Netherlands: Software

Introductie van Micorosoft SQL Server 2016

Issue link:

Contents of this Issue


Page 28 of 212

18 C H A P T E R 2 | Better security you can use a custom provider, as described in "Creating Custom Key Store Providers for Always Encrypted (Azure Key Vault Example)," at sqlsecurity/archive/2015/09/25/creating-an-ad-hoc-always-encrypted-provider-using-azure-key- vault.aspx. Although this article provides an example using Azure Key Vault, you can apply the principles to the development of a custom provider. Finding the certificate thumbprint You can easily locate the thumbprint of the certificate in the certificate store by using the Certificate snap-in within the Microsoft Management Console (MMC). In MMC, on the File menu, select Add/Remove Snap-In. In the Add Or Remove Snap-ins dialog box, select Certificates in the Available Snap-ins list on the left, and click the Add button to move your selection to the right. The Certificates Snap-in dialog box prompts you to select a certificate store. Choose either My User Account or Computer Account, depending on which certificate store you are using. Click the Finish button, and then click OK. Expand the Certificates folder to locate your certificate in the Personal/Certificates subfolder, double-click the certificate, select the Details tab, and scroll to the bottom, where you can see the thumbprint that you use as the value for the CREATE COLUMN MASTER KEY DEFINITION statement. Column encryption keys After creating a column master key, you are ready to create the encryption keys for specific columns. The SQL Server 2016 ADO.NET driver uses column encryption keys to encrypt the data before sending it to the SQL Server and to decrypt the data after retrieving it from the SQL Server 2016 instance. As with the column master key, you can create column encryption keys by using T-SQL or SSMS. While the column master keys are easier to create by using T-SQL, column encryption keys are easier to create by using SSMS. To create a column encryption key, use Object Explorer to connect to the database instance, navigate to the database, then to Security, and expand the Always Encrypted Keys folder. Right-click Column Encryption Keys, and then select New Column Encryption Key. In the New Column Encryption Key dialog box, type a name for the new encryption key, select a Column Master Key Definition in the drop-down list, as shown in Figure 2-3, and then click OK. You can now use the column encryption key in the definition of a new table.

Articles in this issue

Links on this page

Archives of this issue

view archives of Netherlands: Software - Introductie van Micorosoft SQL Server 2016