.net加密数据库表

Question

我正在为网站提供一个模块，该模块将收集用户的信息并进行适当的计算。客户希望从用户收集的任何数据都被加密。我们使用SQL Express 2005作为数据库。

在此先感谢。

Answer 1

SQL服务器已经支持strong encryption列的，为什么不用呢？

Answer 2

下面有一些RijndaelManaged善良。我的是在VB，但在底部的参考链接是在C＃

Imports System 
Imports System.IO 
Imports System.Security.Cryptography 

Namespace Security 
    Public Class Encryption 
     Public Shared Function Encrypt(ByVal plainText As String, _ 
              ByVal passPhrase As String, _ 
              ByVal saltValue As String, _ 
              ByVal hashAlgorithm As String, _ 
              ByVal passwordIterations As Integer, _ 
              ByVal initVector As String, _ 
              ByVal keySize As Integer) _ 
            As String 

      ' Convert strings into byte arrays. 
      ' Let us assume that strings only contain ASCII codes. 
      ' If strings include Unicode characters, use Unicode, UTF7, or UTF8 
      ' encoding. 
      Dim initVectorBytes As Byte() 
      initVectorBytes = Encoding.ASCII.GetBytes(initVector) 

      Dim saltValueBytes As Byte() 
      saltValueBytes = Encoding.ASCII.GetBytes(saltValue) 

      ' Convert our plaintext into a byte array. 
      ' Let us assume that plaintext contains UTF8-encoded characters. 
      Dim plainTextBytes As Byte() 
      plainTextBytes = Encoding.UTF8.GetBytes(plainText) 

      ' First, we must create a password, from which the key will be derived. 
      ' This password will be generated from the specified passphrase and 
      ' salt value. The password will be created using the specified hash 
      ' algorithm. Password creation can be done in several iterations. 
      Dim password As PasswordDeriveBytes 
      password = New PasswordDeriveBytes(passPhrase, _ 
               saltValueBytes, _ 
               hashAlgorithm, _ 
               passwordIterations) 

      ' Use the password to generate pseudo-random bytes for the encryption 
      ' key. Specify the size of the key in bytes (instead of bits). 
      Dim keyBytes As Byte() 
      keyBytes = password.GetBytes(keySize/8) 

      ' Create uninitialized Rijndael encryption object. 
      Dim symmetricKey As RijndaelManaged 
      symmetricKey = New RijndaelManaged() 

      ' It is reasonable to set encryption mode to Cipher Block Chaining 
      ' (CBC). Use default options for other symmetric key parameters. 
      symmetricKey.Mode = CipherMode.CBC 

      ' Generate encryptor from the existing key bytes and initialization 
      ' vector. Key size will be defined based on the number of the key 
      ' bytes. 
      Dim encryptor As ICryptoTransform 
      encryptor = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes) 

      ' Define memory stream which will be used to hold encrypted data. 
      Dim memoryStream As MemoryStream 
      memoryStream = New MemoryStream() 

      ' Define cryptographic stream (always use Write mode for encryption). 
      Dim cryptoStream As CryptoStream 
      cryptoStream = New CryptoStream(memoryStream, _ 
              encryptor, _ 
              CryptoStreamMode.Write) 
      ' Start encrypting. 
      cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length) 

      ' Finish encrypting. 
      cryptoStream.FlushFinalBlock() 

      ' Convert our encrypted data from a memory stream into a byte array. 
      Dim cipherTextBytes As Byte() 
      cipherTextBytes = memoryStream.ToArray() 

      ' Close both streams. 
      memoryStream.Close() 
      cryptoStream.Close() 

      ' Convert encrypted data into a base64-encoded string. 
      Dim cipherText As String 
      cipherText = Convert.ToBase64String(cipherTextBytes) 

      ' Return encrypted string. 
      Encrypt = cipherText 
     End Function 

     ' <summary> 
     ' Decrypts specified ciphertext using Rijndael symmetric key algorithm. 
     ' </summary> 
     ' <param name="cipherText"> 
     ' Base64-formatted ciphertext value. 
     ' </param> 
     ' <param name="passPhrase"> 
     ' Passphrase from which a pseudo-random password will be derived. The 
     ' derived password will be used to generate the encryption key. 
     ' Passphrase can be any string. In this example we assume that this 
     ' passphrase is an ASCII string. 
     ' </param> 
     ' <param name="saltValue"> 
     ' Salt value used along with passphrase to generate password. Salt can 
     ' be any string. In this example we assume that salt is an ASCII string. 
     ' </param> 
     ' <param name="hashAlgorithm"> 
     ' Hash algorithm used to generate password. Allowed values are: "MD5" and 
     ' "SHA1". SHA1 hashes are a bit slower, but more secure than MD5 hashes. 
     ' </param> 
     ' <param name="passwordIterations"> 
     ' Number of iterations used to generate password. One or two iterations 
     ' should be enough. 
     ' </param> 
     ' <param name="initVector"> 
     ' Initialization vector (or IV). This value is required to encrypt the 
     ' first block of plaintext data. For RijndaelManaged class IV must be 
     ' exactly 16 ASCII characters long. 
     ' </param> 
     ' <param name="keySize"> 
     ' Size of encryption key in bits. Allowed values are: 128, 192, and 256. 
     ' Longer keys are more secure than shorter keys. 
     ' </param> 
     ' <returns> 
     ' Decrypted string value. 
     ' </returns> 
     ' <remarks> 
     ' Most of the logic in this function is similar to the Encrypt 
     ' logic. In order for decryption to work, all parameters of this function 
     ' - except cipherText value - must match the corresponding parameters of 
     ' the Encrypt function which was called to generate the 
     ' ciphertext. 
     ' </remarks> 
     Public Shared Function Decrypt(ByVal cipherText As String, _ 
             ByVal passPhrase As String, _ 
             ByVal saltValue As String, _ 
             ByVal hashAlgorithm As String, _ 
             ByVal passwordIterations As Integer, _ 
             ByVal initVector As String, _ 
             ByVal keySize As Integer) _ 
           As String 

      ' Convert strings defining encryption key characteristics into byte 
      ' arrays. Let us assume that strings only contain ASCII codes. 
      ' If strings include Unicode characters, use Unicode, UTF7, or UTF8 
      ' encoding. 
      Dim initVectorBytes As Byte() 
      initVectorBytes = Encoding.ASCII.GetBytes(initVector) 

      Dim saltValueBytes As Byte() 
      saltValueBytes = Encoding.ASCII.GetBytes(saltValue) 

      ' Convert our ciphertext into a byte array. 
      Dim cipherTextBytes As Byte() 
      cipherTextBytes = Convert.FromBase64String(cipherText) 

      ' First, we must create a password, from which the key will be 
      ' derived. This password will be generated from the specified 
      ' passphrase and salt value. The password will be created using 
      ' the specified hash algorithm. Password creation can be done in 
      ' several iterations. 
      Dim password As PasswordDeriveBytes 
      password = New PasswordDeriveBytes(passPhrase, _ 
               saltValueBytes, _ 
               hashAlgorithm, _ 
               passwordIterations) 

      ' Use the password to generate pseudo-random bytes for the encryption 
      ' key. Specify the size of the key in bytes (instead of bits). 
      Dim keyBytes As Byte() 
      keyBytes = password.GetBytes(keySize/8) 

      ' Create uninitialized Rijndael encryption object. 
      Dim symmetricKey As RijndaelManaged 
      symmetricKey = New RijndaelManaged() 

      ' It is reasonable to set encryption mode to Cipher Block Chaining 
      ' (CBC). Use default options for other symmetric key parameters. 
      symmetricKey.Mode = CipherMode.CBC 

      ' Generate decryptor from the existing key bytes and initialization 
      ' vector. Key size will be defined based on the number of the key 
      ' bytes. 
      Dim decryptor As ICryptoTransform 
      decryptor = symmetricKey.CreateDecryptor(keyBytes, initVectorBytes) 

      ' Define memory stream which will be used to hold encrypted data. 
      Dim memoryStream As MemoryStream 
      memoryStream = New MemoryStream(cipherTextBytes) 

      ' Define memory stream which will be used to hold encrypted data. 
      Dim cryptoStream As CryptoStream 
      cryptoStream = New CryptoStream(memoryStream, _ 
              decryptor, _ 
              CryptoStreamMode.Read) 

      ' Since at this point we don't know what the size of decrypted data 
      ' will be, allocate the buffer long enough to hold ciphertext; 
      ' plaintext is never longer than ciphertext. 
      Dim plainTextBytes As Byte() 
      ReDim plainTextBytes(cipherTextBytes.Length) 

      ' Start decrypting. 
      Dim decryptedByteCount As Integer 
      decryptedByteCount = cryptoStream.Read(plainTextBytes, _ 
                0, _ 
                plainTextBytes.Length) 

      ' Close both streams. 
      memoryStream.Close() 
      cryptoStream.Close() 

      ' Convert decrypted data into a string. 
      ' Let us assume that the original plaintext string was UTF8-encoded. 
      Dim plainText As String 
      plainText = Encoding.UTF8.GetString(plainTextBytes, _ 
               0, _ 
               decryptedByteCount) 

      ' Return decrypted string. 
      Decrypt = plainText 
     End Function 
    End Class 

End Namespace 

I didn't write it，我却用它......作品真的很好。

Answer 3

使用Transparent Database Encryption因为，顾名思义，是透明的应用，绝对需要0的变化。您只需打开一键加密：ALTER DATABASE ... SET ENCRYPTION ON;。密钥管理是您可以获得的最简单可能的密钥管理，并且可以防止数据库意外丢失媒体。加密会继续执行所有备份，因此意外丢失备份文件也会保护内容。

Answer 4

而在数据库加密是好的（和必要保护的备份和硬盘驱动器的物理攻击或者在操作系统的攻击），因为您的应用程序来收集数据并将其发送到数据库，您需要至少要考虑你的应用程序的几个方面：

使用SSL来保护Web浏览器数据到您的网站（几乎可以肯定是必要的）

Encrypt your connections from the application to the database（如果你在同一机器上运行可能没有必要或者如果您的服务器的通信相对受控）

确保您的应用程序不容易暴露数据 - 无论是通过设计还是实施缺陷或注入攻击。

请记住，如果你的应用程序需要的数据显示到客户端，那么数据库将会返回到应用程序，然后在某个时候用户。如果应用程序损坏，则无论数据在存储器中以及从浏览器到应用程序和应用程序到数据库的通道中加密，数据都可能泄漏出去。

的数据库列内自己加密数据几乎总是毫无意义的，因为你的应用程序必须对数据进行解密，然后才能使用它 - 数据库可以做很少用它。然后你的应用需要有一些密钥管理。