回答
SQL服务器已经支持strong encryption列的,为什么不用呢?
下面有一些RijndaelManaged善良。我的是在VB,但在底部的参考链接是在C#
Imports System
Imports System.IO
Imports System.Security.Cryptography
Namespace Security
Public Class Encryption
Public Shared Function Encrypt(ByVal plainText As String, _
ByVal passPhrase As String, _
ByVal saltValue As String, _
ByVal hashAlgorithm As String, _
ByVal passwordIterations As Integer, _
ByVal initVector As String, _
ByVal keySize As Integer) _
As String
' Convert strings into byte arrays.
' Let us assume that strings only contain ASCII codes.
' If strings include Unicode characters, use Unicode, UTF7, or UTF8
' encoding.
Dim initVectorBytes As Byte()
initVectorBytes = Encoding.ASCII.GetBytes(initVector)
Dim saltValueBytes As Byte()
saltValueBytes = Encoding.ASCII.GetBytes(saltValue)
' Convert our plaintext into a byte array.
' Let us assume that plaintext contains UTF8-encoded characters.
Dim plainTextBytes As Byte()
plainTextBytes = Encoding.UTF8.GetBytes(plainText)
' First, we must create a password, from which the key will be derived.
' This password will be generated from the specified passphrase and
' salt value. The password will be created using the specified hash
' algorithm. Password creation can be done in several iterations.
Dim password As PasswordDeriveBytes
password = New PasswordDeriveBytes(passPhrase, _
saltValueBytes, _
hashAlgorithm, _
passwordIterations)
' Use the password to generate pseudo-random bytes for the encryption
' key. Specify the size of the key in bytes (instead of bits).
Dim keyBytes As Byte()
keyBytes = password.GetBytes(keySize/8)
' Create uninitialized Rijndael encryption object.
Dim symmetricKey As RijndaelManaged
symmetricKey = New RijndaelManaged()
' It is reasonable to set encryption mode to Cipher Block Chaining
' (CBC). Use default options for other symmetric key parameters.
symmetricKey.Mode = CipherMode.CBC
' Generate encryptor from the existing key bytes and initialization
' vector. Key size will be defined based on the number of the key
' bytes.
Dim encryptor As ICryptoTransform
encryptor = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes)
' Define memory stream which will be used to hold encrypted data.
Dim memoryStream As MemoryStream
memoryStream = New MemoryStream()
' Define cryptographic stream (always use Write mode for encryption).
Dim cryptoStream As CryptoStream
cryptoStream = New CryptoStream(memoryStream, _
encryptor, _
CryptoStreamMode.Write)
' Start encrypting.
cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length)
' Finish encrypting.
cryptoStream.FlushFinalBlock()
' Convert our encrypted data from a memory stream into a byte array.
Dim cipherTextBytes As Byte()
cipherTextBytes = memoryStream.ToArray()
' Close both streams.
memoryStream.Close()
cryptoStream.Close()
' Convert encrypted data into a base64-encoded string.
Dim cipherText As String
cipherText = Convert.ToBase64String(cipherTextBytes)
' Return encrypted string.
Encrypt = cipherText
End Function
' <summary>
' Decrypts specified ciphertext using Rijndael symmetric key algorithm.
' </summary>
' <param name="cipherText">
' Base64-formatted ciphertext value.
' </param>
' <param name="passPhrase">
' Passphrase from which a pseudo-random password will be derived. The
' derived password will be used to generate the encryption key.
' Passphrase can be any string. In this example we assume that this
' passphrase is an ASCII string.
' </param>
' <param name="saltValue">
' Salt value used along with passphrase to generate password. Salt can
' be any string. In this example we assume that salt is an ASCII string.
' </param>
' <param name="hashAlgorithm">
' Hash algorithm used to generate password. Allowed values are: "MD5" and
' "SHA1". SHA1 hashes are a bit slower, but more secure than MD5 hashes.
' </param>
' <param name="passwordIterations">
' Number of iterations used to generate password. One or two iterations
' should be enough.
' </param>
' <param name="initVector">
' Initialization vector (or IV). This value is required to encrypt the
' first block of plaintext data. For RijndaelManaged class IV must be
' exactly 16 ASCII characters long.
' </param>
' <param name="keySize">
' Size of encryption key in bits. Allowed values are: 128, 192, and 256.
' Longer keys are more secure than shorter keys.
' </param>
' <returns>
' Decrypted string value.
' </returns>
' <remarks>
' Most of the logic in this function is similar to the Encrypt
' logic. In order for decryption to work, all parameters of this function
' - except cipherText value - must match the corresponding parameters of
' the Encrypt function which was called to generate the
' ciphertext.
' </remarks>
Public Shared Function Decrypt(ByVal cipherText As String, _
ByVal passPhrase As String, _
ByVal saltValue As String, _
ByVal hashAlgorithm As String, _
ByVal passwordIterations As Integer, _
ByVal initVector As String, _
ByVal keySize As Integer) _
As String
' Convert strings defining encryption key characteristics into byte
' arrays. Let us assume that strings only contain ASCII codes.
' If strings include Unicode characters, use Unicode, UTF7, or UTF8
' encoding.
Dim initVectorBytes As Byte()
initVectorBytes = Encoding.ASCII.GetBytes(initVector)
Dim saltValueBytes As Byte()
saltValueBytes = Encoding.ASCII.GetBytes(saltValue)
' Convert our ciphertext into a byte array.
Dim cipherTextBytes As Byte()
cipherTextBytes = Convert.FromBase64String(cipherText)
' First, we must create a password, from which the key will be
' derived. This password will be generated from the specified
' passphrase and salt value. The password will be created using
' the specified hash algorithm. Password creation can be done in
' several iterations.
Dim password As PasswordDeriveBytes
password = New PasswordDeriveBytes(passPhrase, _
saltValueBytes, _
hashAlgorithm, _
passwordIterations)
' Use the password to generate pseudo-random bytes for the encryption
' key. Specify the size of the key in bytes (instead of bits).
Dim keyBytes As Byte()
keyBytes = password.GetBytes(keySize/8)
' Create uninitialized Rijndael encryption object.
Dim symmetricKey As RijndaelManaged
symmetricKey = New RijndaelManaged()
' It is reasonable to set encryption mode to Cipher Block Chaining
' (CBC). Use default options for other symmetric key parameters.
symmetricKey.Mode = CipherMode.CBC
' Generate decryptor from the existing key bytes and initialization
' vector. Key size will be defined based on the number of the key
' bytes.
Dim decryptor As ICryptoTransform
decryptor = symmetricKey.CreateDecryptor(keyBytes, initVectorBytes)
' Define memory stream which will be used to hold encrypted data.
Dim memoryStream As MemoryStream
memoryStream = New MemoryStream(cipherTextBytes)
' Define memory stream which will be used to hold encrypted data.
Dim cryptoStream As CryptoStream
cryptoStream = New CryptoStream(memoryStream, _
decryptor, _
CryptoStreamMode.Read)
' Since at this point we don't know what the size of decrypted data
' will be, allocate the buffer long enough to hold ciphertext;
' plaintext is never longer than ciphertext.
Dim plainTextBytes As Byte()
ReDim plainTextBytes(cipherTextBytes.Length)
' Start decrypting.
Dim decryptedByteCount As Integer
decryptedByteCount = cryptoStream.Read(plainTextBytes, _
0, _
plainTextBytes.Length)
' Close both streams.
memoryStream.Close()
cryptoStream.Close()
' Convert decrypted data into a string.
' Let us assume that the original plaintext string was UTF8-encoded.
Dim plainText As String
plainText = Encoding.UTF8.GetString(plainTextBytes, _
0, _
decryptedByteCount)
' Return decrypted string.
Decrypt = plainText
End Function
End Class
End Namespace
I didn't write it,我却用它......作品真的很好。
-1为建议推出自己的和忽略所有重要的'细节',如密钥管理。 – 2010-06-17 15:40:13
使用Transparent Database Encryption因为,顾名思义,是透明的应用,绝对需要0的变化。您只需打开一键加密:ALTER DATABASE ... SET ENCRYPTION ON;
。密钥管理是您可以获得的最简单可能的密钥管理,并且可以防止数据库意外丢失媒体。加密会继续执行所有备份,因此意外丢失备份文件也会保护内容。
我认为这只适用于企业版($$$) – pm100 2010-06-17 17:06:27
而在数据库加密是好的(和必要保护的备份和硬盘驱动器的物理攻击或者在操作系统的攻击),因为您的应用程序来收集数据并将其发送到数据库,您需要至少要考虑你的应用程序的几个方面:
使用SSL来保护Web浏览器数据到您的网站(几乎可以肯定是必要的)
Encrypt your connections from the application to the database(如果你在同一机器上运行可能没有必要或者如果您的服务器的通信相对受控)
确保您的应用程序不容易暴露数据 - 无论是通过设计还是实施缺陷或注入攻击。
请记住,如果你的应用程序需要的数据显示到客户端,那么数据库将会返回到应用程序,然后在某个时候用户。如果应用程序损坏,则无论数据在存储器中以及从浏览器到应用程序和应用程序到数据库的通道中加密,数据都可能泄漏出去。
的数据库列内自己加密数据几乎总是毫无意义的,因为你的应用程序必须对数据进行解密,然后才能使用它 - 数据库可以做很少用它。然后你的应用需要有一些密钥管理。
- 1. 数据库加密
- 2. 加密/解密数据到数据库
- 3. 解密数据从数据库表加密的CryptProtectData在VB.net
- 4. SQLite数据库加密C#?
- 5. 加密MonetDB数据库
- 6. Android数据库加密
- 7. 数据库加密问题
- 8. 加密在MySQL数据库
- 9. 加密领域数据库
- 10. 加密的SQL数据库?
- 11. 数据库加密 - php/mysql
- 12. 加密整个数据库
- 13. MongoDB数据库加密
- 14. 加密访问数据库
- 15. 加密数据库内容
- 16. 数据库加密问题
- 17. 加密数据库字段
- 18. 数据库加密和数据库解密使用C#代码
- 19. 加密或部分加密核心数据数据库?
- 20. Prestashop - 如何加密数据库密码?
- 21. 加密数据库上的密码
- 22. 支持加密的免费嵌入式数据库(.NET)
- 23. .net数据加密?使用哪些类?
- 24. SQLite3数据库加密 - 确定加密库?
- 25. SQL服务器 - 加密数据库中的表的列数据
- 26. 加密表单数据MD5
- 27. 有效加密/解密数据列表
- 28. 如何加密/解密SQLite数据库中的数据?
- 29. 加密和解密数据库中的所有数据
- 30. 加密/解密数据是数据库第一实体框架
为了避免你的问题被关闭,你应该以问题的形式给他们加上短语。 – 2010-06-17 15:18:30
客户想要什么?加密数据将使任何分析变得不可能(即无用功能)。加密光盘上的数据是sql server无需编程(配置)即可完成的。另外:升级到RECENT数据库 - 2008 R2。 2055年真的很老。 – TomTom 2010-06-17 15:21:12