2014年8月28日 星期四

SQL 2008 資料加密

SQL 2008 資料加密
以下範例建立一個具有儲存加密,讀取解密的資料表

參考網址:
http://dotnetframework.blogspot.tw/2011/01/blog-post.html
http://www.dotblogs.com.tw/dc690216/archive/2009/09/10/10559.aspx


1.建立非對稱金鑰。指定name=mykey, pwd=p@ssw0rd
  1. CREATE ASYMMETRIC KEY mykey
  2.     WITH ALGORITHM = RSA_2048
  3.     ENCRYPTION BY PASSWORD = 'p@ssw0rd';
  4. GO

2.查詢第1步驟所建立的key是否成功。
  1. select * from sys.asymmetric_keys

3.建立測試資料表

4.建立新增、更新、刪除資料表的預存程序。

  1. USE [EIP_new]
  2. GO
  3.  
  4. SET ANSI_NULLS ON
  5. GO
  6.  
  7. SET QUOTED_IDENTIFIER ON
  8. GO
  9.  
  10. CREATE PROCEDURE [dbo].[sp_BPM_Modify_t_BPM_Seal_type_E]
  11.  
  12.  @action_type    NCHAR(1) = '' ,
  13.  @id    INT = 0,
  14.  @username        NVARCHAR(50) = '',
  15.  @uid   NVARCHAR(10) = '',
  16.  @pwd   NVARCHAR(30) = '',
  17.  @sort   INT = 0,
  18.  @cdt   DateTime
  19. AS
  20. BEGIN
  21.  
  22.  SET NOCOUNT ON;
  23.  
  24.     --傳入資料檢核
  25.  IF (@action_type NOT IN ('A','D','U'))
  26.  BEGIN
  27.   DECLARE @DBID INT;
  28.   SET @DBID = DB_ID();
  29.   DECLARE @DBNAME NVARCHAR(128);
  30.   SET @DBNAME = DB_NAME();
  31.   RAISERROR
  32.   (N'資料庫 ID:%d, 資料庫名稱: %s。 錯誤訊息:傳入的Action_Mode,必須是 A, U, D 其中一種',
  33.   10, -- Severity.
  34.   1, -- State.
  35.   @DBID, -- First substitution argument.
  36.   @DBNAME); -- Second substitution argument.
  37.  END
  38.  
  39.  --宣告加密用變數
  40.  DECLARE
  41.   @encryp_uid NVARCHAR(max),
  42.   @encryp_pwd NVARCHAR(max),
  43.   @encryp_sort NVARCHAR(max)
  44.  
  45.  --SET @encryp_uid = ENCRYPTBYASYMKEY(ASYMKEY_ID('mykey'),@uid)
  46.  SET @encryp_uid = ENCRYPTBYASYMKEY(ASYMKEY_ID('mykey'),CONVERT(nvarchar(max), @uid))
  47.  --SET @encryp_pwd = ENCRYPTBYASYMKEY(ASYMKEY_ID('mykey'),@pwd)
  48.  SET @encryp_pwd = ENCRYPTBYASYMKEY(ASYMKEY_ID('mykey'),CONVERT(nvarchar(max), @pwd))
  49.  SET @encryp_sort = ENCRYPTBYASYMKEY(ASYMKEY_ID('mykey'),CONVERT(NVARCHAR(10),@sort))
  50.  
  51.  SET @encryp_uid = ENCRYPTBYASYMKEY(ASYMKEY_ID('mykey'),CONVERT(nvarchar(max), @uid))
  52.  
  53.  
  54.  --插入
  55.  IF (@action_type = 'A')
  56.  BEGIN
  57.   INSERT INTO t_BPM_Seal_type_E
  58.         (
  59.   username ,
  60.         [uid] ,
  61.         pwd ,
  62.         sort ,
  63.         cdt
  64.         )
  65.         VALUES
  66.         (          
  67.      @username,
  68.   @encryp_uid,
  69.         @encryp_pwd,
  70.         @encryp_sort,
  71.   @cdt
  72.         )
  73.  END
  74.  
  75.  --更新
  76.  IF (@action_type = 'U')
  77.  BEGIN
  78.   UPDATE t_BPM_Seal_type_E
  79.   SET username=@username,
  80.    [uid]=@encryp_uid,
  81.    pwd=@encryp_pwd,
  82.    cdt=@cdt
  83.   WHERE id=@id
  84.  END
  85.  
  86.  --刪除
  87.  IF (@action_type = 'D')
  88.  BEGIN
  89.   DELETE t_BPM_Seal_type_E
  90.   WHERE id=@id
  91.  END
  92.  
  93. END
  94. GO

5.建立檢視資料表,用來讀取被加密的資料表
  1. CREATE VIEW [dbo].[v_BPM_Seal_type_E]
  2. AS
  3. SELECT     id, username, CONVERT(NVARCHAR(50), DECRYPTBYASYMKEY(ASYMKEY_ID('mykey'), uid, N'p@ssw0rd')) AS uid, CONVERT(NVARCHAR(50),
  4.                       DECRYPTBYASYMKEY(ASYMKEY_ID('mykey'), pwd, N'p@ssw0rd')) AS pwd, CONVERT(NVARCHAR(50),
  5.                       DECRYPTBYASYMKEY(ASYMKEY_ID('mykey'), sort, N'p@ssw0rd')) AS sort, cdt
  6. FROM         dbo.t_BPM_Seal_type_E

6.最後查詢被加密的資料表。
上面是未解密原資料表,下面是已解密的檢視(使用第5步驟建立的檢視表)




7.直接查詢,不透過檢視表(View)
  1. Select id,
  2. ENCRYPTBYASYMKEY(ASYMKEY_ID('mykey'),
  3. CONVERT(nvarchar(max), username)) as '加密'
  4. From dbo.t_BPM_Seal_type_E
  1. Select  id,
  2. CONVERT(nvarchar(10), DECRYPTBYASYMKEY(ASYMKEY_ID('mykey'), uid, N'p@ssw0rd')) as '解密'
  3. From dbo.t_BPM_Seal_type_E
張貼者:
標籤:

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)