加密在SQL Server /解密.NET 4中 [英] Encrypt in SQL Server / Decrypt in .Net 4

问题描述

据我了解，这可能是这个问题的重复：的如何在SQL Server中的数据加密和解密它在.NET应用
- 但这是在一年前问，我希望有可能是进步或事

I understand this might be a repeat of this question: How to encrypt data in sql server and decrypt it in .net apps - But this was asked almost a year ago and I'm hoping there might have been advancements or something.

反正，我们有从一个位置FTPS文件到另一个，显然在FTP简档需要密码的应用程序。我们有一个的配置文件的所有详细信息的数据库，但我们需要的密码进行加密。我们认为在SQL解密他们然后将它们发送到应用程序，但是这将意味着它发送在网络上，这是我们不想要的。

Anyways, we have an application that FTPs files from one location to another and obviously the FTP profile needs a password. We have a database with all the details of the profiles, but we need the passwords to be encrypted. We've thought of decrypting them in SQL then sending them to the app, but that would mean sending it over the network, which we don't want.

我们希望加密存储的密码，通过细节的应用程序，然后在应用程序内解密。

We want to encrypt the stored passwords, pass the details to the application, then decrypt them within the application.

这可能吗？

从我的google搜索，它似乎没有它，但我希望有人有一个恶作剧还是什么的。

From my googling, it doesn't seem it is, but I'm hoping someone has a trick or something.

在此先感谢！

注意：我正在使用.NET 4.0和SQL Server 2008 R2。

Note: I'm using .Net 4 and SQL Server 2008 R2.

推荐答案

使用SQL Server列加密API函数加密和解密（像的 EncryptByKey的 ）不与任何客户端加密或解密兼容，存储格式。

Encryption and Decryption using SQL Server column crypto API functions (like EncryptByKey) is not compatible with any client side encryption or decryption because it uses an internal, undocumented, storage format.

我会召唤出你对通过网络发送的密码怕不成立的，因为SQL Server提供了网络连接的保密性，看到的加密连接到SQL Server

I would call out that your fear about sending passwords over the network are not founded, since SQL Server provides network connection confidentiality, see Encrypting Connections to SQL Server.

您最好的选择将是要么存储密码的加密列，并使用内置的SQL Server加密功能（ EncryptByKey的 ， DecryptByKey这个 ），或使用透明数据库加密。标准太选择一个或另一个多半是发牌规定（TDE要求企业版），因为TDE优于在各方面列级加密。无论你选择什么样的解决方案，你会很快认识到，主要的问题是密钥管理，并为SQL Server提供了一个可行的故事，看到的加密层次结构。不管你如何设计解决方案，从未有任何需要为应用程序加密或解密密码本身，如果你需要这样那么你就明确下来一个错误的道路（因为应用程序不能管理密钥本身），因此，从未应该出现CLR加密和SQL密码的兼容性问题。

Your best options would be to either store the password in an encrypted column and use the built-in SQL Server crypto functions (EncryptByKey, DecryptbyKey) or use Transparent Database Encryption. the criteria too choose one or the other is mostly the licensing requirement (TDE requires Enterprise Edition) since TDE is superior to column level encryption in every aspect. No matter what solution you choose, you'll quickly realize that the main problem is key management, and for that SQL Server offers a viable story, see Encryption Hierarchy. No matter how you design the solution, there is never any need for the application to encrypt or decrypt the password itself, if you need such then you're clearly down a wrong path (since the application cannot manage the keys itself), so the issue of CLR crypto and SQL crypto compatibility should never arise.

这篇关于加密在SQL Server /解密.NET 4中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！