基于SQL的加密性能

发布于 2024-10-25 10:36:09 字数 1126 浏览 3 评论 0原文

我正在为未来的项目做一些研究,它需要对一些数据进行加密。

在我今天的研究中,我注意到有许多不同的加密算法(包括 AES、Triple-DES、X-DES 等),并且我希望使用 SQL-Server 中的一种算法(2008r2 express probs),您会如何建议这样做,比如最佳实践等?

我计划做如下的事情:

-- Create the master key. 
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'Som3Rand0m!3y?na'
-- Create the cert.
CREATE CERTIFICATE someCert WITH SUBJECT = 'c3p009xFR?'
-- Create Symmetric Key
CREATE SYMMETRIC KEY someSymmetricKey WITH ALGORITHM = TRIPLE_DES ENCRYPTION BY CERTIFICATE someCert 

并按以下方式使用它:

declare @sql varchar(8000)
set @sql = 'OPEN SYMMETRIC KEY someSymmetricKey DECRYPTION BY CERTIFICATE someCert '
exec (@sql)

-- Check the table
SELECT      col1, Convert(varchar(max), DECRYPTBYKEY(col2)) as col2
FROM        myTable

-- dont forget to close the symmetric key again afterwards.
CLOSE SYMMETRIC KEY someSymmetricKey

我想这是正确的方法(我很久以前读过它并保存了一个示例,所以只需仔细检查:])?

另外,使用不同的加密算法之间是否真的存在性能差异(或安全差异,比如一种比另一种更容易破解)? <<- 这是我真正想了解的/最重要的。

最后,如果我将数据库移动到不同的服务器,我想我可以以相同的方式重新创建密钥/证书,并且我将能够取回数据等?

任何好的博客文章/链接/白皮书将不胜感激:)(我读过的大多数内容都很糟糕)

感谢您的阅读:D

I am doing some research for a future project and it requires some data to be encrypted.

In my research today, I have noticed that there are many different encryption algorithms (including AES, Triple-DES, X-DES etc) and I wish to use one of the algorithms in SQL-Server (2008r2 express probs), how would you recommend doing this, like best practices etc?

I am planning to do something like the following:

-- Create the master key. 
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'Som3Rand0m!3y?na'
-- Create the cert.
CREATE CERTIFICATE someCert WITH SUBJECT = 'c3p009xFR?'
-- Create Symmetric Key
CREATE SYMMETRIC KEY someSymmetricKey WITH ALGORITHM = TRIPLE_DES ENCRYPTION BY CERTIFICATE someCert 

And use it in the following way:

declare @sql varchar(8000)
set @sql = 'OPEN SYMMETRIC KEY someSymmetricKey DECRYPTION BY CERTIFICATE someCert '
exec (@sql)

-- Check the table
SELECT      col1, Convert(varchar(max), DECRYPTBYKEY(col2)) as col2
FROM        myTable

-- dont forget to close the symmetric key again afterwards.
CLOSE SYMMETRIC KEY someSymmetricKey

I guess this is the correct way to do it (I read up on it ages ago and saved an example, so just double checking :])?

Also, are there really any performance differences (or security differences, like one is easier to break than another) between using the different encryption algorithms? <<- this is the one i was really trying to find out about/most important.

Lastly, if I move the database to a different server, I guess I can just re-create the key/cert in the same way and I will be able to get the data back etc?

Any good blog posts/links/whitepapers would be greatly appreciated :) (most that ive read have been quiet bad tbh)

Thanks for reading :D

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

旧故 2024-11-01 10:36:09

您只有两个选择:AES 和 3DES。简单 DES 和 XDES 太弱(分别为 56 和 112 位强度)。 RC4 不是一个选项,因为 SQL Server 实现已失败(没有正确对加密值进行加盐处理)。

3DES 固守着过去。使用 AES,这是当前 NIST 推荐算法,并为您提供不错的速度。

You have only two options: AES and 3DES. Simple DES and XDES are too weak (56 and 112 bit strength respectively). RC4 is not an option because the SQL Server implementaion is busted (does no properly salt encrypted values).

3DES is clinging to the past. Use AES, is the current NIST recommended algorithm and offers you a decent speed.

〆一缕阳光ご 2024-11-01 10:36:09

对于加密算法的选择,实际上并没有一刀切的选择(请参阅下面的链接,了解 Microsoft 关于 SQL Server 中可用算法的建议)。

http://msdn.microsoft.com/en-us/library/ms345262.aspx

至于备份和恢复您的加密密钥:

--Backup the master key   
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'Som3Rand0m!3y?na';
BACKUP MASTER KEY TO FILE = 'c:\temp\exportedmasterkey' 
ENCRYPTION BY PASSWORD = 's0me0th3rp4$w0rd';
GO 
--Back up the certificate
BACKUP CERTIFICATE someCert TO FILE = 'c:\temp\someCert.cer'
GO

然后,在您的其他服务器上

RESTORE MASTER KEY FROM FILE = 'c:\temp\exportedmasterkey' 
    DECRYPTION BY PASSWORD = 's0me0th3rp4$w0rd'
    ENCRYPTION BY PASSWORD = 'Som3Rand0m!3y?na'
GO

CREATE CERTIFICATE someCert
    FROM FILE = 'c:\temp\someCert.cer'
GO

For your choice of encryption algorithm, there isn't really a one size fits all choice (see the link below for advice from Microsoft about the algorithms available in SQL Server).

http://msdn.microsoft.com/en-us/library/ms345262.aspx

As for backing up and restoring your encryption keys:

--Backup the master key   
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'Som3Rand0m!3y?na';
BACKUP MASTER KEY TO FILE = 'c:\temp\exportedmasterkey' 
ENCRYPTION BY PASSWORD = 's0me0th3rp4$w0rd';
GO 
--Back up the certificate
BACKUP CERTIFICATE someCert TO FILE = 'c:\temp\someCert.cer'
GO

Then, on your other server

RESTORE MASTER KEY FROM FILE = 'c:\temp\exportedmasterkey' 
    DECRYPTION BY PASSWORD = 's0me0th3rp4$w0rd'
    ENCRYPTION BY PASSWORD = 'Som3Rand0m!3y?na'
GO

CREATE CERTIFICATE someCert
    FROM FILE = 'c:\temp\someCert.cer'
GO
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文