I've played with various configurations of the MS SQL Server encryption functionality, and come across an embarrassingly easy question that I cannot seem to resolve. How do I retrieve the actual symmetric and asymmetric keys out of the database?
I'd like to explore the possibility of off-loading the encryption/decryption work from the database server to a load-balanced pool of servers. For this model to work the pool would need access to the keys. The symmetric keys currently are generated with the command...
I'm trying to develop a procedure for re-encrypting data with a different symmetric key, but I need the new key to use the old key name. I want to do this without leaving the data in clear text at any point. I would think the process would work like this:
1.Create a new key 2.Decrypt data w/old key and encrypt with new key. 3.Drop old key. 4.Rename new key using the old key name.
However, I can't find that there's a way to rename a symmetric key. Is this correct? If that is the case, I believe I have to do an additional round of encryption:
1.Create a temp key 2.Decrypt data w/old key and encrypt with temp key. 3.Drop old key. 4.Create a new key with the old key name. 5.Decrypt data w/temp key and encrypt with new key. 6.Drop temp key
i've getting ready to implement encryption on a rather large database. I'd read that if performance is of utmost concert, you should use symmetric keys. I want to encrypt those keys by asymmetric keys. My code is working, but i'm just not sure if there is a quicker way? do you have to open and close the key each time you select/update/insert in a stored procedure that references an encrypted column, or is there a way to just modify the code by adding the encryptbykey/decryptbykey functions?
has anyone implemented encryption on columns in large tables? any suggestions for me?
Thanks, Pete
here's my code to create the keys:
create asymmetric key ASK_Auto_Encrypt with algorithm = RSA_512;
create symmetric key SK_AE with algorithm = TRIPLE_DES encryption by asymmetric key ASK_Auto_Encrypt;
here's my code to test this:
create table encryption_test (test varchar(50));
open symmetric key SK_AE decryption by asymmetric key ASK_Auto_Encrypt;
insert into encryption_test select encryptbykey(key_guid('SK_AE'),'test');
select convert(varchar(max),decryptbykey(test)) from encryption_test;
I'm having some issues restoring a backup of database that uses native encryption onto another server. I know there are a couple of articles on this but I seem to be missing something. Any help would be greatly appreciated.
Current Server Windows 2000 Destination Server Windows 2003
The original key setup for the current server was achieved by something like this:
CREATE SYMMETRIC KEY HR01 WITH algorithm=DES encryption BY password = 'HRpassword'
Running the command select * from sys.symmetric_keys on the current server I get the following:
name principal_id symmetric_key_id key_length key_algorithm algorithm_desc create_date modify_date key_guid
HR01 1 256 56 D DES 2006-11-22 16:36:01.883 2006-11-22 16:36:01.883 BBD80500-338F-47D7-B336-85D46E00F2F0 So I restored the database onto the new server and ran this script:
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'Password'; ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY; GO
I don't have a master key... so I go back to the original server and ran this script and did another backup:
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'Password' OPEN MASTER KEY DECRYPTION BY PASSWORD = 'Password'; ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY;
Running select * from sys.symmetric_keys on the current server now looks like this:
name principal_id symmetric_key_id key_length key_algorithm algorithm_desc create_date modify_date key_guid
We have been playing around with encryption in 2005. I cannot find a BOL topic that discusses dropping encryption objects such as keys.
We do the followign steps:
Create master key with password, then we create a certificate using the master key, we then create a symmetric key using this certificate and encrypt data columns.
But what i find worrying is that you can then drop the symmetric key , there are no warnings that you have objects dependant on this key for decryption.
Once you have dropped the key you cannot decrypt the data anymore?
Also the key defults the expiration date to 1 year.
WHat happens after 1 year when you have encrypted data and an expired key, or someone drops the key ? How can you ever decrypt the data after that ?
You can backup master keys nd certificates but not symmetric keys?
It seems to be that youc an very easily orphan encrypted data by the loss of the symmetric key for whatever reason, is this correct ?
I have a question about the storage of symmetric keys in SQL Server 2005 due to the fact that I have read two conflicting statements on this.
In Laurentiu's blog located at http://blogs.msdn.com/lcris/archive/2005/10/14/481434.aspx, in regards to preventing symmetric key loss he makes the statement that "...Because the keys are stored in the database, they will be saved with the database....".
But in the white paper Improving Data Security by Using SQL Server 2005, which is located at http://www.microsoft.com/technet/itshowcase/content/sqldatsec.mspx, in regards to symmetric keys the statement is made "...Note: The symmetric key is not stored in the database. Only the encrypted values of the symmetric key are stored in the database. Therefore, users who can access the database cannot decrypt the data without first decrypting the symmetric key....".
So I am just wondering which statement is correct, are symmetric keys stored in the database or not?
why my script is not allowing me to DECRYPTBYKEY once I restore my DB from PRODUCTION BACKUP....
-- SET Staging to Single User Mode to be able to RESTORE DB---
-- STEP 1 (Works No Problems Here)
USE master; GO ALTER DATABASE Staging SET SINGLE_USER WITH ROLLBACK IMMEDIATE; GO RESTORE DATABASE Staging FROM DISK = 'C:Program FilesMicrosoft SQL ServerMSSQL11.MSSQLSERVERMSSQLBackupMyDBRestore.bak' ; GO
-- STEP 2 - USE ONLY IF THE ABOVE IS UNSUCCESSFUL ||| FAILURE ****** RESTORE RUN THE FOLLOWING SCRIPT -----
--If the above is successful the DB sets itself back to MULTI_USER
--------------- @@@@@@@@@@@@@@ IMPORTANT UNCOMMIT AND RUN @@@@@@@@@@@@@@@@@@@@@@@@@ MANUAL STEPS ---------------------- -- RBD - Recreate Security ID'S AND PERMISSIONS FOR Stored Procedure EXECUTE RIGHTS, because PASSWORDS are different on lower -- environments --USE [Staging] --GO --/****** Object: User [WebUser] Script Date: 4/13/2015 11:15:51 AM ******/ --DROP USER [WebUser]
Hello. I have a problem that spans VB.net, SQL Server and SSIS but is rooted in the need to encrypt column data in SQL Server.
I would like to encrypt data that I am bringing into SQL Server in the Data transformation script component of an SSIS package. I have achieved this but I can't decrypt the data because the keys don't match. I would like to use symmetric key encryption but I don't see how to get the symmetric key that I created in SQL Server available to the VB.net script component in SSIS.
Please advise me if my approach is correct and what steps I need to take.
I can't seem to use symmetric keys in stored procedures. I am trying to decrypt a column in my stored precedure but the values are all NULL. First I tried a symmetric key that required a password but I kept getting simple syntax errors when I tried to send the password to the stored precedure as a parameter. Now I am trying a symmetric key that uses a certificate.
I also tried using WITH EXECUTE AS SELF and WITH EXECUTE AS CALLER but that made no difference.
We had a server give out on us completely. All that is left is a back up of the SSRS database. We have been able to get a new SSRS environment working but the symmetric key doesn't seem to work. Reports will run if we delete all sensitive data through the Config manager and reenter the connection strings into the datasource but if we can get the symmetric key saved in the ReportingServices database to work correctly it will save us a ton of effort. Can we make use of the symmetric key saved in the ReportServer.dbo.Keys table?
I am trying to implement the column encryption on one of the tables, have used the below link as the reference and got stuck at the last step.
[URL] ....
I have completed the following steps so far.
- CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘myStrongPassword’
- CREATE CERTIFICATE MyCertificateName WITH SUBJECT = 'A label for this certificate'
- CREATE SYMMETRIC KEY MySymmetricKeyName WITH IDENTITY_VALUE = 'a fairly secure name', ALGORITHM = AES_256,
[Code] .....
Example by using the function
EXEC OpenKeys
-- Encrypting SELECT Encrypt(myColumn) FROM myTable
-- Decrypting SELECT Decrypt(myColumn) FROM myTable
When I ran the last command :
-- Decrypting SELECT Decrypt(myColumn) FROM myTable
I get the following error :
Msg 257, Level 16, State 3, Line 2 Implicit conversion from data type nvarchar to varbinary is not allowed. Use the CONVERT function to run this query.
Where will I use the convert function, in decrypt function or in select statement?
Say i have some symmetric keys encrypted by other symmetric keys , is there some way to find the relationship of these key?
I know i can find the certificate or asymmetric key through sys.key_encryptions catalog view by "thumbprint" column, but the thumbprint column is null when the key was encrypted by a symmetric key.
Using SQL Server Express 2005, I have two databases. AppDB - The main application database.GeoDB - A somewhat static ZIP code / states / other geographic stuff databaseI need to have some foreign key columns in tables in AppDB reference columns in the GeoDB database tables. Eventually other application database besides AppDB will be doing the same thing in our infrastructure. After googling and reading for days, here is what I think I know:You cannot create foreign keys that reference tables in another database in SQL Server.You cannot create foreign keys that reference columns in a view, and you definitely cannot make an index on a view that has base tables in another database.You can create a trigger that references tables in another database, but this can be flaky? (nested/recursive trigger problem).SQLServer 2005 supports multiple schemas within the same database. Maybe I should logically separate my databases this way? Seems like it would be a tough solution to manage since I already have some databases live in production that will eventually use this 'static' GeoDB. Also, seems like it wouldn't be as portable as keeping the GeoDB info in its own database, but maybe I'm being too software engineer-ish here - afraid of low cohesion, high coupling.I will greatly appreciate any advice I can get, or any more options I am missing. Thanks,Adam Nofsingerucnmedia.com
I am now retrieving the PDF from the database and I am getting an error: Error 1 'GetImages.GetImage(int)': not all code paths return a value I have: int imageid = Convert.ToInt32(Request.QueryString["ACTUAL_IMAGE_PDF"]); And... private SqlDataReader GetImage(int imageid) { Sql Statement... } Could someone help please??
I'm going through my tables and rewriting them so that I can create relationship-based constraints and create foreign keys among my tables. I didn't have a problem with a few of the tables but I seem to have come across a slightly confusing hiccup.
Here's the query for my Classes table:
Code:
CREATE TABLE Classes ( class_id INT IDENTITY PRIMARY KEY NOT NULL,
This statement runs without problems and I Create the relationship with my Users table just fine, having renamed it to teacher_id. I have a 1:n relationship between users and tables AND an n:m relationship because a user can be a student or a teacher, the difference is one field, user_type, which denotes what type of user a person is. In any case, the relationship that's 1:n from users to classes is that of the teacher instructing the class. The problem exists when I run my query for the intermediary table between the class and the gradebook:
Code:
CREATE TABLE Classes_have_Grades ( class_id INT PRIMARY KEY NOT NULL,
Query Analyzer spits out: Quote: Originally Posted by Query Analyzer There are no primary or candidate keys in the referenced table 'Classes' that match the referencing column list in the foreign key 'Classes_have_gradesFKIndex2'. Now, I know in SQL Server 2000 you can only have one primary key. Does that mean I can have a multi-columned Primary key (which is in fact what I would like) or does that mean that just one field can be a primary key and that a table can have only the one primary key?
In addition, what is a "candidate" key? Will making the other fields "Candidate" keys solve my problem?
ALTER TABLE [Students] WITH CHECK ADD CONSTRAINT [FK_Students_Schools] FOREIGN KEY([SchoolId]) REFERENCES [Schools] ([SchoolId])
What kind of index would ensure best performance for INSERTs/UPDATEs, so that SQL Server can most efficiently check the FK constraints? Would it be simply:
CREATE INDEX IX_Students_SchlId ON Students (SchoolId) Or CREATE INDEX IX_Students_SchlId ON Students (SchoolId, StudentId)
In other words, what's best practice for adding an index which best supports a Foreign Key constraint?
Ok, again, I'm reasonably new to this. I've been trying to display an image stored in SQL in a ASP.NET page. Pretty simple stuff I would have thought. I've read countless examples of how to do this online, and many of them use the same method of displaying the image, but none seem to work for me. The problem seems to lie in the following line of code: Dim imageData As Byte() = CByte(command.ExecuteScalar())Which always returns the error: Value of type 'Byte' cannot be converted to '1-dimensional array of Byte'.Here's the rest of my code, hope someone can help. It's doing my head in! Imports System.Data.SqlClient Imports System.Data Imports System.Drawing Imports System.IOPartial Class _ProfileEditor Inherits System.Web.UI.PageProtected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load 'Get the UserID of the currently logged on user Dim NTUserID As String = HttpContext.Current.User.Identity.Name.ToString Session("UserID") = NTUserID Dim Photo As Image = NothingDim connection As New SqlConnection(ConfigurationManager.ConnectionStrings("MyConnectionString").ConnectionString) Dim command As SqlCommand = connection.CreateCommand() command.CommandText = "SELECT Photograph, ImageType FROM Users WHERE UserID = @UserID"command.Parameters.AddWithValue("@UserID", NTUserID) connection.Open()Dim imageData As Byte() = CByte(command.ExecuteScalar())Dim memStream As New MemoryStream(Buffer) Photo = Image.FromStream(memStream) End Sub End Class
Dear Friends, I have read many solution over the net, but since I am unable to utilize anyone according to my needs I am seeking help from you people. I have a table imagedata in sql server 2005 having fields name and imageperson. Name is string and imageperson is Image field. I have successfully stored name of the person and his image in database. I have populated the dataset from codebehind and bind it to the repeater. By writing <%# DataBinder.Eval(Container.DataItem, "name")%>I am a able to retrieve the name of the person. But when I pass photodata as <%#photogen((DataBinder.Eval(Container.DataItem, "imageperson")))%> where photogen is function in code behind having structure public void photogen(byte[] dataretrieved) { Response.BinaryWrite(datarerieved) } But it is giving error at <%#photogen((DataBinder.Eval(Container.DataItem, "imageperson")))%> The best overloaded method match for '_Default.photogen(byte[])' has some invalid arguments AND Cannot convert object to byte[]. Can anyone please provide me working solution with code for aspx page and code behind. Thanks and regards
VWD 2005 Express. I need to retrieve a value from a SQL database from the code behind a page and assign it to a variable. In Microsoft Access I can do this using the DLookup function. What I need to do is get the data that results from the following query into a variable: SELECT [SystemUserId] FROM [SystemUser] WHERE ([Username] = @Username) The name of the data source is SqlDataSource2 Also, in Access I can create a recordset from a query and then process through the recordset. Can that be done in VB code in VWD 2005 Express?
Hi everyoneI created a database graphically in VS2005.Now I want the text version of those DDL(create) commands. Question is where and how are those commands stored in SqlServer I have the management studio too. Any ideas??
Hi. I've been traling the forum and the internet for a striaghtr forward solution on this. I'm trying to do what loads of people have already achieved: retrive images from an SQL database. I have successfully uploaded inages to an "iamges" table, storing the image as SQL type "image", also storing size, type, description, name etc. I want to be able to read one or more of these images (and other data) back from the table. I'm using C#, ASP NET 2.0, SQL, Any examples I've found needed a lot of tweaking, and for some reason or other didn't work! Please don;t just pose yet another URL to an example - I've probably tried it and failed already. I don't mind if I display the images in a GridView or just within an aspx page. Ideally I'd be able to dispaly a few images on a page. I know how to read and display the rest of the data in the "images" table. Can anyone help please? Do you need more info? Thanks in advance, Garrett
I have a SQL database that has Images stored. I am able to read the image from the database and display it. But i am not able to control the size and the position where it is displayed. I want to develop something like a photo album. the images should be displayed in a smaller size. but when the user clicks on the image, it should blow up to its original size. I am struggling with this for some time. Any suggestions as how to develop it??. Any help in this regard would be highly appreciated.
hello i want to know if there is any way to retrieve all the tables for a Database programmatically. i want to connect to a server and select a database .then by selecting the database all it's tables be loaded into a ComboBox(for example)..the tables name i mean. i want to give the user the option to select a table from a database.if it is possible help me my programming language is C#.Net any information is appereicated Somayeh
I am working on a project on PocketPC in which it is required to reteive data from database. I have created database on simulator as .sdf file. I want to retreive data from eVC++ code. How i can do so?
I'm very new new at this. I'm try to deploy a report model and got this message. I have no idea what its going on about.
Can anyone help me?
Aku
------------------------------
System.Web.Services.Protocols.SoapException: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> Microsoft.ReportingServices.Diagnostics.Utilities.RPCException: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: Bad Data. (Exception from HRESULT: 0x80090005) --- End of inner exception stack trace --- --- End of inner exception stack trace --- --- End of inner exception stack trace --- --- End of inner exception stack trace --- --- End of inner exception stack trace --- at Microsoft.ReportingServices.Diagnostics.DataProtection.ProtectData(Byte[] unprotectedData, String tag) at Microsoft.ReportingServices.Library.ConnectionManager.ConnectStorage() at Microsoft.ReportingServices.Library.Storage.NewStandardSqlCommand(String storedProcedureName) at Microsoft.ReportingServices.Library.DBInterface.GetAllConfigurationInfo() at Microsoft.ReportingServices.Library.RSService.GetSystemProperties(Property[] requestedProperties) at Microsoft.ReportingServices.WebServer.ReportingService.GetSystemProperties(Property[] Properties, Property[]& Values) --- End of inner exception stack trace --- at Microsoft.ReportingServices.WebServer.ReportingService.GetSystemProperties(Property[] Properties, Property[]& Values) (System.Web.Services)
Pls let me know How I generate script for All primary keys and foreign keys in a table. Thereafter that can be used to add primary keys and foreign keys in another databse with same structure.
Also how I script default and other constraints of a table?
Heres my requirement from a financial analysis im doing...I have just calculated an industry averages on financial ratios...Now i wanna upload this industry average to the system...so that I can compare it to the individual companies' averages after calculating a particular company's average; meaning i wanna be able to call the industry average of a particular ratio (eg Current Ratio) after calculating a company's corresponding ratio...Is there a code fragment i can use for this ?? Thanks in advance...Adam
hi, here i had created a database named "books" and it contains 8tables in sql server 2005. now i want to take a copy of this "books" database in another system which also have sql server2005 as a back end to asp.net. so where i can get this "books". i.e in which folder it will be saved. is it possible to svae this databse or have to svae each queries by which i created tables?
One can never consent to creep,when one feels an impulse to soar RAMMOHAN
I have inherited a database and with it a set of triggers that are 'apparently' installed. However I have a number of different 'versions' for a specific update trigger and it is not clear from the files which is the latest, hence I am unsure of what 'version' of the trigger is installed in the database itself.
I am trying to retrieve the trigger code from the databse so that i can correctly determine which one of my trigger files is the latest version.
I don't want to end up in a situation where an earlier version of the update trigger is installed as this could wreck the underlying data.
I have tried using the syscomments.text column that relates to the trigger but it only gives me a concatenated version of the sql code and not enough to determine which file version was used for the trigger.
Is there a way of retreiving the entire SQL code that was entered rather than just the first few lines?