以下是用sqlserver给数据库进行加密的脚本,其中当然也包含了证书创建的步骤:
USE master; GO --drop master key CREATE MASTER KEY ENCRYPTION BY PASSWORD = \'123456\'; GO BACKUP MASTER KEY TO FILE = \'D:\SQL1_master.key\' ENCRYPTION BY PASSWORD = \'123456\'; GO CREATE CERTIFICATE TDECert WITH SUBJECT = \'TDE Certificate\'; GO BACKUP CERTIFICATE TDECert TO FILE = \'D:\SQL1_master.cer\' WITH PRIVATE KEY ( FILE = \'D:\SQL1_TDECert.pvk\', ENCRYPTION BY PASSWORD = \'123456\' ); USE TEST; GO CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_128 ENCRYPTION BY SERVER CERTIFICATE TDECert; GO ALTER DATABASE TEST SET ENCRYPTION ON --如果需要还原加密后的数据库文件到另外一台服务器,需要首先还原证书到目标服务器: --目标服务器的master key 可以跟原服务器的不一样 USE master; CREATE CERTIFICATE TDECert FROM FILE = \'D:\SQL1_master.cer\' WITH PRIVATE KEY ( FILE = \'D:\SQL1_TDECert.pvk\', DECRYPTION BY PASSWORD = \'123456\' );
