|
|
Posted by Erland Sommarskog on 04/27/06 00:57
rcamarda (rcamarda@cablespeed.com) writes:
> What I want:
> 1. our social security field to be encrypted so that only the person(s)
> that need it can decrypt it.
> 2. prevent DBA's from decrypting the data themselfs
> 3. Simple way to encrypt the data on the table (maybe a trigger?)
Nothing is simple when it comes to encryption. For starters, I hope that
you are perfectly aware of that if you encrypt the SSN, you cannot
use it to find a person, at least not effeciently?
> I thought I would use asymmetric keys, this way I can embed the public
> key into my data warehouse process to encrypt the data.
> I thought I would prompt the user for the private key when the report
> runs, that way I wont store the key on the server.
Cryptography is not my best game, but I thought you needed the private
key to encrypt something?
And I as I understand the topic for CREATE ASYMMETRIC KEY, you always
create or load a key-pair into the database.
I think what you should prompt the user for is the password to the
key. And the user will have to specify the password to encrypt the
data as well. At least, that is my understanding of it. But as I said,
I don't know cryptography too well.
--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
Navigation:
[Reply to this message]
|