基于SQL的加密性能
我正在为未来的项目做一些研究,它需要对一些数据进行加密。
在我今天的研究中,我注意到有许多不同的加密算法(包括 AES、Triple-DES、X-DES 等),并且我希望使用 SQL-Server 中的一种算法(2008r2 express probs),您会如何建议这样做,比如最佳实践等?
我计划做如下的事情:
-- Create the master key.
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'Som3Rand0m!3y?na'
-- Create the cert.
CREATE CERTIFICATE someCert WITH SUBJECT = 'c3p009xFR?'
-- Create Symmetric Key
CREATE SYMMETRIC KEY someSymmetricKey WITH ALGORITHM = TRIPLE_DES ENCRYPTION BY CERTIFICATE someCert
并按以下方式使用它:
declare @sql varchar(8000)
set @sql = 'OPEN SYMMETRIC KEY someSymmetricKey DECRYPTION BY CERTIFICATE someCert '
exec (@sql)
-- Check the table
SELECT col1, Convert(varchar(max), DECRYPTBYKEY(col2)) as col2
FROM myTable
-- dont forget to close the symmetric key again afterwards.
CLOSE SYMMETRIC KEY someSymmetricKey
我想这是正确的方法(我很久以前读过它并保存了一个示例,所以只需仔细检查:])?
另外,使用不同的加密算法之间是否真的存在性能差异(或安全差异,比如一种比另一种更容易破解)? <<- 这是我真正想了解的/最重要的。
最后,如果我将数据库移动到不同的服务器,我想我可以以相同的方式重新创建密钥/证书,并且我将能够取回数据等?
任何好的博客文章/链接/白皮书将不胜感激:)(我读过的大多数内容都很糟糕)
感谢您的阅读:D
I am doing some research for a future project and it requires some data to be encrypted.
In my research today, I have noticed that there are many different encryption algorithms (including AES, Triple-DES, X-DES etc) and I wish to use one of the algorithms in SQL-Server (2008r2 express probs), how would you recommend doing this, like best practices etc?
I am planning to do something like the following:
-- Create the master key.
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'Som3Rand0m!3y?na'
-- Create the cert.
CREATE CERTIFICATE someCert WITH SUBJECT = 'c3p009xFR?'
-- Create Symmetric Key
CREATE SYMMETRIC KEY someSymmetricKey WITH ALGORITHM = TRIPLE_DES ENCRYPTION BY CERTIFICATE someCert
And use it in the following way:
declare @sql varchar(8000)
set @sql = 'OPEN SYMMETRIC KEY someSymmetricKey DECRYPTION BY CERTIFICATE someCert '
exec (@sql)
-- Check the table
SELECT col1, Convert(varchar(max), DECRYPTBYKEY(col2)) as col2
FROM myTable
-- dont forget to close the symmetric key again afterwards.
CLOSE SYMMETRIC KEY someSymmetricKey
I guess this is the correct way to do it (I read up on it ages ago and saved an example, so just double checking :])?
Also, are there really any performance differences (or security differences, like one is easier to break than another) between using the different encryption algorithms? <<- this is the one i was really trying to find out about/most important.
Lastly, if I move the database to a different server, I guess I can just re-create the key/cert in the same way and I will be able to get the data back etc?
Any good blog posts/links/whitepapers would be greatly appreciated :) (most that ive read have been quiet bad tbh)
Thanks for reading :D
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您只有两个选择:AES 和 3DES。简单 DES 和 XDES 太弱(分别为 56 和 112 位强度)。 RC4 不是一个选项,因为 SQL Server 实现已失败(没有正确对加密值进行加盐处理)。
3DES 固守着过去。使用 AES,这是当前 NIST 推荐算法,并为您提供不错的速度。
You have only two options: AES and 3DES. Simple DES and XDES are too weak (56 and 112 bit strength respectively). RC4 is not an option because the SQL Server implementaion is busted (does no properly salt encrypted values).
3DES is clinging to the past. Use AES, is the current NIST recommended algorithm and offers you a decent speed.
对于加密算法的选择,实际上并没有一刀切的选择(请参阅下面的链接,了解 Microsoft 关于 SQL Server 中可用算法的建议)。
http://msdn.microsoft.com/en-us/library/ms345262.aspx
至于备份和恢复您的加密密钥:
然后,在您的其他服务器上
For your choice of encryption algorithm, there isn't really a one size fits all choice (see the link below for advice from Microsoft about the algorithms available in SQL Server).
http://msdn.microsoft.com/en-us/library/ms345262.aspx
As for backing up and restoring your encryption keys:
Then, on your other server