We would like to use SQL Server Encryption to encrypt a couple of columns within our databases. We also need to transfer data between our production and test environment. It seems like the best solution would be to use the same master key, certificate, and symmetric key on the production and test servers so that I could encrypt or decrypt the columns in either production or test environments with the same results.
我们希望使用SQL Server加密来加密数据库中的几列。我们还需要在生产和测试环境之间传输数据。似乎最好的解决方案是在生产和测试服务器上使用相同的主密钥,证书和对称密钥,以便我可以在生产或测试环境中加密或解密具有相同结果的列。
So far I have tried using the same create script in both environments which did not work. It encrypted on one server but did not decrypt on the other after data was transferred to the other server:
到目前为止,我尝试在两个不起作用的环境中使用相同的创建脚本。它在一台服务器上加密,但在数据传输到另一台服务器后没有在另一台服务器上解密:
use <database name>
CREATE MASTER KEY ENCRYPTION BY
PASSWORD = <password1>
use <database name>
CREATE CERTIFICATE <certificate name>
WITH SUBJECT = <certificate subject>
use <database name>
CREATE SYMMETRIC KEY <key name>
WITH ALGORITHM = AES_256
ENCRYPTION BY CERTIFICATE <certificate name>
And I have tried creating the master key, certificate, and symmetric key on one server and then restoring it on the other which doesn’t seem to create the key and therefore doesn’t work either.
我尝试在一台服务器上创建主密钥,证书和对称密钥,然后在另一台服务器上恢复它,这似乎不会创建密钥,因此也不起作用。
use <database name>
OPEN MASTER KEY DECRYPTION BY PASSWORD = <password1>
BACKUP MASTER KEY TO FILE = 'c:\masterkey.txt'
ENCRYPTION BY PASSWORD = <password2>
use <database name>
BACKUP CERTIFICATE <certificate name> TO FILE = 'c:\Cert.txt'
WITH PRIVATE KEY ( FILE = 'c:\Key.txt' ,
ENCRYPTION BY PASSWORD = <password3> )
use <database name>
RESTORE MASTER KEY
FROM FILE = 'c:\masterkey.txt'
DECRYPTION BY PASSWORD = <password2>
ENCRYPTION BY PASSWORD = <password1>
use <database name>
OPEN MASTER KEY DECRYPTION BY PASSWORD = <password1>
CREATE CERTIFICATE <certificate name>
FROM FILE = 'c:\Cert.txt'
WITH PRIVATE KEY (FILE = 'c:\Key.txt',
DECRYPTION BY PASSWORD = <password3>)
How can I encrypt on one SQL Server and decrypt on another?
如何在一个SQL Server上加密并在另一个SQL Server上解密?
1 个解决方案
#1
5
We found that when encrypting on the first server, you create the symmetric key specifying the key source and the identity value. Then when decrypting on the other server, you specify the same key source and identity value when creating that symmetric key.
我们发现,在第一台服务器上加密时,您可以创建指定密钥源和标识值的对称密钥。然后,当在另一台服务器上解密时,您在创建该对称密钥时指定相同的密钥源和标识值。
#1
5
We found that when encrypting on the first server, you create the symmetric key specifying the key source and the identity value. Then when decrypting on the other server, you specify the same key source and identity value when creating that symmetric key.
我们发现,在第一台服务器上加密时,您可以创建指定密钥源和标识值的对称密钥。然后,当在另一台服务器上解密时,您在创建该对称密钥时指定相同的密钥源和标识值。