在MSSQL中加密Varbinary

时间:2017-10-11 06:36:33

标签: c# sql-server encryption

由于我们将来会在数据库中存储一些敏感文件,我们希望加密它们。我们仍然在Filestream和Varbinary之间犹豫不决,尽管我们倾向于使用Varbinary。我发现此链接很有用:file stream vs local save in sql server?

我现在唯一能看到的方法是将Varbinary转换为字符串并使用以下函数加密它:Encrypting & Decrypting a String in C#

有没有更好的可能性?

2 个答案:

答案 0 :(得分:0)

VARBINARY类型类似于VARCHAR类型,但存储二进制字节字符串而不是非二进制字符串。

尝试使用SQL Server证书和非对称密钥,这是使用证书以及私钥和公钥加密数据的最安全方式。 如需进一步说明,您可以访问以下链接:

https://blog.sqlauthority.com/2009/04/28/sql-server-introduction-to-sql-server-encryption-and-symmetric-key-encryption-tutorial-with-script/

https://docs.microsoft.com/en-us/sql/relational-databases/security/sql-server-certificates-and-asymmetric-keys

答案 1 :(得分:0)

-选项1


    -- Create master key pw
    CREATE MASTER KEY ENCRYPTION BY PASSWORD = '3aog57q15d4Ldsase445wsd4f'  

    -- add varbinary field to table
    ALTER TABLE [dbo].[enc_test]
        ADD encryptedCol varbinary(128);
        GO  

    -- Create cert
    CREATE CERTIFICATE testCert01
       WITH SUBJECT = 'Test',   
       EXPIRY_DATE = '20251031';  
    GO  

    -- Create key
    CREATE SYMMETRIC KEY testKey01   
    WITH ALGORITHM = AES_256  
    ENCRYPTION BY CERTIFICATE testCert01;  
    GO      

    -- Update table with encrypted value 
    OPEN SYMMETRIC KEY testKey01  
       DECRYPTION BY CERTIFICATE testCert01;    

    UPDATE [dbo].[enc_test]
    SET encryptedCol  
        = EncryptByKey(Key_GUID('testKey01'), 'plain text test');  
    GO      

    -- view Encrypted Column
    SELECT * FROM [dbo].[enc_test];     

    -- View Decrypted Column
    OPEN SYMMETRIC KEY testKey01  
      DECRYPTION BY CERTIFICATE testCert01; 

    SELECT *, Convert(varchar, (DECRYPTBYKEY(encryptedCol))) 
    FROM [dbo].[enc_test];

-选项2(包括证书级别pw)

    -- Create master key pw
    CREATE MASTER KEY ENCRYPTION BY PASSWORD = '3aog57q15d4Ldsase445wsd4f'  

    -- add varbinary field to table
    ALTER TABLE [dbo].[enc_test]
        ADD encryptedCol varbinary(128);
        GO  

    -- Create PW protected cert
    CREATE CERTIFICATE testCert01
        ENCRYPTION BY PASSWORD = 'pGFD4bb925DGvbd2439587y'
       WITH SUBJECT = 'Test',   
       EXPIRY_DATE = '20251031';  
    GO  

    -- Create KEY
    CREATE SYMMETRIC KEY testKey01   
    WITH ALGORITHM = AES_256  
    ENCRYPTION BY CERTIFICATE testCert01;  
    GO      

    -- Update table with encrypted value 
    OPEN SYMMETRIC KEY testKey01  
       DECRYPTION BY CERTIFICATE testCert01 WITH PASSWORD = 'pGFD4bb925DGvbd2439587y';  

    UPDATE [dbo].[enc_test]
    SET encryptedCol  
        = EncryptByKey(Key_GUID('testKey01'), 'plain text test');  
    GO      

    -- view Encrypted Column
    SELECT * FROM [dbo].[enc_test];     

    -- View Decrypted Column
    OPEN SYMMETRIC KEY testKey01  
      DECRYPTION BY CERTIFICATE testCert01 WITH PASSWORD = 'pGFD4bb925DGvbd2439587y';   

    SELECT *, Convert(varchar, (DECRYPTBYKEY(encryptedCol))) 
    FROM [dbo].[enc_test];