在 SQL Server 2008 中加密数据库表
我有一个使用 SQL Server 2008 数据库的 Windows 应用程序.
I have a Windows application using a database in SQL Server 2008.
我不希望用户看到数据库表.
I do not want users to see the database tables.
如何加密我的数据库中的表?
How can I encrypt tables in my database?
推荐答案
这里有不同的选择.
您可以对数据使用对称加密:
You can use symmetric encryption for your data:
创建表销售 (...)
CREATE TABLE sales ( ... )
创建对称密钥:
CREATE CERTIFICATE cert_sales WITH SUBJECT = N'Sales certificate',
START_DATE = N'2009-01-01', EXPIRY_DATE = N'2018-12-31';
CREATE SYMMETRIC KEY symkey_sales WITH ALGORITHM = AES_256
ENCRYPTION BY CERTIFICATE cert_sales
加密数据:
TRUNCATE TABLE sales;
OPEN SYMMETRIC KEY symkey_sales DECRYPTION BY CERTIFICATE cert_sales;
INSERT INTO sales() SELECT a, ENCRYPTBYKEY(Key_Guid(N'symkey_sales'), B) FROM T2;
CLOSE SYMMETRIC KEY symkey_sales;
解密数据:
OPEN SYMMETRIC KEY symkey_sales DECRYPTION BY CERTIFICATE cert_sales;
SELECT a, CAST(DecryptByKey(B) as nvarchar(100)) FROM sales;
CLOSE SYMMETRIC KEY symkey_sales;
- 您可以对数据使用非对称加密
- 您可以使用透明数据加密来加密所有数据库文件:
- You can use asymmetric encryption for your data
- You can use Transparrent Data Encryption for encrypt all database files:
- 您可以使用 BitLocker - 完整的卷加密
创建主密钥:
USE master
go
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'My$Strong$Password$123'
创建证书:
CREATE CERTIFICATE DEK_EncCert WITH SUBJECT = 'DEK Encryption Certificate'
创建 DEK:
USE MySecretDB
go
CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_256
ENCRYPTION BY SERVER CERTIFICATE DEK_EncCert
开启加密:
ALTER DATABASE MySecretDB SET ENCRYPTION ON
相关文章