SQL Server Forums - Encryption in SQL server

Home | Weblogs | Forums | SQL Server Links

Active Forum Topics | Popular Articles | All Articles by Tag | SQL Server Books | About

SQL Server Forums

Register Now and get your question answered!

Username:	Password:
Save Password
Forgot your Password?

All Forums

General SQL Server Forums

New to SQL Server Programming

Encryption in SQL server

New Topic

Reply to Topic

Printer Friendly

Author

Topic

winman
Starting Member

26 Posts

Posted - 02/09/2013 : 04:31:32

I was serching about encryption in SQL and got one nice article.(http://blog.sqlauthority.com/2009/04/28/sql-server-introduction-to-sql-server-encryption-and-symmetric-key-encryption-tutorial-with-script/#comment-419795).

In this article the Symmetric Key and Triple DES encryption is used.But if i go to SSMS then i can see 'EncryptTestCert'(certificate used in this article) can be easily found in certificate folder and 'TestTable'(symmetric key) can be found in symmetric keys folder in SSMS under that database. So anyone who can login to SSMS can easily decrypt database by using it. So how it can be prevented? Also any other methods?

chadmat
The Chadinator

USA
1953 Posts

Posted - 03/09/2013 : 18:43:03

From BOL:

The caller must have some permission on the key and must not have been denied VIEW DEFINITION permission on the key. Additional requirements vary, depending on the decryption mechanism:
•
DECRYPTION BY CERTIFICATE: CONTROL permission on the certificate and knowledge of the password that encrypts its private key.

•
DECRYPTION BY ASYMMETRIC KEY: CONTROL permission on the asymmetric key and knowledge of the password that encrypts its private key.

•
DECRYPTION BY PASSWORD: knowledge of one of the passwords that is used to encrypt the symmetric key.

-Chad

Topic

New Topic

Reply to Topic

Printer Friendly

Jump To:

SQL Server Forums

This page was generated in 0.05 seconds.