tailieunhanh - Hướng dẫn học Microsoft SQL Server 2008 part 125

Đối với hầu hết các ứng dụng, bạn sẽ muốn mã hóa dữ liệu khi nó đi vào cơ sở dữ liệu và giải mã nó như là nó được chọn. Nếu bạn muốn di chuyển dữ liệu đến một máy chủ khác và giải mã nó ở đó, sau đó cả hai máy chủ phải có chìa khóa giống hệt nhau. Để tạo ra key giống nhau trên hai máy chủ, chìa khoá phải được tạo ra với cùng một thuật toán, identity_value, và key_phrase. | Part VII CreditCardNumber Expires FROM CCard WHERE CustomerlD 7 Result CCardID CustomerlD CreditCardNumber Expires ------------ -------------- ---------------------------- ------- 3 7 11112222333344445555 0808 It s a good practice to close the key after the transaction CLOSE SYMMETRIC KEY CCardKey For most applications you ll want to encrypt the data as it goes into the database and decrypt it as it is selected. If you want to move the data to another server and decrypt it there then both servers must have identical keys. To generate the same key on two servers the key must be created with the same algorithm i dentity_value and key_phrase. Using asymmetric keys Using asymmetric keys involves encrypting and decrypting with matching private and public keys. Generating an asymmetric key is similar to generating a symmetric key CREATE ASYMMETRIC KEY AsyKey WITH ALGORITHM RSA_512 ENCRYPTION BY PASSWORD P@s w0rD SQL Server supports RSA_512 RSA_1024 and RSA_2048 algorithms for public-key cryptography as possible asymmetric algorithms. The difference is the bit length of the private key. Asymmetric keys can also be generated from existing key files CREATE ASYMMETRIC KEY AsyKey FROM FILE C SQLServerBible ENCRYPTION BY PASSWORD P@s w0rD Encrypting and decrypting data with an asymmetric key is very similar to using symmetric keys except that the key doesn t need to be open in order to be used. Using certificates Certificates are typically used to encrypt data over the web for HTTPS endpoints. SQL Server includes certificates as they fit into some companies security standards. Certificates are typically obtained from a certificate authority such as VeriSign or Thawte. 1202 Data Cryptography 51 Transparent Data Encryption Data encryption is great but what if the thief simply steals the whole server Few shops encrypt every column. With enough time and hacker s utilities eventually they will gain access to the disk. Using a hex editor the data in .