使用证书和对称密钥加密SQL Server数据

Question

我试图使用证书和对称密钥来加密数据库列。

我成功创建证书，对称密钥使用如下：

CREATE CERTIFICATE MyCertificate 
    ENCRYPTION BY PASSWORD = 'password' 
    WITH SUBJECT = 'Public Access Data' 
GO 

CREATE SYMMETRIC KEY MySSNKey 
    WITH ALGORITHM = AES_256 
    ENCRYPTION BY CERTIFICATE MyCertificate 

我试图加密和利用解密的一些数据如下：

DECLARE @Text VARCHAR(100) 
SET @Text = 'Some Text' 

DECLARE @EncryptedText VARBINARY(128) 

-- Open the symmetric key with which to encrypt the data. 
OPEN SYMMETRIC KEY MySSNKey 
    DECRYPTION BY CERTIFICATE MyCertificate; 

SELECT @EncryptedText = EncryptByKey(Key_GUID('MySSNKey'), @Text) 

SELECT CONVERT(VARCHAR(100), DecryptByKey(@EncryptedText)) AS DecryptedText 

当我这样做，我得到以下错误消息：

该证书具有受用户定义的保护的私钥 密码。需要提供该密码才能启用使用 私钥。

归根结底，我试图做的是写一个存储过程，将需要一些未加密的数据作为输入，对其进行加密，然后将其保存为加密VARBINARY。然后，我想编写一个第二个存储过程，它将做相反的事情 - 即解密加密的varbinary并将其转换回人类可读的数据类型。我宁愿不必直接在存储过程中指定密码。有没有办法做到这一点？我在上面的代码中做了什么错误？

谢谢。

Answer 1

你只需要使用：

OPEN SYMMETRIC KEY MySSNKey 
    DECRYPTION BY CERTIFICATE MyCertificate WITH PASSWORD = 'password'; 

Answer 2

您NEAD使用MASTER KEY

例子：

CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'MasterPassword'; 
CREATE CERTIFICATE MyCertificate WITH SUBJECT = 'Public Access Data'; 
CREATE SYMMETRIC KEY MySSNKey WITH ALGORITHM = AES_256 ENCRYPTION BY CERTIFICATE MyCertificate; 


OPEN SYMMETRIC KEY MySSNKey DECRYPTION BY CERTIFICATE MyCertificate; 
SELECT Customer_id, Credit_card_number_encrypt AS 'Encrypted Credit Card Number', 
CONVERT(varchar, DecryptByKey(Credit_card_number_encrypt)) AS 'Decrypted Credit Card Number' 
FROM dbo.Customer_data; 
CLOSE SYMMETRIC KEY MySSNKey ;