在存储过程中使用密码打开对称密钥

我正在尝试编写一个存储过程来解密由对称密钥加密的某些数据，该密钥使用密码使用非对称密钥加密。在存储过程中使用密码打开对称密钥

OPEN SYMMETRIC KEY需要密码的字符串文字，所以我不得不与EXEC sp_executesql做一个工作。有一个更好的方法吗？

DECLARE @open nvarchar(200), @close nvarchar(200) 
SET @open = 'OPEN SYMMETRIC KEY skey DECRYPTION BY ASYMMETRIC KEY akey WITH PASSWORD = ' + quotename(@password,'''') + ';'; 
SET @close = 'CLOSE SYMMETRIC KEY skey;'; 

EXEC sp_executesql @open 

SELECT [TransactionID],Convert(varchar(max),DECRYPTBYKEY([EncryptedText])) as DecryptedText FROM [dbo].[TestTable]; 

EXEC sp_executesql @close

如果你用错误的密码，它抛出了以下错误执行：

Msg 15466, Level 16, State 1, Line 1 
An error occurred during decryption. 
Msg 15315, Level 16, State 1, Line 1 
The key 'skey' is not open. Please open the key before using it.

我是不是应该换EXEC sp_executesql @open在TRY ... CATCH并返回NULL还是有一个（更多）优雅的方式处理这个？

编辑：什么是最好的方式来处理用不正确的密码调用这个过程的人？使用密钥

来源

2012-01-09 Greg

例，请检查您的数据和代码：

CREATE ASYMMETRIC KEY akey WITH ALGORITHM = RSA_2048 
ENCRYPTION BY PASSWORD = 'aaa123' 
GO 
CREATE SYMMETRIC KEY skey WITH ALGORITHM = AES_256 ENCRYPTION BY ASYMMETRIC KEY akey 
GO 

DECLARE @t TABLE(plain VARCHAR(100), ciphered VARBINARY(MAX), unciphered VARCHAR(100)) 

INSERT @t(plain) 
VALUES('11111'), ('22222'), ('33333') 

OPEN SYMMETRIC KEY skey DECRYPTION BY ASYMMETRIC KEY akey WITH PASSWORD = 'aaa123' 

UPDATE @t SET Ciphered = ENCRYPTBYKEY(KEY_GUID('skey'), plain) 


UPDATE @t SET unciphered = CAST(DECRYPTBYKEY(ciphered) AS VARCHAR) 

SELECT * FROM @t 

CLOSE SYMMETRIC KEY skey 
DROP SYMMETRIC KEY skey 
DROP ASYMMETRIC KEY akey

对于错误的密码解密尝试尝试下面的示例中的正确记录，具有可变@password玩：

CREATE ASYMMETRIC KEY akey WITH ALGORITHM = RSA_2048 
ENCRYPTION BY PASSWORD = 'aaa123' 
GO 
CREATE SYMMETRIC KEY skey WITH ALGORITHM = AES_256 ENCRYPTION BY ASYMMETRIC KEY akey 
GO 

DECLARE @t TABLE(plain VARCHAR(100), ciphered VARBINARY(MAX), unciphered VARCHAR(100)) 

INSERT @t(plain) 
VALUES('11111'), ('22222'), ('33333') 

OPEN SYMMETRIC KEY skey DECRYPTION BY ASYMMETRIC KEY akey WITH PASSWORD = 'aaa123' 

UPDATE @t SET Ciphered = ENCRYPTBYKEY(KEY_GUID('skey'), plain) 
CLOSE SYMMETRIC KEY skey 

DECLARE @open nvarchar(200), @close nvarchar(200), @password VARCHAR(20) = 'aaa123x' 
SET @open = 'OPEN SYMMETRIC KEY skey DECRYPTION BY ASYMMETRIC KEY akey WITH PASSWORD = ' + quotename(@password,'''') + ';'; 
SET @close = 'CLOSE SYMMETRIC KEY skey;'; 
BEGIN TRY 
    EXEC sp_executesql @open 
    UPDATE @t SET unciphered = CAST(DECRYPTBYKEY(ciphered) AS VARCHAR) 
    SELECT * FROM @t 
    EXEC sp_executesql @close 
END TRY BEGIN CATCH 
    SELECT 'Do whatever you want to do here with this caller. Suspicious caller: '+SUSER_SNAME()+', at: '+CAST(GETDATE() AS VARCHAR) 
END CATCH 

DROP SYMMETRIC KEY skey 
DROP ASYMMETRIC KEY akey

来源

2012-01-09 04:54:25

有关如何在使用此方法时更好地防范SQL注入的任何想法？ – Greg 2012-01-09 04:59:08

像往常一样 - 因为你不能传递密码作为参数，使用自定义密码字符串检查，并运行在用户，只有一个访问权限下的语句 - 读取和解密特定列从特定表 – 2012-01-09 05:03:36

您的代码仍然产生我之前得到的同样的错误 – Greg 2012-01-09 05:09:46

Alter PROCEDURE [dbo].[EncryptAndSaveValues] 
@Value as varchar(100), 
@EnKey as varchar(100) 
AS 
BEGIN 

set nocount on 

Declare @sql nvarchar(1000) 

set @sql=' 
Create Symmetric Key SymmetricKeyforPortal 

With algorithm=desx 

Encryption by password=N'''[email protected]+'''' 

--print @sql 

exec sp_executesql @sql 

set nocount off 
end

https://forums.asp.net/t/1348389.aspx?Declaring+Symmetric+Key+in+Stored+procedure

来源

2017-10-20 06:30:50

在存储过程中使用密码打开对称密钥

回答

相关问题