一,加密过程
(1)切换到master下:
use master;
(2)根据一段自定义密码创建主密钥:
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '密码';
(3)创建主密钥证书,主题任意填:
CREATE CERTIFICATE 证书名 WITH SUBJECT = '测试主题';
(4)切换到要加密的库下:
use 用户数据库;
(5)根据加密算法和证书创建数据库密钥:
CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_128 ENCRYPTION BY SERVER CERTIFICATE 证书名;
(6)开启该库的加密状态:
ALTER DATABASE 用户数据库 SET ENCRYPTION ON;
------------------------------------------------------------------
二,备份和还原
(1)备份主密钥在指定目录中:
BACKUP MASTER KEY TO FILE = 'd:storedkeysweifangmasterkey' ENCRYPTION BY PASSWORD = '密码'
(2)备份证书:
BACKUP CERTIFICATE 证书名 TO FILE = 'd:storedcertsweifangsdjslcert'; :
(3)还原master key:
use master
RESTORE MASTER KEY FROM FILE = 'd:storedkeysweifangmasterkey'
DECRYPTION BY PASSWORD = '密码'
ENCRYPTION BY PASSWORD = '密码';
--因为我这里还留有原来的证书,所以会提示如下信息:
--The old and new master keys are identical. No data re-encryption is required.
(4)还原证书
CREATE CERTIFICATE 证书名
FROM FILE = 'd:storedcertssdjslcert'
GO
--因为证书已经存在,所以提示如下信息:
--A certificate with name 'MyServerCert2' already exists or this certificate already has been added to the database.
--需要注意的是证书并不是按照证书名来区分的。我原来的证书名叫做MyServerCert,此处创建的证书名为MyServerCert2,但是是来自MyServerCert的一个备份,还是报错。