0rd'
- GO
- --Create asymmetic key encrypted by passphase
- CREATE ASYMMETRIC KEY MyAsymmetricKey
- WITH ALGORITHM = RSA_2048
- ENCRYPTION BY PASSWORD = 'StrongPa$$w0rd!'
- GO
- --Create symmetric key using asymetric encryption
- CREATE SYMMETRIC KEY MySymmetricKey
- WITH ALGORITHM = AES_256
- ENCRYPTION BY ASYMMETRIC KEY MyAsymmetricKey
- GO
- --Open symmetric key and use asymmetric for it's decryption
- OPEN SYMMETRIC KEY MySymmetricKey
- DECRYPTION BY ASYMMETRIC KEY MyAsymmetricKey
- WITH PASSWORD = 'StrongPa$$w0rd!'
- GO
- --Verify key is open
- SELECT * FROM [sys].[openkeys]
- --Insert Credit Card Info into Table, encrypting it using symetric key
- DECLARE @SymmetricKeyGUID AS [uniqueidentifier]
- SET @SymmetricKeyGUID = KEY_GUID('MySymmetricKey')
- IF(@SymmetricKeyGUID IS NOT NULL)
- BEGIN
- INSERT INTO dbo.CreditCardInformation VALUES (01,ENCRYPTBYKEY(@SymmetricKeyGUID, N'9876-1234-8765-4321'))
- INSERT INTO dbo.CreditCardInformation VALUES (02,ENCRYPTBYKEY(@SymmetricKeyGUID, N'9876-8765-8765-1234'))
- INSERT INTO dbo.CreditCardInformation VALUES (03,ENCRYPTBYKEY(@SymmetricKeyGUID, N'9876-1234-1111-2222'))
- END
- --View Table all cc info is in binary format
- SELECT * FROM dbo.CreditCardInformation
- --Use decryptbykey to view data
- SELECT
- [PersonID],
- CONVERT([nvarchar](32),DECRYPTBYKEY(CreditCardNumber)) AS CreditCardNumber
- FROM [dbo].[CreditCardInformation]
- GO
Demo on Creating Symmetric Keys using Certificate:
Code Snippet
- --CREATE Symmetric Key
- --Using Certificate
- USE [EncryptedDB]
- GO
- -- Create the certificate.
- CREATE CERTIFICATE [CertToEncryptSymmetricKey]
- WITH SUBJECT = 'Self-signed certificate to encrypt symmetric key.'
- -- Create a symmetric key that's encrypted
- -- with the certificate.
- CREATE SYMMETRIC KEY [SymmetricKeyEncryptedWithCert]
- WITH ALGORITHM = AES_256
- ENCRYPTION BY CERTIFICATE [CertToEncryptSymmetricKey]
- -- Open the symmetric key.
- OPEN SYMMETRIC KEY [SymmetricKeyEncryptedWithCert]
- DECRYPTION BY CERTIFICATE [CertToEncryptSymmetricKey]
- -- Truncate the CreditCardInformation table.
- TRUNCATE TABLE [dbo].[CreditCardInformation]
- -- Insert the data into the table.
- DECLARE @SymmetricKeyGUID AS [uniqueidentifier]
- SET @SymmetricKeyGUID =
- KEY_GUID('SymmetricKeyEncryptedWithCert')
- IF (@SymmetricKeyGUID IS NOT NULL)
- BEGIN
- INSERT INTO [dbo].[CreditCardInformation] VALUES (01, ENCRYPTBYKEY(@SymmetricKeyGUID,N'9876-1234-8765-4321'))
- INSERT INTO [dbo].[CreditCardInformation] VALUES (02, ENCRYPTBYKEY(@SymmetricKeyGUID,N'9876-8765-8765-1234'))
- INSERT INTO [dbo].[CreditCardInformation] VALUES (03, ENCRYPTBYKEY(@SymmetricKeyGUID,N'9876-1234-1111-2222'))
- END
- --View data in table
- SELECT * FROM [dbo].[CreditCardInformation]
- --Use decryptbykey to view data
- SELECT
- [PersonID],
- CONVERT([nvarchar](32),DECRYPTBYKEY(CreditCardNumber)) AS CreditCardNumber
- FROM [dbo].[CreditCardInformation]
- GO
Note:
He states that cell level may not be an option because of schema changes are necessary for the encrypted field to be varbinary format. Instead use Transparent Data Encryption.
No comments:
Post a Comment