对于某些已经加密的数据,黑客并不需要解密,即可根据上下文推断出重要的信息。如过是这样,则对表具有 ALTER 权限的任何用户都能对加密数据进行修改,以对某些数据进行整个值替换攻击,SQL Server 提供验证器来避免数据遭受整个值替换攻击。这种整个值替换攻击可以完全绕过加密。加密纯文本前在该文本中添加上下文信息,可避免上述整个值替换攻击。此上下文信息用于验证未移动的纯文本数据。
--创建证书
create certificate cer001
encryption by password = N'!@#$%^&*'
with subject = 'cer_encryption',
start_date = '20111101',
expiry_date = '20120101';
go
--使用 DESX 算法创建名为 sym_key_001 的对称密钥,然后使用证书 cer001 对新密钥进行加密。
create symmetric key sym_key_001
with algorithm = DESX
encryption by certificate cer001;
go
--创建测试表
set nocount on;
select CreditCardID,CardNumber into dbo.testtb from Sales.CreditCard;
go
--添加存储加密后的列
alter table dbo.testtb add SymKeyEncryptionENumber varbinary(256) null;
go
--查看未加密结果
select * from dbo.testtb;
go
--加密
open symmetric key sym_key_001 decryption by certificate cer001 with password = N'!@#$%^&*';
update dbo.testtb set SymKeyEncryptionENumber = EncryptByKey(Key_GUID('sym_key_001'),CardNumber,1,CONVERT(varbinary,CreditCardID));
close symmetric key sym_key_001;
go
--查看加密后结果
select * from dbo.testtb;
go
--选取CreditCardID为11935,12094的数据进行演示
select * from dbo.testtb where CreditCardID in (11935,12094);
--模拟整个值替换攻击,把11935对应的加密列结果修改为12094加密列的值
update dbo.testtb set SymKeyEncryptionENumber = (select SymKeyEncryptionENumber from dbo.testtb where CreditCardID = 12094) where CreditCardID = 11935;
select * from dbo.testtb where CreditCardID in (11935,12094);
--查看对11935,12094两条记录的解密结果
open symmetric key sym_key_001 decryption by certificate cer001 with password = N'!@#$%^&*';
select CreditCardID,CardNumber, SymKeyEncryptionENumber,convert(nvarchar(30),DecryptByKey(SymKeyEncryptionENumber,1,CONVERT(varbinary,CreditCardID))) as DecryptedData
from dbo.testtb
where CreditCardID in (11935,12094);
close symmetric key sym_key_001;
go
create certificate cer001
encryption by password = N'!@#$%^&*'
with subject = 'cer_encryption',
start_date = '20111101',
expiry_date = '20120101';
go
--使用 DESX 算法创建名为 sym_key_001 的对称密钥,然后使用证书 cer001 对新密钥进行加密。
create symmetric key sym_key_001
with algorithm = DESX
encryption by certificate cer001;
go
--创建测试表
set nocount on;
select CreditCardID,CardNumber into dbo.testtb from Sales.CreditCard;
go
--添加存储加密后的列
alter table dbo.testtb add SymKeyEncryptionENumber varbinary(256) null;
go
--查看未加密结果
select * from dbo.testtb;
go
--加密
open symmetric key sym_key_001 decryption by certificate cer001 with password = N'!@#$%^&*';
update dbo.testtb set SymKeyEncryptionENumber = EncryptByKey(Key_GUID('sym_key_001'),CardNumber,1,CONVERT(varbinary,CreditCardID));
close symmetric key sym_key_001;
go
--查看加密后结果
select * from dbo.testtb;
go
--选取CreditCardID为11935,12094的数据进行演示
select * from dbo.testtb where CreditCardID in (11935,12094);
--模拟整个值替换攻击,把11935对应的加密列结果修改为12094加密列的值
update dbo.testtb set SymKeyEncryptionENumber = (select SymKeyEncryptionENumber from dbo.testtb where CreditCardID = 12094) where CreditCardID = 11935;
select * from dbo.testtb where CreditCardID in (11935,12094);
--查看对11935,12094两条记录的解密结果
open symmetric key sym_key_001 decryption by certificate cer001 with password = N'!@#$%^&*';
select CreditCardID,CardNumber, SymKeyEncryptionENumber,convert(nvarchar(30),DecryptByKey(SymKeyEncryptionENumber,1,CONVERT(varbinary,CreditCardID))) as DecryptedData
from dbo.testtb
where CreditCardID in (11935,12094);
close symmetric key sym_key_001;
go
结果如图:
由此可见,2个一样的二进制的值,解密的结果有一个为NULL,可见11935对应加密列的值被篡改。在SQL Server 2005,2008中得各种加密方法中,如果需要add_authenticator ,authenticator 说明该种加密机制可以防止整个值替换攻击。