加密在SQL Server /解密在.Net 4 [英] Encrypt in SQL Server / Decrypt in .Net 4

问题描述

我知道这可能是这个问题的重复：如何在sql server中加密数据并在.net应用程序中进行解密
- 但是这个问题在将近一年前被提出，我希望可能有进步或一些东西。

无论如何，我们有一个应用程序将文件从一个位置FTP到另一个位置，显然FTP配置文件需要密码。我们有一个包含配置文件所有细节的数据库，但是我们需要加密密码。我们已经想到在SQL中解密它们，然后将它们发送到应用程序，但这将意味着通过网络发送，我们不想要。

我们想要加密存储的密码，将详细信息传递给应用程序，然后在应用程序中解密它们。

是否可能？

从我的谷歌，似乎不是，但我希望有人有一个技巧或某事。

提前感谢！ >

注意：我正在使用.Net 4和SQL Server 2008 R2。

解决方案

使用SQL Server列加密API函数进行加密和解密（如 EncryptByKey ）与任何客户端加密或解密不兼容，因为它使用一个内部的，无文档的存储格式。

我会提出你对通过网络发送密码的恐惧并没有建立起来，因为SQL Server提供了网络连接的机密性， a href =http://msdn.microsoft.com/en-us/library/ms189067.aspx =noreferrer>加密与SQL Server的连接。

您最好的选择是将密码存储在加密列中，并使用内置的SQL Server加密功能（ EncryptByKey ， DecryptbyKey ）或使用透明数据库加密。标准也选择一个或另一个主要是许可要求（TDE要求企业版），因为TDE在每个方面都优于列级加密。无论您选择何种解决方案，您都可以快速意识到主要问题是密钥管理，SQL Server提供了一个可行的故事，请参阅加密层次结构。无论您如何设计解决方案，都无需对应用程序进行加密或解密密码本身，如果您需要这样的话，那么您显然会错误的路径（因为应用程序无法管理密钥本身），所以不应该出现CLR加密和SQL加密兼容性的问题。

I understand this might be a repeat of this question: How to encrypt data in sql server and decrypt it in .net apps - But this was asked almost a year ago and I'm hoping there might have been advancements or something.

Anyways, we have an application that FTPs files from one location to another and obviously the FTP profile needs a password. We have a database with all the details of the profiles, but we need the passwords to be encrypted. We've thought of decrypting them in SQL then sending them to the app, but that would mean sending it over the network, which we don't want.

We want to encrypt the stored passwords, pass the details to the application, then decrypt them within the application.

Is this possible?

From my googling, it doesn't seem it is, but I'm hoping someone has a trick or something.

Thanks in advance!

Note: I'm using .Net 4 and SQL Server 2008 R2.

解决方案

Encryption and Decryption using SQL Server column crypto API functions (like EncryptByKey) is not compatible with any client side encryption or decryption because it uses an internal, undocumented, storage format.

I would call out that your fear about sending passwords over the network are not founded, since SQL Server provides network connection confidentiality, see Encrypting Connections to SQL Server.

Your best options would be to either store the password in an encrypted column and use the built-in SQL Server crypto functions (EncryptByKey, DecryptbyKey) or use Transparent Database Encryption. the criteria too choose one or the other is mostly the licensing requirement (TDE requires Enterprise Edition) since TDE is superior to column level encryption in every aspect. No matter what solution you choose, you'll quickly realize that the main problem is key management, and for that SQL Server offers a viable story, see Encryption Hierarchy. No matter how you design the solution, there is never any need for the application to encrypt or decrypt the password itself, if you need such then you're clearly down a wrong path (since the application cannot manage the keys itself), so the issue of CLR crypto and SQL crypto compatibility should never arise.

这篇关于加密在SQL Server /解密在.Net 4的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！