sql server_TED(透明数据加密)
2015-01-29 13:26
281 查看
一,加密过程
(1)切换到master下:
use master;
(2)根据一段自定义密码创建主密钥:
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '密码';
(3)创建主密钥证书,主题任意填:
CREATE CERTIFICATE 证书名 WITH SUBJECT = '测试主题';
(4)切换到要加密的库下:
use 用户数据库;
(5)根据加密算法和证书创建数据库密钥:
CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_128 ENCRYPTION BY SERVER CERTIFICATE 证书名;
(6)开启该库的加密状态:
ALTER DATABASE 用户数据库 SET ENCRYPTION ON;
------------------------------------------------------------------
二,备份和还原
(1)备份主密钥在指定目录中:
BACKUP MASTER KEY TO FILE = 'd:\storedkeys\weifang\masterkey' ENCRYPTION BY PASSWORD = '密码'
(2)备份证书:
BACKUP CERTIFICATE 证书名 TO FILE = 'd:\storedcerts\weifang\sdjslcert'; :
(3)还原master key:
use master
RESTORE MASTER KEY FROM FILE = 'd:\storedkeys\weifang\masterkey'
DECRYPTION BY PASSWORD = '密码'
ENCRYPTION BY PASSWORD = '密码';
--因为我这里还留有原来的证书,所以会提示如下信息:
--The old and new master keys are identical. No data re-encryption is required.
(4)还原证书
CREATE CERTIFICATE 证书名
FROM FILE = 'd:\storedcerts\sdjslcert'
GO
--因为证书已经存在,所以提示如下信息:
--A certificate with name 'MyServerCert2' already exists or this certificate already has been added to the database.
--需要注意的是证书并不是按照证书名来区分的。我原来的证书名叫做MyServerCert,此处创建的证书名为MyServerCert2,但是是来自MyServerCert的一个备份,还是报错。
(1)切换到master下:
use master;
(2)根据一段自定义密码创建主密钥:
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '密码';
(3)创建主密钥证书,主题任意填:
CREATE CERTIFICATE 证书名 WITH SUBJECT = '测试主题';
(4)切换到要加密的库下:
use 用户数据库;
(5)根据加密算法和证书创建数据库密钥:
CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_128 ENCRYPTION BY SERVER CERTIFICATE 证书名;
(6)开启该库的加密状态:
ALTER DATABASE 用户数据库 SET ENCRYPTION ON;
------------------------------------------------------------------
二,备份和还原
(1)备份主密钥在指定目录中:
BACKUP MASTER KEY TO FILE = 'd:\storedkeys\weifang\masterkey' ENCRYPTION BY PASSWORD = '密码'
(2)备份证书:
BACKUP CERTIFICATE 证书名 TO FILE = 'd:\storedcerts\weifang\sdjslcert'; :
(3)还原master key:
use master
RESTORE MASTER KEY FROM FILE = 'd:\storedkeys\weifang\masterkey'
DECRYPTION BY PASSWORD = '密码'
ENCRYPTION BY PASSWORD = '密码';
--因为我这里还留有原来的证书,所以会提示如下信息:
--The old and new master keys are identical. No data re-encryption is required.
(4)还原证书
CREATE CERTIFICATE 证书名
FROM FILE = 'd:\storedcerts\sdjslcert'
GO
--因为证书已经存在,所以提示如下信息:
--A certificate with name 'MyServerCert2' already exists or this certificate already has been added to the database.
--需要注意的是证书并不是按照证书名来区分的。我原来的证书名叫做MyServerCert,此处创建的证书名为MyServerCert2,但是是来自MyServerCert的一个备份,还是报错。
相关文章推荐
- SQL SERVER实践应用--TED透明数据加密及性能测试(转)
- SQL SERVER实践应用--TED透明数据加密及性能测试
- SQL Server 2008中的代码安全(八) 透明数据加密(TDE)
- 在SQL Server 2008中执行透明数据加密
- SQL Server 2008 安全性——透明数据加密(TDE)
- SQL Server 2008的透明数据加密[转]
- SQL Server 安全篇——SQL Server加密(3)——透明数据加密(TDE)
- SQL Server 2008的透明数据加密
- 第九篇 SQL Server安全透明数据加密
- SQL Server 2008的透明数据加密
- SQL Server 2005单元级加密和SQL Server 2008 透明数据加密
- SQL Server 2005单元级加密和SQL Server 2008 透明数据加密
- SQL Server 2008透明数据加密
- 在SQL Server 2008中执行透明数据加密(转自IT专家网)
- SQL Server安全(9/11):透明数据加密(Transparent Data Encryption)
- SQL Server 2005单元级加密和SQL Server 2008 透明数据加密
- SQL Server 2008 安全性——透明数据加密(TDE)【转】
- Oracle 10g R2 Transparent Data Encryption 透明数据加密
- 透明数据加密(TDE)库的备份和还原
- 利用ORACLE WALLET实现透明数据加密