SQL Server – Encrypt a Column Without Changing App Code

encryptionsql server

Is it possible to encrypt a column (with Symmetric Key and Triple DES encryption) and then set up a login for an application such that the query code in the app does not have to be changed to used the DECRYPTBYKEY function?

Right now the app is essentially using straight ANSI SQL. Pseudo code would looks like:

String query = "select EncryptedCol from TestTable";

To my knowledge the above has to be changed to:

String query = 
"OPEN SYMMETRIC KEY TestTableKey DECRYPTION " +
"BY CERTIFICATE EncryptionTestCert " +
"SELECT CONVERT(VARCHAR(50),DECRYPTBYKEY(EncryptedCol)) AS EncryptedCol " +
"FROM TestTable ";

SQL Server version is 2012 EE SP3-CU1 and the app is written in Java using jTDS.

Hope this question makes sense and appreciate any feedback.

Best Answer

This is what Always Encrypted was created for, but you'll have to wait for SQL Server 2016 (and for the jTDS drivers to catch up).

In the meantime, your Java app could call stored procedures, such that the data is encrypted there. That's really not going to change the fact that the decrypted text is being sent over the wire, but it does mean you can isolate query changes from the app...

Related Solutions

Sql-server – Copy SQL Server database to same server & decrypt by symmetric key return null

Following worked for me on SQL Server 2008:

OPEN MASTER KEY DECRYPTION BY PASSWORD = 'master_key_password'
ALTER MASTER KEY DROP ENCRYPTION BY SERVICE MASTER KEY;
ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY;
CLOSE MASTER KEY

For me it was essential to drop the encryption first, although the 'add' command should usually do this automatically.

Sql-server – Why use asymmetric keys in SQL Server

The proper key hierarchy is the Service Master Key protects the Database Master Key, the Database Master Key protects either an asymmetric key or certificate, the asymmetric key or certificate can be used for encryption or can be used to protect a symmetric key which is used for encryption. The keys are created in that order. The system creates and protects the SMK, and the DMK and subsequent keys are created by the user.

The design of the key hierarchy in SQL Server protects both the data and keys from compromise. Remember that with a symmetric key, the same key is used to encrypt and decrypt data, or in this case other keys. The main purpose of introducing an asymmetric key or certificate into the hierarchy protected by the Database Master Key is to prevent an attack on the DMK and SMK from inside of the database. If someone malicious wanted to obtain the DMK unencrypted, then that person would need to do one of two things. Either decrypt the service master key and use it to decrypt the DMK, which is not possible because only the database engine can use the Data Protection API to do this, or attempt to decrypt from the top of the hierarchy down, which would be possible if there were not an asymmetric key or certificate in the way.

All of the signed or encrypted bits of the symmetric keys in SQL Server are in a system table named sys.crypt_properties in each database, including the encryption of the Service Master Key in the master database. There is no system table that contains the private key for either of the asymmetric key types. If all keys in a hierarchy were symmetric keys, then the SMK would encrypt the DMK and the DMK would encrypt the symmetric key that would encrypt the data. Because of the way that symmetric keys work, that would also mean that, if someone opens the symmetric key for the data, then it can theoretically decrypt the DMK and the decrypted DMK can be saved by a malicious user or used to decrypt the SMK because the same key is used for encryption and decryption. This is why an asymmetric key or certificate is required to be an integrated part of the encryption hierarchy.

Best Answer

Related Solutions

Sql-server – Copy SQL Server database to same server & decrypt by symmetric key return null

Sql-server – Why use asymmetric keys in SQL Server

Related Question