SQL Server 2005使用私钥/加密创建证书
好吧,这是我的问题。我正在使用数据库主密钥、证书和对称密钥在 SQL Server 2005 中进行数据加密。我需要能够使用私钥恢复证书。但是,当我使用私钥运行 CREATE CERTIFICATE 时,证书会被拉入数据库,但私钥不会显示。以下是我进行测试时遵循的步骤。
创建数据库主密钥。
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '12345'
创建证书
CREATE CERTIFICATE MyCert
WITH SUBJECT = 'My First Certificate',
EXPIRY_DATE = '1/1/2199';
创建使用 MyCert 加密的对称密钥。
CREATE SYMMETRIC KEY MySymmetricKey
WITH ALGORITHM = AES_256
ENCRYPTION BY CERTIFICATE MyCert
调用下面的 select 语句来显示密钥和证书。 他们是。主数据库密钥、对称密钥和证书都在那里。
SELECT * FROM sys.symmetric_keys
SELECT * FROM sys.certificates
创建数据库证书和密钥的备份
注意 我曾尝试将它们放在同一个文件夹中,但这也不起作用。
BACKUP CERTIFICATE MyCert TO FILE = 'C:\SQLDatabase\MyCert\MyCert.cert'
WITH PRIVATE KEY ( FILE = 'C:\SQLDatabase\MyKey\MySymmetricKey.key' ,
ENCRYPTION BY PASSWORD = '12345' )
放下密钥和证书并验证它们是否已消失。
DROP SYMMETRIC KEY MySymmetricKey
DROP CERTIFICATE MyCert;
仅通过文件创建的证书无法恢复。我打电话 使用WITH PRIVATE KEY 创建证书。
当我运行此命令时,证书会显示,但密钥不会随之出现。
我已验证它们位于文件夹中并且 SQL 可以访问这些文件夹。
我也尝试过使用私钥更改证书,但仍然没有任何结果。
我缺少什么?
CREATE CERTIFICATE PayGoDBCert
FROM FILE = 'C:\SQLDatabase\MyCert\MyCert.cert'
WITH PRIVATE KEY (FILE = 'C:\SQLDatabase\MyKey\MySymmetricKey.key' ,
DECRYPTION BY PASSWORD = '12345')
SELECT * FROM sys.symmetric_keys
SELECT * FROM sys.certificates
Ok, here is my problem. I am doing data encryption in SQL Server 2005 using a DB Master Key, Certificate and Symmetric Key. I need to be able to restore a certificate with a private key. But when I run the CREATE CERTIFICATE with PRIVATE KEY, the certificate gets pulled into the DB but the private key does not show up. Below are the steps I follow for testing.
Create the Database Master Key.
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '12345'
Create the Certificate
CREATE CERTIFICATE MyCert
WITH SUBJECT = 'My First Certificate',
EXPIRY_DATE = '1/1/2199';
Create a symmetric key that is encrypted with MyCert.
CREATE SYMMETRIC KEY MySymmetricKey
WITH ALGORITHM = AES_256
ENCRYPTION BY CERTIFICATE MyCert
Call below select statements to show the keys and certs are there.
They are. Master DB Key, Symmetric Key and Certificate are all there.
SELECT * FROM sys.symmetric_keys
SELECT * FROM sys.certificates
Create a backup of the database certificate and key
Note I have tried putting them in the same folder and that did not work either.
BACKUP CERTIFICATE MyCert TO FILE = 'C:\SQLDatabase\MyCert\MyCert.cert'
WITH PRIVATE KEY ( FILE = 'C:\SQLDatabase\MyKey\MySymmetricKey.key' ,
ENCRYPTION BY PASSWORD = '12345' )
Drop the key and cert and verify they are gone.
DROP SYMMETRIC KEY MySymmetricKey
DROP CERTIFICATE MyCert;
There is no RESTORE for certificates only create by file. I call
create certificate with the WITH PRIVATE KEY.
When I run this the certificate shows up but the key does not come with it.
I have verified they are in the folders and SQL has access to the folders.
I have also tried the ALTER CERTIFICATE WITH PRIVATE KEY and still nothing.
What am I missing?
CREATE CERTIFICATE PayGoDBCert
FROM FILE = 'C:\SQLDatabase\MyCert\MyCert.cert'
WITH PRIVATE KEY (FILE = 'C:\SQLDatabase\MyKey\MySymmetricKey.key' ,
DECRYPTION BY PASSWORD = '12345')
SELECT * FROM sys.symmetric_keys
SELECT * FROM sys.certificates
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在您的示例中,您删除了对称密钥,但不再重新创建它。
再次重新创建对称密钥,然后恢复证书。
请注意:用于保护备份证书的密码与用于加密证书私钥的密码不同。
让我们知道这是否解决了您的问题
In your example you drop the symmetric keys but don't recreate it again.
Recreate the symmetric key again then restore the certificate.
Just a note:The password used to protect the backed up certificate is not the same password that is used to encrypt the private key of the certificate.
let us know if that solves your issue