SQL Server中加密是層級(jí)的，每一個(gè)上層為下提供保護(hù)。如圖：

實(shí)例：
/**
SMK(Service Master Key)在SQL Server安裝時(shí)生成,由Windows DPAPI(Data Protection API)提供保護(hù)
**/

/**創(chuàng)建數(shù)據(jù)庫(kù)級(jí)別DMK(Database Master Key),受SMK保護(hù)**/
create master key encryption by password=N'Passw0rd'
go

/**數(shù)據(jù)庫(kù)內(nèi)的加密對(duì)象受DMK保護(hù)
支持的對(duì)稱加密算法:DES | TRIPLE_DES | TRIPLE_DES_3KEY | RC2 | RC4 | RC4_128| DESX | AES_128 | AES_192 | AES_256
非對(duì)稱加密算法：RSA_512 | RSA_1024 | RSA_2048
注意避免使用RC,DESX類算法,2014之后會(huì)刪除此功能
**/

--1.創(chuàng)建非對(duì)稱密鑰.

create asymmetric key asyc_key_enc 
with algorithm=RSA_1024 
encryption by password=N'Pass@word' 
go

--2.創(chuàng)建對(duì)稱密鑰.

create symmetric key symc_key_enc 
with algorithm=Triple_DES 
encryption by password=N'Pass@word' 
go

--3.創(chuàng)建證書(shū).證書(shū)也可被其它方式保護(hù)

create certificate cert_ENC 
with subject='certificate for ENC',expiry_date='20990101' 
go
 

--4.對(duì)稱密鑰可由以上三種方式提供加密保護(hù)

--4.1 由非對(duì)稱密鑰加密

create symmetric key symc_key_enc_byAsyc 
with algorithm=AES_128 
encryption by asymmetric key asyc_key_enc 
go
 

--4.2 由對(duì)稱密鑰加密

open symmetric key symc_key_enc 
decryption by password=N'
Pass@word'; 
create symmetric key symc_key_enc_bySymc 
with algorithm = DES 
encryption by symmetric key symc_key_enc 
go

--4.3 由證書(shū)加密

create symmetric key symc_key_enc_byCert 
with algorithm =AES_128 
encryption by certificate cert_ENC 
go

/**列級(jí)數(shù)據(jù)加密和解密.MSSQL提供以下4對(duì)加密/解密函數(shù)對(duì)列數(shù)據(jù)加密
EncryptByCert() 和DecryptByCert()—利用證書(shū)對(duì)數(shù)據(jù)進(jìn)行加密和解密
EncryptByAsymKey() and DecryptByAsymKey()—利用非對(duì)稱密鑰對(duì)數(shù)據(jù)進(jìn)行加密和解密
EncryptByKey() and DecryptByKey()—利用對(duì)稱密鑰對(duì)數(shù)據(jù)進(jìn)行加密和解密
EncryptByPassphrase() and DecryptByPassphrase()—利用密碼字段產(chǎn)生對(duì)稱密鑰對(duì)數(shù)據(jù)進(jìn)行加密和解密
注意:被加密和解密的數(shù)據(jù),必需是varbinary類型
**/

--以ENCRYPTBYKEY為例，其它的大同小異

--對(duì)***號(hào)IDN進(jìn)行加密和解密

create table tb(IDN int,Name varchar(20)); 
insert into tb 
values (123456789,'BigBrother'),(090807001,'SpiderMan'),(336655789,'SuperMan') 
go

--新增列Ency_IDN存儲(chǔ)加密數(shù)據(jù),使用之前由非對(duì)稱密鑰加密的對(duì)稱密鑰symc_key_enc_byAsyc來(lái)加密數(shù)據(jù)

alter table tb add Ency_IDN varbinary(128); 
go 
open symmetric key symc_key_enc_byAsyc 
decryption by asymmetric key asyc_key_enc 
with password=N'
Pass@word'; 
update tb 
set Ency_IDN=ENCRYPTBYKEY(KEY_GUID('symc_key_enc_byAsyc'),CONVERT(Varbinary,IDN));--加密前要轉(zhuǎn)成varbinary 
close symmetric key symc_key_enc_byAsyc --顯式關(guān)閉對(duì)稱密鑰 
go
 

--解密被加密的列數(shù)據(jù)

open symmetric key symc_key_enc_byAsyc 
decryption by asymmetric key asyc_key_enc 
with password=N'
Pass@word'; 
select IDN,Ency_IDN,convert(int,DECRYPTBYKEY(Ency_IDN))as Decr_IDN 
from tb; 
close symmetric key symc_key_enc_byAsyc --顯式關(guān)閉對(duì)稱密鑰 
go
1
<br>

以上就是本文的全部?jī)?nèi)容，希望對(duì)大家的學(xué)習(xí)有所幫助。

版權(quán)聲明：本站文章來(lái)源標(biāo)注為YINGSOO的內(nèi)容版權(quán)均為本站所有，歡迎引用、轉(zhuǎn)載，請(qǐng)保持原文完整并注明來(lái)源及原文鏈接。禁止復(fù)制或仿造本網(wǎng)站，禁止在非www.sddonglingsh.com所屬的服務(wù)器上建立鏡像，否則將依法追究法律責(zé)任。本站部分內(nèi)容來(lái)源于網(wǎng)友推薦、互聯(lián)網(wǎng)收集整理而來(lái)，僅供學(xué)習(xí)參考，不代表本站立場(chǎng)，如有內(nèi)容涉嫌侵權(quán)，請(qǐng)聯(lián)系alex-e#qq.com處理。