码迷,mamicode.com
首页 > 数据库 > 详细

sql server透明数据加密

时间:2015-01-29 14:24:35      阅读:182      评论:0      收藏:0      [点我收藏+]

标签:

一,加密过程

(1)切换到master下:

use master;

(2)根据一段自定义密码创建主密钥:
CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘密码‘;

(3)创建主密钥证书,主题任意填:
CREATE CERTIFICATE 证书名 WITH SUBJECT = ‘测试主题‘;

(4)切换到要加密的库下:

use 用户数据库;

(5)根据加密算法和证书创建数据库密钥:
CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_128 ENCRYPTION BY SERVER CERTIFICATE 证书名;

(6)开启该库的加密状态:
ALTER DATABASE 用户数据库 SET ENCRYPTION ON;

------------------------------------------------------------------

二,备份和还原

(1)备份主密钥在指定目录中:
BACKUP MASTER KEY TO FILE = ‘d:\storedkeys\weifang\masterkey‘ ENCRYPTION BY PASSWORD = ‘密码‘

(2)备份证书:
BACKUP CERTIFICATE 证书名 TO FILE = ‘d:\storedcerts\weifang\sdjslcert‘; :


(3)还原master key:

use master
RESTORE MASTER KEY FROM FILE = ‘d:\storedkeys\weifang\masterkey‘
DECRYPTION BY PASSWORD = ‘密码‘
ENCRYPTION BY PASSWORD = ‘密码‘;

--因为我这里还留有原来的证书,所以会提示如下信息:
--The old and new master keys are identical. No data re-encryption is required.

(4)还原证书
CREATE CERTIFICATE 证书名
FROM FILE = ‘d:\storedcerts\sdjslcert‘
GO
--因为证书已经存在,所以提示如下信息:
--A certificate with name ‘MyServerCert2‘ already exists or this certificate already has been added to the database.
--需要注意的是证书并不是按照证书名来区分的。我原来的证书名叫做MyServerCert,此处创建的证书名为MyServerCert2,但是是来自MyServerCert的一个备份,还是报错。

 

sql server透明数据加密

标签:

原文地址:http://www.cnblogs.com/sunyt/p/4259571.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!