I've played with various configurations of the MS SQL Server encryption functionality, and come across an embarrassingly easy question that I cannot seem to resolve. How do I retrieve the actual symmetric and asymmetric keys out of the database?
I'd like to explore the possibility of off-loading the encryption/decryption work from the database server to a load-balanced pool of servers. For this model to work the pool would need access to the keys. The symmetric keys currently are generated with the command...
create symmetric key EncryptionKey211
with algorithm = AES_256
ENCRYPTION BY certificate CreditCardCert
Am I missing something obvious here?
Laurentiu wrote an article in his blog that probably can help you:
http://blogs.msdn.com/lcris/archive/2006/07/06/658364.aspx
Please let us know if it helped and/or if you have further questions.
Thanks,
-Raul Garcia
SDE/T
SQL Server Engine
|||Thanks Raul, the link addressed the question quite well. Actually, better than that, because it clarified you cannot retreive the key values from the database for Symmetric or Asymmetric keys... an issue we had had some concerns with.|||We don’t support backup/load of symmetric keys in SQL Server 2005. If you want to encrypt data both within and outside SQL Server, I would recommend considering using a CLR module.
Let us know if you have further question or if you have any feedback on this feature; we appreciate all your comments.
Thanks a lot,
-Raul Garcia
SDE/T
SQL server Engine
sql
No comments:
Post a Comment