859
Chapter 34: Data Encryption
34
SQL Server supports RSA_512, RSA_1024, and RSA_2048 as possible asymmetric algo-
rithms. The difference is the bit length of the private key.RSA is an algorithm for public-key cryptography. It is the fi rst algorithm known to be suit-
able for signing as well as encryption, and one of the fi rst great advances in public key
cryptography. Until recently, RSA had not been compromised. In most cases it is still con-
sidered secure.Asymmetric keys can also be generated from existing key fi les:CREATE ASYMMETRIC KEY GymMembershipKey
FROM FILE = ' C:\SQLServerBible2012\ GymMembershipKey.key'
ENCRYPTION BY PASSWORD = 'P@s$w0rD';Encrypting and decrypting data with an asymmetric key is similar to using symmetric keys
except that the key doesn’t need to be open to be used.Using Certifi cates
Certifi cates are typically used to encrypt data over the web for HTTPS endpoints. SQL
Server includes certifi cates as they fi t into some companies' security standards. Certifi cates
are typically obtained from a certifi cate authority.To obtain a certifi cate from a certifi cate authority, you must contact them and provide
information proving your identity. The information usually includes proof of a business
license and proof of ownership of the domain. The most common certifi cate authorities
include Thawte, VeriSign, and GoDaddy.Summary
Data encryption can provide another level of security beyond authentication. It converts
normal data that can be understood to data that cannot be understood. In this way, the
wrong parties cannot use the data. SQL Server 2012 gives you many options for data
encryption and makes it easy to use.The next chapter continues the discussion of security. It talks about row level security,
which is another necessary tool to keep data safe.c34.indd 859c34.indd 859 7/31/2012 10:01:47 AM7/31/2012 10:01:47 AM
http://www.it-ebooks.info