内容摘要:SQL Server 2005一个令人激动的特性是内置了加密的功能。在这个新版的SQL Server中,开发团队直接在T-SQL中加入了加密工具、证书创建和密钥管理的功能。对于因为法律要求或商业需求而需要加密表中的数据的人来说,这是一个好礼物。对于犹豫是否用加密来保证数据安全的人来说,做决定也更容易了。这篇文章介绍新的加密功能是怎么工作,怎么使用。
Key_GUID( 'Key_Name' )
EncryptByKey的语法为:
EncryptByKey( key_GUID, { 'cleartext' | @cleartext }
[ , { add_authenticator | @add_authenticator }
, { authenticator | @authenticator } ]
)
Key_GUID是对称密钥的GUID,cleartext为明文,Add_authenticator和authenticator指示是否使用验证器来禁止对加密字段进行整个值替换。
DecryptByKey做EncryptByKey相反的事情,它解密先前使用EncryptByKey加密的数据。语法为:
DecryptByKey( { 'ciphertext' | @ciphertext }
[ , add_authenticator
, { authenticator | @authenticator } ]
)
Ciphertext是密文。Add_authenticator,authenticator,如果指定,必须和先前EncryptByKey时指定相同的值。DecryptByKey不需要你显示指定对称密钥的GUID。但使用的对称密钥必须已经在当前数据库中打开。OPEN SYMMETRIC KEY用来打开对称密钥。
下面的代码演示使用对称密钥来加密和解密。
-- Use the AdventureWorks database
USE AdventureWorks;
-- Create a Database Master Key
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'p@ssw0rd';
-- Create a Temp Table
CREATE TABLE Person.#Temp
(ContactID INT PRIMARY KEY,
FirstName NVARCHAR(200),
MiddleName NVARCHAR(200),
LastName NVARCHAR(200),
eFirstName VARBINARY(200),
eMiddleName VARBINARY(200),
eLastName VARBINARY(200));
-- Create a Test Certificate
CREATE CERTIFICATE TestCertificate
WITH SUBJECT = 'Adventureworks Test Certificate',
EXPIRY_DATE = '10/31/2009';
-- Create a Symmetric Key
CREATE SYMMETRIC KEY TestSymmetricKey
WITH ALGORITHM = TRIPLE_DES
ENCRYPTION BY CERTIFICATE TestCertificate;
OPEN SYMMETRIC KEY TestSymmetricKey
DECRYPTION BY CERTIFICATE TestCertificate;
-- EncryptByKey demonstration encrypts 100 names from the Person.Contact table
INSERT
INTO Person.#Temp (ContactID, eFirstName, eMiddleName, eLastName)
SELECT ContactID,
EncryptByKey(Key_GUID('TestSymmetricKey'), FirstName),
EncryptByKey(Key_GUID('TestSymmetricKey'), MiddleName),
EncryptByKey(Key_GUID('TestSymmetricKey'), LastName)
FROM Person.Contact
WHERE ContactID <= 100;
-- DecryptByKey demonstration decrypts the previously encrypted data
UPDATE Person.#Temp
SET FirstName = DecryptByKey(eFirstName),
MiddleName = DecryptByKey(eMiddleName),
LastName = DecryptByKey(eLastName);
-- View the results
SELECT *
FROM Person.#Temp;
-- Clean up work: drop temp table, symmetric key, test certificate and master key
DROP TABLE Person.#Temp;
CLOSE SYMMETRIC KEY TestSymmetricKey;
DROP SYMMETRIC KEY TestSymmetricKey;
DROP CERTIFICATE TestCertificate;
DROP MASTER KEY;
4.结论
SQL Server内置了用来加密敏感数据的密钥、证书等函数。使用这个功能可以极大的增加数据库和应用的安全性。
作者:Michael Coles 责编:豆豆技术应用