Bar*_*SIH 19 security sql-server encryption transparent-data-encryption
使用什么证书来加密实例上的每个数据库。
我可以使用以下方法获取数据,但如何编写查询
USE master
GO
-- this provides the list of certificates
SELECT * FROM sys.certificates
-- this provides the list of databases (encryption_state = 3) is encrypted
SELECT * FROM sys.dm_database_encryption_keys
WHERE encryption_state = 3;
我注意到 sys.certifcates.thumbprint 和 sys.dm_database_encryption_keys.encryptor_thumbprint 列包含相同的数据。
Tho*_*ger 24
您可以通过证书指纹加入:
use master;
go
select
database_name = d.name,
dek.encryptor_type,
cert_name = c.name
from sys.dm_database_encryption_keys dek
left join sys.certificates c
on dek.encryptor_thumbprint = c.thumbprint
inner join sys.databases d
on dek.database_id = d.database_id;
我的示例输出:
database_name encryptor_type cert_name
============= ============== =========
tempdb ASYMMETRIC KEY NULL
AdventureWorks2012TDE CERTIFICATE TdeCert
对于更深入的查询,显示哪些数据库已加密或未加密、其证书以及重要的是加密设置是否已实际完成。加密有时可能需要很长时间才能完成或陷入困境。
SELECT D.name AS 'Database Name'
,c.name AS 'Cert Name'
,E.encryptor_type AS 'Type'
,case
when E.encryption_state = 3 then 'Encrypted'
when E.encryption_state = 2 then 'In Progress'
else 'Not Encrypted'
end as state,
E.encryption_state, E.percent_complete, E.key_algorithm, E.key_length, E.* FROM sys.dm_database_encryption_keys E
right join sys.databases D on D.database_id = E.database_id
left join sys.certificates c ON E.encryptor_thumbprint=c.thumbprint
| 归档时间: |
|
| 查看次数: |
58507 次 |
| 最近记录: |