Developing an application, which is handling encrypting for a SQL server 2005 DB at the application level, using symmetric AES encryption. After being encrypted the data is being sent to the SQL server 2005 DB to be inserted. This is what I want to accomplish. But I have one or two questions as I am going through the research for my project.
- Encrypting the data shouldn’t be that big a deal, but can SQL server 2005 handle to insert these data? If yes how? I am thinking just simple SQL INSERT statements.
- When the data are inserted can SQL server, as it support AES encryption, through the DBMS decrypt the data as they have been encrypted else where and then perform specific functions? (by specific function I just mean any function that may have to run, it could be any function one could think of)
- How difficult would it be to take the encrypted data from SQL server to the application and then at the application level decrypt these?
Any help on the above questions is highly appreciated or if people have any comment on the subject I would be more than happy to receive these.
Thank you
Kenn Kikkenborg
Hi,
1. AFter encryption the values you will pass to SQL Server will just be strings. SQL Server will not care about the content of the strings. As you are using client side encryption in your solution, the encrypted value will be handled by SQL Server as you would have entered a "real" value.
2.I don′t know if you can use the server side introduced decryption methods to decrypt the client side encrypted data, that should be worth a try. But if you expose your decryption functionality in an assembly, you can create a CLR function using this logic to decrypt the data.
3.If the data was not encrypted by SQL Server and only your client application, the same rules as above in 1. would apply. If you encrypted the data in SQL Server and want to decrypt it in your client application you would have to check the thoughts of 2.
HTH, Jens K. Suessmeyer.
http://www.sqlserver2005.de
No comments:
Post a Comment