Re: Encrypting Data in SQL 2000

Just to clarify: CryptoAPI is a set of encryption functions available in
Windows that expose standard cryptographic algorithms. .Net encryption
routines offer a higher level interface to CryptoAPI. The encryption in SQL
Server 2005 is also based on CryptoAPI. Any Windows application can use
these routines. For a list of the algorithms available through CryptoAPI,
you can take a look at:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/alg_id.asp.

Thanks

--
Laurentiu Cristofor [MSFT]
Software Design Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/

This posting is provided "AS IS" with no warranties, and confers no rights.

"Arnie Rowland" <arnie@xxxxxxxx> wrote in message
news:O2IubprpGHA.4268@xxxxxxxxxxxxxxxxxxxxxxx
Yes, that could be used. (I'm not sure if it's status is still considered
secure...)

You may wish to check the resourses at:

http://www.sqlsecurity.com/FAQs/SQLServerFAQ/tabid/55/Default.aspx

--
Arnie Rowland*
"To be successful, your heart must accompany your knowledge."



"Steven" <Lazans@xxxxxxxxx> wrote in message
news:ucwNjZrpGHA.3324@xxxxxxxxxxxxxxxxxxxxxxx
What about Microsoft's Crypto API?

Steve

"Arnie Rowland" <arnie@xxxxxxxx> wrote in message
news:e8qenSrpGHA.3324@xxxxxxxxxxxxxxxxxxxxxxx
Very limited.

If using a .NET applicaiton, there is a rich encryption library that
could be used at the application level to encrypt data before it is
stored in the server, and decrypt it after if is retreived.

And there are several third party 'Add-ins' to allow encryption via
extended procedures.

A very crude 'hiding (and generally ineffective) scheme would be to use
one of the checksum() functions and do a one-way process. You couldn't
'decrypt' it but you could use a comparison to verify if an input value
matches.

As far as I know, the application level method is the only way to keep a
determined DBA (or Admin) from being able to access the encrypted data
AND the means to decrypt it. (But then, the question is "Is that a wise
decision?, Are you feeling lucky? Go ahead, make my ..."

--
Arnie Rowland*
"To be successful, your heart must accompany your knowledge."



"Steven" <Lazans@xxxxxxxxx> wrote in message
news:eDdtTMrpGHA.4812@xxxxxxxxxxxxxxxxxxxxxxx
What is the recommended way to store data in SQL Server 2000 encrypted
so not even DBA can see the values? I know SQL 2005 has encryption at
the row level, but what are my options in SQL 2000?

Thank you,

Steve









.

Relevant Pages

  • Re: JavaCard RSA encryption - CryptoApi decryption problem.
    ... pseudorandomly generated nonzero octets. ... > using cryptoApi, on the card's public key, which is known to the outside ... > I tested the encryption on the card in the following way. ...
    (microsoft.public.platformsdk.security)
  • Re: Encrypting Data in SQL 2000
    ... for the clarification about CRYPTOAPI library. ... your heart must accompany your knowledge." ... .Net encryption ...
    (microsoft.public.sqlserver.security)
  • Re: Encryption in .NET and CryptoAPI Certificate Stores
    ... > envelop symmetric keys used for encryption is available: ... > Briefly, it demonstrates how to use CryptoAPI store certificates, or X509 ...
    (microsoft.public.platformsdk.security)
  • Re: Encryption in .NET and CryptoAPI Certificate Stores
    ... > envelop symmetric keys used for encryption is available: ... > Briefly, it demonstrates how to use CryptoAPI store certificates, or X509 ...
    (microsoft.public.dotnet.security)
  • Re: Wanted - simple way to encrypt data string.
    ... CryptProtectData/CryptUnprotectData rather than CryptoAPI calls. ... Encryption using standard algorithms couldn't be easier on ... > There are several basic code snippets in there on encrypting data using ... >> the Crypto API docs but am none the wiser. ...
    (microsoft.public.platformsdk.security)