我在 SQL Server 2016 中创建了一个对称密钥,然后加密了表中的单个列 (
PhoneNo
)。
如果我运行以下代码,该列将被解密并显示结果:
OPEN SYMMETRIC KEY SymKey_Test DECRYPTION BY CERTIFICATE Certificate_Test;
SELECT
ClientContactTest.ClientID, ClientContactTest.ContactID,
ClientContactTest.Title, ClientContactTest.Forename,
ClientContactTest.Surname,
CONVERT(varchar, DecryptByKey(ClientContactTest.PhoneNo_Encrypt)) AS PhoneNo,
ClientContactTest.MobileNo, ClientContactTest.EMailAddress,
Lookup_ContactType.Description AS ContactTypeDescription
FROM
ClientContactTest
LEFT OUTER JOIN
Lookup_ContactType ON ClientContactTest.ContactTypeID = Lookup_ContactType.ContactTypeID
WHERE
(ClientContactTest.ClientID = 7)
AND (ClientContactTest.SiteID = 0)
AND (ClientContactTest.ContactID = 1)
CLOSE SYMMETRIC KEY SymKey_Test
但是如果我将完全相同的代码放入存储过程中,它将为此列返回 NULL:
CREATE PROCEDURE [dbo].[ClientContactTest_LoadRecord_Encrypted]
AS
BEGIN
OPEN SYMMETRIC KEY SymKey_Test DECRYPTION BY CERTIFICATE Certificate_Test;
SELECT
ClientContactTest.ClientID, ClientContactTest.ContactID,
ClientContactTest.Title, ClientContactTest.Forename,
ClientContactTest.Surname,
CONVERT(varchar, DecryptByKey(ClientContactTest.PhoneNo_Encrypt)) AS PhoneNo,
ClientContactTest.MobileNo, ClientContactTest.EMailAddress,
Lookup_ContactType.Description AS ContactTypeDescription
FROM
ClientContactTest
LEFT OUTER JOIN
Lookup_ContactType ON ClientContactTest.ContactTypeID = Lookup_ContactType.ContactTypeID
WHERE
(ClientContactTest.ClientID = 7)
AND (ClientContactTest.SiteID = 0)
AND (ClientContactTest.ContactID = 1)
CLOSE SYMMETRIC KEY SymKey_Test
END
存储过程对名为
CRMObjects
的角色具有执行权限。
如何得到正确的返回结果?
尝试了以下步骤,但没有什么区别:
GRANT CONTROL ON CERTIFICATE :: Certificate_Test TO CRMObjects;
GRANT CONTROL ON SYMMETRIC KEY :: SymKey_Test TO CRMObjects
GRANT VIEW DEFINITION ON SYMMETRIC KEY::SymKey_Test TO CRMObjects
GRANT VIEW DEFINITION ON Certificate::[Certificate_Test] TO CRMObjects
我终于解决了这个问题,所以认为发布我最终所做的事情是个好主意
-- 创建主密钥、证书和对称密钥
通过密码创建主密钥加密 = 'mzkvdlk979438teag$$ds987yghn)(&4fdg^';
通过密码打开主密钥解密 = 'mzkvdlk979438teag$$ds987yghn)(&4fdg^';
创建证书Certificate_Test2,主题=“测试2”
使用算法创建对称密钥 SSN_Key_01 = 通过证书进行 DES 加密Certificate_Test2;
去吧
-- Open Key, Encrypt Field & Close Key
通过证书Certificate_Test2打开对称密钥SSN_Key_01解密;
更新客户端联系测试
设置电话号码_加密
= EncryptByKey(Key_GUID('SSN_Key_01'), PhoneNo);
去吧
关闭对称密钥 SSN_Key_01;
-- 并测试一下
通过证书打开对称密钥 SSN_Key_01 解密Certificate_Test2; 选择 CONVERT(varchar, DecryptByKey(ClientContactTest.PhoneNo_Encrypt)) AS PhoneNo 来自客户联系测试 哪里(ClientContactTest.ClientID = 7)
-- 创建存储过程
创建过程 [dbo].[ClientContact_LoadRecord_Encrypted] 作为 开始 打开对称密钥 SSN_Key_01 由证书解密Certificate_Test2; 选择 CONVERT(varchar, DecryptByKey(ClientContactTest.PhoneNo_Encrypt)) AS PhoneNo 来自客户联系测试 哪里(ClientContactTest.ClientID = 7) 结束