This article is half-done without your Comment! *** Please share your thoughts via Comment ***
The Database Security is a very common and one of the major aspects for DBA to keep data secure.
If you don’t know about SQL Server TDE, please read below article which uses for data encryption in SQL Server.
SQL Server: Transparent Data Encryption (TDE) to Encrypt a Database
There are different ways to encrypt your data like TDE, data masking, symmetric key.
In this post, I am sharing a demonstration on how to encrypt your table column using Symmetric key encryption.
For example, When you are storing customer’s credit card information, you must encrypt all cards related columns.
Below is a full demonstration of this:
Create a table with sample data:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
CREATE TABLE dbo.tbl_CustomerCards ( CustID INT PRIMARY KEY ,CustName VARCHAR(10) ,CustCardNo CHAR(8) ) GO INSERT INTO dbo.tbl_CustomerCards VALUES (1,'Anvesh','25-85-96'),(2,'Neevan','88-26-19') ,(3,'Roy','29-30-32'),(4,'Muskan','36-22-69') ,(5,'Martin','26-88-66'),(6,'Jenny','74-21-31') GO |
Create your master key and give password base on windows policy:
|
1 2 3 4 5 6 7 |
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'Dbrnd888'; GO --If your password does not match windows policy, you will get a below error. Msg 15118, Level 16, State 1, Line 1 Password validation failed. The password does not meet Windows policy requirements because it is not complex enough. |
Create a database certificate which is protected by database master key:
|
1 2 3 |
CREATE CERTIFICATE dbrnd_certificate WITH SUBJECT = 'dbrnd Data'; GO |
Create a symmetric key which uses for encryption/decryption:
I used AES_256 algorithm.
|
1 2 3 4 |
CREATE SYMMETRIC KEY dbrnd_Symmetric_key WITH ALGORITHM = AES_256 ENCRYPTION BY CERTIFICATE dbrnd_certificate; GO |
Add one more column in a table:
|
1 2 3 |
ALTER TABLE tbl_CustomerCards ADD CustCardNo_encrypt VARBINARY(MAX) GO |
Open a symmetric key for further use:
|
1 2 3 |
OPEN SYMMETRIC KEY dbrnd_Symmetric_key DECRYPTION BY CERTIFICATE dbrnd_certificate; GO |
Update newly created column by generating encrypted data with use of old column:
|
1 2 3 4 |
UPDATE tbl_CustomerCards SET CustCardNo_encrypt = EncryptByKey (Key_GUID('dbrnd_Symmetric_key'),CustCardNo) FROM tbl_CustomerCards GO |
Now, You can remove your old column:
|
1 2 3 |
ALTER TABLE tbl_CustomerCards DROP COLUMN CustCardNo; GO |
SELECT encrypted/decrypted card numbers:
|
1 2 3 |
SELECT CustID, CustCardNo_encrypt AS 'Encrypted_CardNumber', CONVERT(varchar, DecryptByKey(CustCardNo_encrypt)) AS 'Decrypted_CardNumber' FROM dbo.tbl_CustomerCards; |
Try to Insert few records with encrypted card number values:
|
1 2 3 4 |
INSERT INTO dbo.tbl_CustomerCards VALUES (7,'Meera',EncryptByKey( Key_GUID('dbrnd_Symmetric_key'), CONVERT(varchar,'66-52-36'))) ,(8,'Laria',EncryptByKey( Key_GUID('dbrnd_Symmetric_key'), CONVERT(varchar,'99-36-23'))) GO |
Once you complete with the use symmetric key, CLOSE it:
|
1 2 |
CLOSE SYMMETRIC KEY dbrnd_Symmetric_key; GO |
The result:
Leave a Reply