我想在列上强制执行唯一约束,该列必须使用Cell Level Encyption(CLE)在MSSQL 2005中加密。
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'itsaSECRET!!!3£3£3£!!!'
CREATE CERTIFICATE ERCERT WITH SUBJECT = 'A cert for use by procs'
CREATE SYMMETRIC KEY ERKEY
WITH ALGORITHM = AES_256
ENCRYPTION BY CERTIFICATE ERCERT
-- This illustrates the point.
-- The results differ
DECLARE @TempTable TABLE
(
[Email] [varbinary](254) UNIQUE NOT NULL
)
OPEN SYMMETRIC KEY ERKEY DECRYPTION BY CERTIFICATE ERCERT
insert into @TempTable(Email) VALUES(EncryptByKey(Key_GUID('ERKEY'), N'duplicate'))
insert into @TempTable(Email) VALUES(EncryptByKey(Key_GUID('ERKEY'), N'duplicate'))
insert into @TempTable(Email) VALUES(EncryptByKey(Key_GUID('ERKEY'), N'duplicate'))
CLOSE SYMMETRIC KEY ERKEY
select * from @TempTable
输出明显表明约束为什么没有'已被执行。 (请原谅我的ascii-art的精彩。)
Email
-------
1 | 0x00703529AF46D24BA863A3534260374E01000000328909B51BA44A49510F24DF31C46F2E30977626D96617E2BD13D9115EB578852EEBAE326B8F3E2D422230478A29767C
2 | 0x00703529AF46D24BA863A3534260374E01000000773E06E1B53F2C57F97C54370FECBB45BC8A154FEA5CEEB9B6BB1133305282328AAFAD65B9BDC595F0006474190F6482
3 | 0x00703529AF46D24BA863A3534260374E01000000C9EDB1C83B52E60598038D832D34D75867AB0ABB23F9044B7EBC76832F22C432A867078D10974DC3717D6086D3031BDB
但是,我该如何解决这个问题?
答案 0 :(得分:1)
通常,您可以使用"确定性加密",例如,AES ECB模式或AES-SIV。但由于您处于SQL Server加密的限制范围内,因此您必须找到另一种方法。这是一篇讨论该问题的旧帖子:http://blogs.msdn.com/b/raulga/archive/2006/03/11/549754.aspx。这是一篇较新的帖子,提到SQL Server 2016将支持确定性加密:http://www.brentozar.com/archive/2015/05/sql-server-2016-security-roadmap-session-notes-msignite/,这正是您所寻找的。