SQL Server中加密是层级的,每一个上层为下提供保护。如图:
实例:
create master key encryption by password=N'Passw0rd'
go
--1.创建非对称密钥.
create asymmetric key asyc_key_enc with algorithm=RSA_1024 encryption by password=N'Pass@word' go
--2.创建对称密钥.
create symmetric key symc_key_enc with algorithm=Triple_DES encryption by password=N'Pass@word' go
--3.创建证书.证书也可被其它方式保护
create certificate cert_ENC with subject='certificate for ENC',expiry_date='20990101' go
--4.对称密钥可由以上三种方式提供加密保护
--4.1 由非对称密钥加密
create symmetric key symc_key_enc_byAsyc with algorithm=AES_128 encryption by asymmetric key asyc_key_enc go
--4.2 由对称密钥加密
open symmetric key symc_key_enc decryption by password=N' Pass@word'; create symmetric key symc_key_enc_bySymc with algorithm = DES encryption by symmetric key symc_key_enc go
--4.3 由证书加密
create symmetric key symc_key_enc_byCert with algorithm =AES_128 encryption by certificate cert_ENC go
--以ENCRYPTBYKEY为例,其它的大同小异
--对***号IDN进行加密和解密
create table tb(IDN int,Name varchar(20)); insert into tb values (123456789,'BigBrother'),(090807001,'SpiderMan'),(336655789,'SuperMan') go
--新增列Ency_IDN存储加密数据,使用之前由非对称密钥加密的对称密钥symc_key_enc_byAsyc来加密数据
alter table tb add Ency_IDN varbinary(128);
go
open symmetric key symc_key_enc_byAsyc
decryption by asymmetric key asyc_key_enc
with password=N'
Pass@word';
update tb
set Ency_IDN=ENCRYPTBYKEY(KEY_GUID('symc_key_enc_byAsyc'),ConVERT(Varbinary,IDN));--加密前要转成varbinary
close symmetric key symc_key_enc_byAsyc --显式关闭对称密钥
go
--解密被加密的列数据
open symmetric key symc_key_enc_byAsyc decryption by asymmetric key asyc_key_enc with password=N' Pass@word'; select IDN,Ency_IDN,convert(int,DECRYPTBYKEY(Ency_IDN))as Decr_IDN from tb; close symmetric key symc_key_enc_byAsyc --显式关闭对称密钥 go 1
以上就是本文的全部内容,希望对大家的学习有所帮助。
