比较加密的银行帐户详细信息,无需完全解密

时间:2015-01-22 17:40:01

标签: sql sql-server sql-server-2008-r2 encryption-symmetric sensitive-data

我正在构建一个存储员工信息的数据库,包括银行帐户详细信息。存储银行账户详细信息,以便我们可以使用我们的公司检查当前或过去的员工,在我们的情况下,这可能是担心欺诈的原因。我一直在MSDN和其他地方阅读SQL Server 2008 R2 Encrption和Decryption,并提出了以下示例脚本:

IF NOT EXISTS(SELECT * FROM sys.symmetric_keys WHERE symmetric_key_id = 101)
    CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'BankDetai!5'
GO

CREATE CERTIFICATE Employees_01 WITH SUBJECT = 'Employee Bank Account Details'
GO

CREATE SYMMETRIC KEY AccountNos_01
    WITH ALGORITHM = AES_256
    ENCRYPTION BY CERTIFICATE Employees_01
GO

CREATE TABLE #Bank_Accounts
( Id            INT IDENTITY(1,1)   NOT NULL    CONSTRAINT PK_BankAccount_Id PRIMARY KEY CLUSTERED (Id ASC)
 ,AccountNumber VARBINARY(128)      NOT NULL
 ,BankName      NVARCHAR(255)       NOT NULL
 ,CountryCode   VARCHAR(2)          NOT NULL
 ,CreateDate    DATETIME2(0)        NOT NULL
 ,EmployeeId    INT                 NOT NULL
 ,IsActive      BIT                 NOT NULL
 ,SortCode      VARBINARY(128)      NOT NULL
);

OPEN SYMMETRIC KEY AccountNos_01
    DECRYPTION BY CERTIFICATE Employees_01;

CREATE TABLE #SampleBankAccounts
( Id INT IDENTITY(1,1)
 ,AccountNumber VARCHAR(255)
 ,BankName      NVARCHAR(255)
 ,CountryCode   VARCHAR(2)
 ,EmployeeId    INT NOT NULL
 ,IsActive      BIT
 ,SortCode      VARCHAR(255))

INSERT #SampleBankAccounts
SELECT * FROM
(   SELECT
         '123456789'    AccountNo
        ,'Barclays'     BankName
        ,'US'           Country
        ,1              Employee
        ,1              IsActive
        ,'12-34-56'     SortCode
UNION
    SELECT
         '9876543210'
        ,'Barclays'
        ,'US'
        ,1
        ,0
        ,'12-34-56'
UNION
    SELECT
         '111111111111'
        ,'HSBC'
        ,'UK'
        ,2
        ,1
        ,'222222'
UNION
    SELECT
         'IBAN 123 456 9875 3215'
        ,'Nationwide'
        ,'ES'
        ,3
        ,1
        ,'00_gn321654'
)AS Samples
ORDER BY Employee

MERGE #Bank_Accounts        AS Target
USING #SampleBankAccounts   AS Source   ON Target.EmployeeId = Source.EmployeeId
                                            AND Source.AccountNumber = Target.AccountNumber
                                            AND Source.BankName = Target.BankName
                                            AND Source.CountryCode = Target.CountryCode
                                            AND Source.SortCode = Target.SortCode
WHEN NOT MATCHED
    THEN INSERT (AccountNumber, BankName,CountryCode,CreateDate,EmployeeId,IsActive,SortCode)
        VALUES (
             ENCRYPTBYKEY(KEY_GUID('AccountNos_01'),Source.AccountNumber)
            ,Source.BankName
            ,Source.CountryCode
            ,GETDATE()
            ,Source.EmployeeId
            ,Source.IsActive
            ,ENCRYPTBYKEY(KEY_GUID('AccountNos_01'),Source.SortCode));
GO


DROP TABLE #SampleBankAccounts

这似乎工作正常,但现在我需要采取一个变量,例如@AccountNo并查看它是否与我们存储的任何银行帐户相匹配(我很可能会使用存储过程)。如果可能的话,我宁愿在任何脚本中避免解密,所以我想知道是否有可能加密@AccountNo变量然后比较它,所以我们可能会看到匹配:

DECLARE @MyTestBankAccount NVARCHAR(255) = '123456789'
DECLARE @MyEncryptedTestBankAccount VARBINARY(128)

OPEN SYMMETRIC KEY AccountNos_01
    DECRYPTION BY CERTIFICATE Employees_01;

SELECT @MyEncryptedTestBankAccount = ENCRYPTBYKEY(KEY_GUID('AccountNos_01'),@MyTestBankAccount)

SELECT
     AccountNumber
    ,EmployeeId
FROM Bank_Accounts
WHERE
    @MyEncryptedTestBankAccount = AccountNumber

这不起作用;如您所见,我使用了表中应存在的帐号,但未返回任何结果。我试图解密帐号列并将其与变量进行比较,但是我收到了大量的汉字(很像this question),并且它们与通过加密和解密创建的字符不匹配变量,因此对于匹配不起作用......

那么为什么以下查询(使用上面的数据)没有给我帐户详细信息的加密和解密值?我可以使用此方法根据给定的银行帐户搜索员工银行帐户吗?

OPEN SYMMETRIC KEY AccountNos_01
    DECRYPTION BY CERTIFICATE Employees_01;
SELECT
     AccountNumber                                  AS Encrypted_AccountNo
    ,EmployeeId                                     AS EmployeeId
    ,CONVERT(NVARCHAR,DECRYPTBYKEY(AccountNumber))  AS Decrypted_AccountNo
FROM Bank_Accounts

1 个答案:

答案 0 :(得分:0)

所以我找到了答案:退出SQL Server并重新输入。

必须更新某些东西才能正常工作,因为现在一切都很好。

  

〜温柔的尖叫〜

相关问题
最新问题