Hello:
Earlier this week, I had posed a question on encryption and certificates. A
very nice person gave me two blogs to read. I appreciated that and it was
very helpful. Now, I just want to make sure that I have the order down pat.
Could someone please review the order of data that I have below and let me
know if I have this right? Especially, please let me know if I am correct in
the order on number 5 and number 6. Thanks!!! Here's my list for your
review:
--create a master key
--create a certificate
--create a symmetric key
--create a stored procedure that encrypts the data with the certificate
--grant the ALTER ANY SYMMETRIC KEY permissions the the user
--create two stored procedures to use the certificate to open the symmetric
key
childofthe1980sHi
Laurentiu's blog gives you everything you need to know about this.
If you want to give a user access to the keys then you can do the following,
this is taken by stripping out the actions for Doc1 in
http://blogs.msdn.com/lcris/archive/2005/12/16/504692.aspx :
Create database master key (if not already done so)
Create certificate to encrypt symmetric key with authorisation to userX
Create symmetric key encrypted by certificate
Grant view definition permissions to view key by userX
Create procedure to open symmetric key and encrypt/decrypt using symmetric key
Grant permissions to execute procedure to userX
If you want to restrict the user to only decrypt or encrypt then you can
sign the procedure with a second certificate see
http://blogs.msdn.com/lcris/archive/2006/01/13/512829.aspx :
Create database master key (if not already done so)
Create first certificate to encrypt symmetric key
Create symmetric key encrypted by first certificate
Create procedure to open symmetric key and encrypt/decrypt using symmetric key
Create second certificate to sign code
Create user mapped to the second certificate
Grant view definition permission to first symmetric key to second certificate
Grant control on first certificate to second certificate
Sign (add signature) the procedure with second certificate
Grant permissions to execute procedure to userX
John
"childofthe1980s" wrote:
> Hello:
> Earlier this week, I had posed a question on encryption and certificates. A
> very nice person gave me two blogs to read. I appreciated that and it was
> very helpful. Now, I just want to make sure that I have the order down pat.
> Could someone please review the order of data that I have below and let me
> know if I have this right? Especially, please let me know if I am correct in
> the order on number 5 and number 6. Thanks!!! Here's my list for your
> review:
> --create a master key
> --create a certificate
> --create a symmetric key
> --create a stored procedure that encrypts the data with the certificate
> --grant the ALTER ANY SYMMETRIC KEY permissions the the user
> --create two stored procedures to use the certificate to open the symmetric
> key
> childofthe1980s
Thursday, March 29, 2012
encryption--the sequel
Labels:
appreciated,
blogs,
certificates,
database,
encryption,
encryption-the,
microsoft,
mysql,
oracle,
posed,
sequel,
server,
sql
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment