Sql Server 2008R2企业具有数据加密功能 - 备份和恢复

时间:2012-03-27 13:08:43

标签: sql-server-2008 encryption-symmetric

我有一个数据库,我在其上启用了对称加密,以加密某些列。 我创建了一个SP,以便在我从脚本创建数据库后启用加密,如下所示

CREATE PROCEDURE [dbo].[sys_EnableSymmetricEncryption]
AS
BEGIN
--If there is no master key, create one now. 
IF NOT EXISTS 
  (SELECT * FROM sys.symmetric_keys WHERE symmetric_key_id = 101)
  CREATE MASTER KEY ENCRYPTION BY 
  PASSWORD = '9809u0ij989oih9o8yyo98yyo89uyp9p9'

CREATE CERTIFICATE My_Certificate
  WITH SUBJECT = 'My Database';

CREATE SYMMETRIC KEY My_Key_01
  WITH ALGORITHM = AES_256
  ENCRYPTION BY CERTIFICATE My_Certificate;
END 

所以在我从脚本创建数据库之后,我运行它然后我可以将数据存储在加密列中 与

INSERT INTO [dbo].[Cards]
      ([CardNumber]
      ,[CardSecurityCode]
      ,[CardExpirationDate]
      ,[NameOnCard])
 VALUES
  (EncryptByKey(Key_GUID('My_Key_01'), @CardNumber) ,
  EncryptByKey(Key_GUID('My_Key_01'), @CardSecurityCode) ,
  EncryptByKey(Key_GUID('My_Key_01'), @CardExpirationDate) ,
  EncryptByKey(Key_GUID('My_Key_01'), @NameOnCard))

并使用

检索数据
OPEN SYMMETRIC KEY My_Key_01
   DECRYPTION BY CERTIFICATE My_Certificate;

SELECT [CardID]
      ,CONVERT(nvarchar, DecryptByKey([CardNumber])) as 'CardNumber'
      ,CONVERT(nvarchar, DecryptByKey([CardSecurityCode])) as 'CardSecurityCode'
      ,CONVERT(nvarchar, DecryptByKey([CardExpirationDate])) as 'CardExpirationDate'
      ,CONVERT(nvarchar, DecryptByKey([NameOnCard])) as 'NameOnCard'
    FROM [Cards]

一切正常,直到我备份数据库并尝试在其他服务器上恢复备份 我恢复后,当我尝试运行Select(如上所述)时,我收到此错误

Please create a master key in the database or open the master key in the session before performing this operation.

所以我试图用

重新创建密钥
IF NOT EXISTS 
  (SELECT * FROM sys.symmetric_keys WHERE symmetric_key_id = 101)
  CREATE MASTER KEY ENCRYPTION BY 
  PASSWORD = '9809u0ij989oih9o8yyo98yyo89uyp9p9'

但是然后在选择In仍然得到相同的错误。 如果我尝试运行上面显示的第一个Sp,要创建主密钥,证书和对称密钥,我会收到错误

Msg 15581, Level 16, State 3, Procedure sys_EnableSymmetricEncryption, Line 11 Please create a master key in the database or open the master key in the session before performing this operation. Msg 15282, Level 16, State 1, Procedure sys_EnableSymmetricEncryption, Line 14 A key with name 'OneTest_Key_01' or user defined unique identifier already exists or you do not have permissions to create

在尝试创建证书和对称密钥之前,我可能会尝试删除它,但我不知道它们位于何处。

知道怎么处理这个吗?

由于

PS如果我在同一台服务器上恢复,即使是不同的数据库,一切正常

1 个答案:

答案 0 :(得分:1)

尝试运行:

ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = '9809u0ij989oih9o8yyo98yyo89uyp9p9';