由于我们将来会在数据库中存储一些敏感文件,我们希望加密它们。我们仍然在Filestream和Varbinary之间犹豫不决,尽管我们倾向于使用Varbinary。我发现此链接很有用:file stream vs local save in sql server?
我现在唯一能看到的方法是将Varbinary转换为字符串并使用以下函数加密它:Encrypting & Decrypting a String in C#
有没有更好的可能性?
答案 0 :(得分:0)
VARBINARY类型类似于VARCHAR类型,但存储二进制字节字符串而不是非二进制字符串。
尝试使用SQL Server证书和非对称密钥,这是使用证书以及私钥和公钥加密数据的最安全方式。 如需进一步说明,您可以访问以下链接:
答案 1 :(得分:0)
-选项1
-- Create master key pw
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '3aog57q15d4Ldsase445wsd4f'
-- add varbinary field to table
ALTER TABLE [dbo].[enc_test]
ADD encryptedCol varbinary(128);
GO
-- Create cert
CREATE CERTIFICATE testCert01
WITH SUBJECT = 'Test',
EXPIRY_DATE = '20251031';
GO
-- Create key
CREATE SYMMETRIC KEY testKey01
WITH ALGORITHM = AES_256
ENCRYPTION BY CERTIFICATE testCert01;
GO
-- Update table with encrypted value
OPEN SYMMETRIC KEY testKey01
DECRYPTION BY CERTIFICATE testCert01;
UPDATE [dbo].[enc_test]
SET encryptedCol
= EncryptByKey(Key_GUID('testKey01'), 'plain text test');
GO
-- view Encrypted Column
SELECT * FROM [dbo].[enc_test];
-- View Decrypted Column
OPEN SYMMETRIC KEY testKey01
DECRYPTION BY CERTIFICATE testCert01;
SELECT *, Convert(varchar, (DECRYPTBYKEY(encryptedCol)))
FROM [dbo].[enc_test];
-选项2(包括证书级别pw)
-- Create master key pw
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '3aog57q15d4Ldsase445wsd4f'
-- add varbinary field to table
ALTER TABLE [dbo].[enc_test]
ADD encryptedCol varbinary(128);
GO
-- Create PW protected cert
CREATE CERTIFICATE testCert01
ENCRYPTION BY PASSWORD = 'pGFD4bb925DGvbd2439587y'
WITH SUBJECT = 'Test',
EXPIRY_DATE = '20251031';
GO
-- Create KEY
CREATE SYMMETRIC KEY testKey01
WITH ALGORITHM = AES_256
ENCRYPTION BY CERTIFICATE testCert01;
GO
-- Update table with encrypted value
OPEN SYMMETRIC KEY testKey01
DECRYPTION BY CERTIFICATE testCert01 WITH PASSWORD = 'pGFD4bb925DGvbd2439587y';
UPDATE [dbo].[enc_test]
SET encryptedCol
= EncryptByKey(Key_GUID('testKey01'), 'plain text test');
GO
-- view Encrypted Column
SELECT * FROM [dbo].[enc_test];
-- View Decrypted Column
OPEN SYMMETRIC KEY testKey01
DECRYPTION BY CERTIFICATE testCert01 WITH PASSWORD = 'pGFD4bb925DGvbd2439587y';
SELECT *, Convert(varchar, (DECRYPTBYKEY(encryptedCol)))
FROM [dbo].[enc_test];