tags:

views:

22

answers:

1
+1  Q: 

How to use secure encryption of an existing column in SQL Server 2005

I want to encrypt an existing column in SQL Server 2005, using an UPDATE statement, moving the old content into the new encrypted column.

So I have 2 choices: Symmetric and Asymmetric.

The issue I have is that with a symmetric key, I have to embed the password into an SP in order to read the column like:

-- Create key (at some earlier point)
create symmetric key sk_user_profile with algorithm = aes_192 encryption by password = 'P@ssword!!';

-- Now encrypt the contents
-- open the key so that we can use it
open symmetric key sk_user_profile decryption by password = 'P@ssword!!';

UPDATE users
SET password_enc = encryptbykey(key_guid('sk_user_profile'), password_plain, 1, user_id)

close symmetric key sk_user_profile

Now if I want to select the data, I still have to re-open the key with

open symmetric key sk_user_profile decryption by password = 'P@ssword!!';

Which is defeating the point isn't it, as I am embedding a plain-text password within a stored procedure.

Some questions

  1. Is there any way around this - i.e. creating a certificate with this password and then referring to the certificate instead?
  2. Would this certificate have to be purchased (like SSL), or can I create my own?
  3. Is this method scalable across fail-over clustered databases, i.e. the encryption is not based on the machine, only the password provided. Therefore failover can still read the passwords

Thanks for your help

+1  A: 

Basically what you need to do is this:

create certificate MyEncryptionCertificate with subject = 'MyCertificate'

create symmetric key MySymmetricKey with algorithm = aes_256 encryption by certificate MyEncryptionCertificate

And then:

open symmetric key MySymmetricKey decryption by certificate MyEncryptionCertificate

select encryptbykey(key_guid('MySymmetricKey'), 'tada')) EncryptedMessage

I hope this blog will help you along the way.

SQL SERVER – Introduction to SQL Server Encryption and Symmetric Key Encryption Tutorial with Script

And also this blog entry, which deals specifically with certificates in a failover environment.

Solution Using Certificates Authentication on Production Servers

Denis Valeev  2010-09-15 18:25:37
Pinal Dave!! Why didn't I think of that! I was hoping there was a way to generate the certificate from a password. However, will this work across a clustered environments. So Web -> Failover Cluster -> (DB1/DB2)
Dominic Zukiewicz  2010-09-16 09:23:34
@Dominic Zukiewicz You didn't read my message to the end. :)
Denis Valeev  2010-09-16 11:15:56

related questions

SQL Server, convert a named instance to default instance?
Natural (human alpha-numeric) sort in Microsoft SQL 2005
In MS SQL Server 2005, is there a way to export, the complete maintenance plan of a database as a SQL Script?
Does ReadUncommitted imply NoLock
Query to list all tables that contain a specific column with SQL Server 2005.
Can I maintain state between calls to a SQL Server UDF?
What are the benefits of using partitions with the Enterprise edition of SQL 2005
Upgrading Sharepoint 3.0 to SQL 2005 Backend?
What's the simplest way to execute a query in Visual C++
Can you perform an AND search of keywords using FREETEXT() on SQL Server 2005?
Create a database from another database?
What's the fastest way to bulk insert a lot of data in SQL Server (C# client)
SQL 2005 Book For Optimization Techniques
How do I create a mapping table in SQL Server Management Studio?
Cannot Add a Sql Server Login
SQL Server 2005 - Export table programatically (run a .sql file to rebuild it)
Diagnosing Deadlocks in SQL Server 2005
SQL2005: Linking a table to multiple tables and retaining Ref Integrity?
How to create a new instance of Sql Server 2005
SQL Server 2008 vs 2005 Linq integration
How do you kill all current connections to a SQL Server 2005 database?
Conditional Visibility and Page Breaks with SQL Server 2005 Reporting Services
SQL Server 2005 and 2008 on same developer machine?
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting