sql server透明数据加密

一,加密过程

(1)切换到master下:

use master;

(2)根据一段自定义密码创建主密钥:
CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘密码‘;

(3)创建主密钥证书,主题任意填:
CREATE CERTIFICATE 证书名 WITH SUBJECT = ‘测试主题‘;

(4)切换到要加密的库下:

use 用户数据库;

(5)根据加密算法和证书创建数据库密钥:
CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_128 ENCRYPTION BY SERVER CERTIFICATE 证书名;

(6)开启该库的加密状态:
ALTER DATABASE 用户数据库 SET ENCRYPTION ON;

------------------------------------------------------------------

二,备份和还原

(1)备份主密钥在指定目录中:
BACKUP MASTER KEY TO FILE = ‘d:\storedkeys\weifang\masterkey‘ ENCRYPTION BY PASSWORD = ‘密码‘

(2)备份证书:
BACKUP CERTIFICATE 证书名 TO FILE = ‘d:\storedcerts\weifang\sdjslcert‘; :


(3)还原master key:

use master
RESTORE MASTER KEY FROM FILE = ‘d:\storedkeys\weifang\masterkey‘
DECRYPTION BY PASSWORD = ‘密码‘
ENCRYPTION BY PASSWORD = ‘密码‘;

--因为我这里还留有原来的证书,所以会提示如下信息:
--The old and new master keys are identical. No data re-encryption is required.

(4)还原证书
CREATE CERTIFICATE 证书名
FROM FILE = ‘d:\storedcerts\sdjslcert‘
GO
--因为证书已经存在,所以提示如下信息:
--A certificate with name ‘MyServerCert2‘ already exists or this certificate already has been added to the database.
--需要注意的是证书并不是按照证书名来区分的。我原来的证书名叫做MyServerCert,此处创建的证书名为MyServerCert2,但是是来自MyServerCert的一个备份,还是报错。

 

郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。