允许存储过程解密加密列

问题描述 投票:0回答:1

我在 SQL Server 2016 中创建了一个对称密钥,然后加密了表中的单个列 (

PhoneNo
)。

如果我运行以下代码,该列将被解密并显示结果:

OPEN SYMMETRIC KEY SymKey_Test DECRYPTION BY CERTIFICATE Certificate_Test;

SELECT        
    ClientContactTest.ClientID, ClientContactTest.ContactID, 
    ClientContactTest.Title, ClientContactTest.Forename, 
    ClientContactTest.Surname, 
    CONVERT(varchar, DecryptByKey(ClientContactTest.PhoneNo_Encrypt)) AS PhoneNo,  
    ClientContactTest.MobileNo, ClientContactTest.EMailAddress, 
    Lookup_ContactType.Description AS ContactTypeDescription
FROM
    ClientContactTest 
LEFT OUTER JOIN
    Lookup_ContactType ON ClientContactTest.ContactTypeID = Lookup_ContactType.ContactTypeID
WHERE
    (ClientContactTest.ClientID = 7) 
    AND (ClientContactTest.SiteID = 0) 
    AND (ClientContactTest.ContactID = 1)

CLOSE SYMMETRIC KEY SymKey_Test

但是如果我将完全相同的代码放入存储过程中,它将为此列返回 NULL:

CREATE PROCEDURE [dbo].[ClientContactTest_LoadRecord_Encrypted]
AS
BEGIN
    OPEN SYMMETRIC KEY SymKey_Test DECRYPTION BY CERTIFICATE Certificate_Test;

    SELECT        
        ClientContactTest.ClientID, ClientContactTest.ContactID, 
        ClientContactTest.Title, ClientContactTest.Forename, 
        ClientContactTest.Surname, 
        CONVERT(varchar, DecryptByKey(ClientContactTest.PhoneNo_Encrypt)) AS PhoneNo, 
        ClientContactTest.MobileNo, ClientContactTest.EMailAddress, 
        Lookup_ContactType.Description AS ContactTypeDescription
    FROM
        ClientContactTest 
    LEFT OUTER JOIN
        Lookup_ContactType ON ClientContactTest.ContactTypeID = Lookup_ContactType.ContactTypeID
    WHERE
        (ClientContactTest.ClientID = 7) 
        AND (ClientContactTest.SiteID = 0) 
        AND (ClientContactTest.ContactID = 1)

    CLOSE SYMMETRIC KEY SymKey_Test
END

存储过程对名为 

CRMObjects
的角色具有执行权限。

如何得到正确的返回结果?

尝试了以下步骤,但没有什么区别:

GRANT CONTROL ON CERTIFICATE :: Certificate_Test TO CRMObjects;
GRANT CONTROL ON SYMMETRIC KEY :: SymKey_Test TO CRMObjects

GRANT VIEW DEFINITION ON SYMMETRIC KEY::SymKey_Test TO CRMObjects
GRANT VIEW DEFINITION ON Certificate::[Certificate_Test] TO CRMObjects
sql sql-server stored-procedures symmetric-key
1个回答
0
投票

我终于解决了这个问题,所以认为发布我最终所做的事情是个好主意

-- 创建主密钥、证书和对称密钥

通过密码创建主密钥加密 = 'mzkvdlk979438teag$$ds987yghn)(&4fdg^';
通过密码打开主密钥解密 = 'mzkvdlk979438teag$$ds987yghn)(&4fdg^';
创建证书Certificate_Test2,主题=“测试2”
使用算法创建对称密钥 SSN_Key_01 = 通过证书进行 DES 加密Certificate_Test2;
去吧

-- Open Key, Encrypt Field & Close Key

通过证书Certificate_Test2打开对称密钥SSN_Key_01解密;
更新客户端联系测试
设置电话号码_加密
= EncryptByKey(Key_GUID('SSN_Key_01'), PhoneNo);
去吧
关闭对称密钥 SSN_Key_01;

-- 并测试一下

通过证书打开对称密钥 SSN_Key_01 解密Certificate_Test2; 选择 CONVERT(varchar, DecryptByKey(ClientContactTest.PhoneNo_Encrypt)) AS PhoneNo 来自客户联系测试 哪里(ClientContactTest.ClientID = 7)

-- 创建存储过程

创建过程 [dbo].[ClientContact_LoadRecord_Encrypted] 作为 开始 打开对称密钥 SSN_Key_01 由证书解密Certificate_Test2; 选择 CONVERT(varchar, DecryptByKey(ClientContactTest.PhoneNo_Encrypt)) AS PhoneNo 来自客户联系测试 哪里(ClientContactTest.ClientID = 7) 结束

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.