Yes*_*ses 2 sql sql-server encryption aes x509certificate
我正在尝试加密SQL Server表中的一个敏感列.我用这个脚本尝试了AES256加密,它完美无缺.但我不想在我的SQL Server上创建证书或对称密钥,因为它可能会在以后出现安全问题.如何在查询中使用单个密码或密钥加密数据?这种方法的另一个问题是,我只能使用一个主密码进行加密.
CREATE MASTER KEY ENCRYPTION
BY PASSWORD = '$Passw0rd'
GO
CREATE CERTIFICATE AESEncryptTestCert
WITH SUBJECT = 'AESEncrypt'
GO
CREATE SYMMETRIC KEY AESEncrypt
WITH ALGORITHM = AES_256 ENCRYPTION -- TRIPLE_DES ENCRYPTION
BY CERTIFICATE AESEncryptTestCert;
OPEN SYMMETRIC KEY AESEncrypt DECRYPTION
BY CERTIFICATE AESEncryptTestCert
SELECT ENCRYPTBYKEY(KEY_GUID('AESEncrypt'),'The text to be encrypted');
您可以使用EncryptByPassPhrase和DecryptByPassPhrase,例如:
DECLARE @CypherText varbinary(8000)
DECLARE @ClearText varchar(128) = 'Text to encrypt'
SET @CypherText = EncryptByPassPhrase ('MyP@ssword123', @ClearText)
DECLARE @DecryptedText varchar(128)
SET @DecryptedText = DecryptByPassPhrase('MyP@ssword123', @CypherText)
SELECT @CypherText AS CypherText, @DecryptedText As DecryptedText
编辑: 上面的代码生成以下输出
+----------------------------------------------------------------------------+-----------------+
| CypherText | DecryptedText |
+----------------------------------------------------------------------------+-----------------+
| 0x01000000F1D813F399246484FDA8D7C7D22BFBCF748D3F6033D4E9980FCDC58A387A1A93 | Text to encrypt |
+----------------------------------------------------------------------------+-----------------+