Published on

April 12, 2009

Understanding Encryption in SQL Server

SQL Server provides encryption as a powerful feature to protect data against hackers’ attacks. Encryption ensures that even if hackers manage to access the database or tables, they cannot understand or make use of the encrypted data. In today’s world, it is crucial to encrypt sensitive security-related data both during storage in the database and transmission across networks.

Encryption in SQL Server follows a three-level security hierarchy:

  • Windows Level – Highest Level – Uses Windows DP API for encryption
  • SQL Server Level – Moderate Level – Uses Services Master Key for encryption
  • Database Level – Lower Level – Uses Database Master Key for encryption

There are two types of keys used in encryption:

  • Symmetric Key – In symmetric cryptography, the sender and receiver share a single key to encrypt and decrypt messages.
  • Asymmetric Key – In asymmetric cryptography, the sender and receiver have a pair of cryptographic keys – a public key and a private key – to encrypt and decrypt messages.

SQL Server also supports encryption using certificates. A public key certificate binds the value of a public key to the identity of the entity holding the corresponding private key.

Let’s create a sample database to demonstrate encryption in SQL Server:

USE master
GO
CREATE DATABASE EncryptTest
ON PRIMARY ( NAME = N'EncryptTest', FILENAME = N'C:\EncryptTest.mdf')
LOG ON ( NAME = N'EncryptTest_log', FILENAME = N'C:\EncryptTest_log.ldf')
GO

Once the database is created, we can proceed with encrypting data at different levels:

  • Database Level Encryption – This level secures all the data in a database. However, it is a resource-intensive process and not practical for everyday use.
  • Column (or Row) Level Encryption – This level is the most preferred method. Only columns containing important data should be encrypted, resulting in lower CPU load compared to encrypting the entire database.

Let’s create a sample table and populate it with data:

USE EncryptTest
GO
CREATE TABLE TestTable (FirstCol INT, SecondCol VARCHAR(50))
GO
INSERT INTO TestTable (FirstCol, SecondCol)
SELECT 1,'First'
UNION ALL
SELECT 2,'Second'
UNION ALL
SELECT 3,'Third'
UNION ALL
SELECT 4,'Fourth'
UNION ALL
SELECT 5,'Fifth'
GO

Now, let’s encrypt one of the columns in the table:

USE EncryptTest
GO
ALTER TABLE TestTable
ADD EncryptSecondCol VARBINARY(256)
GO
OPEN SYMMETRIC KEY TestTableKey DECRYPTION
BY CERTIFICATE EncryptTestCert
UPDATE TestTable
SET EncryptSecondCol = ENCRYPTBYKEY(KEY_GUID('TestTableKey'),SecondCol)
GO

We can drop the original column if we no longer need it:

USE EncryptTest
GO
ALTER TABLE TestTable
DROP COLUMN SecondCol
GO

To retrieve the original data from the encrypted column, we can use the decryptbykey function:

USE EncryptTest
GO
OPEN SYMMETRIC KEY TestTableKey DECRYPTION
BY CERTIFICATE EncryptTestCert
SELECT CONVERT(VARCHAR(50),DECRYPTBYKEY(EncryptSecondCol)) AS DecryptSecondCol
FROM TestTable
GO

Remember to clean up the database after you are done:

USE EncryptTest
GO
CLOSE SYMMETRIC KEY TestTableKey
GO
DROP SYMMETRIC KEY TestTableKey
GO
DROP CERTIFICATE EncryptTestCert
GO
DROP MASTER KEY
GO
USE [master]
GO
DROP DATABASE [EncryptTest]
GO

Encryption is a crucial security feature in SQL Server. It is recommended to use long and asymmetric keys for stronger encryption, but keep in mind that stronger encryption uses more CPU and is slower. For large amounts of data, encrypting it using a symmetric key is suggested. Additionally, compressing data before encryption is recommended, as encrypted data cannot be compressed.

By implementing encryption in SQL Server, you can ensure the security and integrity of your data, protecting it from unauthorized access and potential breaches.

Click to rate this post!
[Total: 0 Average: 0]

Let's work together

Send us a message or book free introductory meeting with us using button below.