我使用下一个代码创建SQL加密密钥
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<Pass>'
CREATE CERTIFICATE MyEncryptCert WITH SUBJECT = 'Descryption', EXPIRY_DATE = '2115-1-1'
CREATE SYMMETRIC KEY MySymmetricKey WITH ALGORITHM = AES_256 ENCRYPTION BY CERTIFICATE MyEncryptCert
我如何加密数据
OPEN SYMMETRIC KEY MySymmetricKey DECRYPTION BY CERTIFICATE MyEncryptCert
SET @Result = ENCRYPTBYKEY(KEY_GUID('MySymmetricKey'), '<String to encrypt>')
CLOSE SYMMETRIC KEY MySymmetricKey
我能够备份数据库主密钥和证书。
BACKUP MASTER KEY TO FILE = 'c:\temp\key' ENCRYPTION BY PASSWORD = '<Pass>';
BACKUP CERTIFICATE MyEncryptCert TO FILE = 'c:\temp\cert' WITH PRIVATE KEY(ENCRYPTION BY PASSWORD='<Pass>', FILE='C:\temp\cert.pvk')
但是我不能备份对称密钥。没有它,如果我将加密表移至另一个数据库,则无法解密加密数据。
有什么解决办法吗?
PS我尝试了下一个代码,但对我来说似乎并不安全,因为如果您知道KEY_SOURCE和IDENTITY_VALUE,则实际上不需要原始的数据库主密钥和证书即可解密数据 …