Re: Encrypting Data in SQL 2000

---

• From: "Mike C#" <xyz@xxxxxxx>
• Date: Fri, 14 Jul 2006 21:13:11 -0400

---

Here are some free XP's that perform column-level encryption using the
CryptoAPI:
http://www.sqlservercentral.com/columnists/mcoles/sql2000dbatoolkitpart1.asp


"Steven" <Lazans@xxxxxxxxx> wrote in message
news:ucwNjZrpGHA.3324@xxxxxxxxxxxxxxxxxxxxxxx

What about Microsoft's Crypto API?

Steve

"Arnie Rowland" <arnie@xxxxxxxx> wrote in message
news:e8qenSrpGHA.3324@xxxxxxxxxxxxxxxxxxxxxxx

Very limited.

If using a .NET applicaiton, there is a rich encryption library that
could be used at the application level to encrypt data before it is
stored in the server, and decrypt it after if is retreived.

And there are several third party 'Add-ins' to allow encryption via
extended procedures.

A very crude 'hiding (and generally ineffective) scheme would be to use
one of the checksum() functions and do a one-way process. You couldn't
'decrypt' it but you could use a comparison to verify if an input value
matches.

As far as I know, the application level method is the only way to keep a
determined DBA (or Admin) from being able to access the encrypted data
AND the means to decrypt it. (But then, the question is "Is that a wise
decision?, Are you feeling lucky? Go ahead, make my ..."

--
Arnie Rowland*
"To be successful, your heart must accompany your knowledge."



"Steven" <Lazans@xxxxxxxxx> wrote in message
news:eDdtTMrpGHA.4812@xxxxxxxxxxxxxxxxxxxxxxx

What is the recommended way to store data in SQL Server 2000 encrypted
so not even DBA can see the values? I know SQL 2005 has encryption at
the row level, but what are my options in SQL 2000?

Thank you,

Steve

.

---

• References:
  • Encrypting Data in SQL 2000
    • From: Steven
  • Re: Encrypting Data in SQL 2000
    • From: Arnie Rowland
  • Re: Encrypting Data in SQL 2000
    • From: Steven

• Prev by Date: Re: Limiting a user to only executing a stored only that access an
• Next by Date: Error: [Microsoft][ODBC SQL Server Driver][SQL Server]Invalid column name when i copy the db
• Previous by thread: Re: Encrypting Data in SQL 2000
• Next by thread: Re: Encrypting Data in SQL 2000
• Index(es):
  • Date
  • Thread

---

Relevant Pages How do I Use DPAPI to Encrypt and Decrypt Data (C#/VB.NET)? ... Use DPAPI to Encrypt and Decrypt Data ... The code below demonstrates how to call Data Protection API (DPAPI) ... In addition to encryption and decryption, ... public static string Encrypt ... (microsoft.public.dotnet.framework.aspnet.security) Re: Byte array to string and back - newbie question ... // Create a symmetric algorithm. ... This is done to make encryption more ... // Encrypt a string into a string using a password ... // Decrypt a byte array into a byte array using a key and an IV ... (microsoft.public.dotnet.framework.aspnet.security) Re: CryptAPI(encryption/decryption) ... It seems like you're missing the Base64 decode step when trying to decrypt ... I misspelled the Private Key as Primary Key. ... Is there any variation in the encryption format in openssl compared to ... "Dylan DSilva " wrote: ... (microsoft.public.pocketpc.developer) Re: Writing spaghetti code for obfuscation/encryption ... > undocumented opcodes and simple encryption? ... do the protection and distribution (I'll justify this later, ... This key was used to decrypt the main program code. ... So here's the scheme in action: Put disk in, ... (comp.lang.asm.x86) Re: Which is more secure RC2 or RC4 ? ... Credit card info... ... If your application can decrypt the information (in order to send it ... one goofy solution may be to use public key encryption on ... decryption key on a separate computer (laptop). ... (sci.crypt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.sqlserver.security  > 2006-07