April 10, 2010. Platinum and Gold Partners Data Encryption and Key Management in SQL Said Salomon...
-
Upload
william-french -
Category
Documents
-
view
212 -
download
0
Transcript of April 10, 2010. Platinum and Gold Partners Data Encryption and Key Management in SQL Said Salomon...
PHILLY.NETCODE CAMP
2010.1
April 10, 2010
Platinum and Gold Partners
Data Encryption and Key Management in SQL
Said SalomonDatabase AdministratorUnitrin Direct Insurance
Who am I?
I has over 25 year experience as an Information Technology Professional. He has a vast array of abilities in the field in the areas of Network, Desktop Support, DBA, Staff Project Management, Application Software Development, Business Analysis and Quality Assurance. I have Microsoft certifications as a MCTS, MCPS, and MCNPS, and multiple certifications from the Insurance Institute of America. Current Said is a DBA at Unitrin Direct Insurance.
SQL Key Management Overview
2008 Key Management Overview
Service Master Key
One per server instance Backup Restore Alter Is automatically generated when needed There is not create command for
Service Master Key
Database Master Key
One per database Is encrypted by the server master key
and the password used when created.
Certificate
Can have as many as need Is encrypted by the database master key
as well as the password use on the certificate
Asymmetric key
Why? Public key Private key No backup Poor performance (100 x)
Symmetric key
Can have as many as needed Is encrypted by the Certificate or
Asymmetric key or Symmetric key or password
Algorithms DES | TRIPLE_DES | TRIPLE_DES_3KEY | RC2 | RC4 | RC4_128 | DESX | AES_128 | AES_192 | AES_256
No Backup
Symmetric Functions
EncryptByKey DecryptByKey EncryptByPassPhrase DecryptByPassPhrase Key_ID Key_GUID
Asymmetric Functions
EncryptByAsmKey DecryptByAsmKey EncryptByCert DecryptByCert Cert_ID AsymKey_ID CertProperty
Demo
SQL Encryption Step-by-Step
Backup Service Master Key BACKUP SERVICE MASTER KEY TO
FILE = 'path_to_file' ENCRYPTION BY PASSWORD = 'password'
Restore Service Master Key RESTORE SERVICE MASTER KEY
FROM FILE = 'path_to_file' DECRYPTION BY PASSWORD = 'password' [FORCE]
Create (Database) Master Key
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'password'
Backup (Database) Master Key
BACKUP MASTER KEY TO FILE = 'path_to_file' ENCRYPTION BY PASSWORD = 'password'
Restore (Database) Master Key
RESTORE MASTER KEY FROM FILE = 'path_to_file' DECRYPTION BY PASSWORD = 'password' ENCRYPTION BY PASSWORD = 'password' [ FORCE ]
Sharing a symmetric key
CREATE SYMMETRIC KEY test_aes128_keyWITH KEY_SOURCE = 'I am the very model of a modern major general', IDENTITY_VALUE = 'E pluribus unum', ALGORITHM = AES_128ENCRYPTION BY PASSWORD = 'p@$$w0rd';
DemoTransparent Data Encryption (2008 only)
Questions?
Please complete the online evaluation form
Resources
SQL 2005 Symmetric Encryption By Michael Coles http://bit.ly/bFQsro
My web sitehttp://www.timelordshangout.com
My TwitterSaidSalomon