SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Print .SQL certificate files (.MK, .CER and .PK) on PAPER for long term storage in vault


Print .SQL certificate files (.MK, .CER and .PK) on PAPER for long term storage in vault

Author
Message
Theo Ekelmans
Theo Ekelmans
Hall of Fame
Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)

Group: General Forum Members
Points: 3921 Visits: 905
Hi Guys,

Did anyone find a way to print .SQL certificate files (.MK, .CER and .PK) on PAPER for long term storage in a vault ?

I don't trust USB and SD as long term storage, and a harddisk is too big and sensitive to be reliable (they tend to bounce back up in more then one piece)

Since those files are tiny (1 KB'ish) I tried to find a QR generator, but could not find one that will take an input file of 1 KB.

An alternative is to BASE64 encode the files and use some OCR to read it off the paper if ever the need should arise.

Any thoughts on this, anyone ? Smile
Chris Harshman
Chris Harshman
SSC-Dedicated
SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)

Group: General Forum Members
Points: 38040 Visits: 7168
I'd never considered this approach, not sure how successful it would be. I can understand your reluctance to rely on magnetic media or flash memory for long term storage but how about something like burning the files to a CD? I know fewer and fewer computers are including optical drives, but it still could be an option that would certainly work better than paper.
Theo Ekelmans
Theo Ekelmans
Hall of Fame
Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)

Group: General Forum Members
Points: 3921 Visits: 905
Hi Chris,

Actually, nearly all systems my customers run these days don't have a DVD drive anymore, and in 5 or 6 years we will be *really* hard pressed to find one that still works, and even then you should use stuff like M-DISC to be near certain about longevity. SANDISK's WORM SD card used to the trick, but they are EOL. see: link

In one customers case we were not even allowed to use a password manager like keepass because it's open source ....

yeah yeah... quit laughing, but that is how it is, and i must deal with it Tongue

So, i started thinking, since they are really small files, why not print them in a format an OCR scanner can easily recognize, and recreate the files.

Paper printed using laserprinters is a surprisingly stable medium, takes almost no space in a vault, and will last much longer then the SQL server data using that encryption (15 years for tax laws).

I'll keep looking and report back what i have figured out.
RTaylor2208
RTaylor2208
SSChampion
SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)

Group: General Forum Members
Points: 11932 Visits: 1562
Is using online storage not an option? For example Amazon's S3 is secure (providing you set it up correctly), it is also one of the most redundant online storage facilities available. The cost to store the files indefinitely would be pennies per year.

MCITP SQL 2005, MCSA SQL 2012
Theo Ekelmans
Theo Ekelmans
Hall of Fame
Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)Hall of Fame (3.9K reputation)

Group: General Forum Members
Points: 3921 Visits: 905
Nope,

We are talking about the encryption certificates for the SQL server backups containing *very* personal data, the Security officer would have a fit if I would suggest storing that kind of data in the cloud.

He demands HARDcopy..... as in something physical and durable he can store in his datavault (the kind of vault that survives 24 hour blazing fire, a 4 story drop and then having the entire building collapse upon it) BigGrin
RTaylor2208
RTaylor2208
SSChampion
SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)

Group: General Forum Members
Points: 11932 Visits: 1562
Theo Ekelmans - Tuesday, March 6, 2018 2:34 AM
Nope,

We are talking about the encryption certificates for the SQL server backups containing *very* personal data, the Security officer would have a fit if I would suggest storing that kind of data in the cloud.

He demands HARDcopy..... as in something physical and durable he can store in his datavault (the kind of vault that survives 24 hour blazing fire, a 4 story drop and then having the entire building collapse upon it) BigGrin

Seems like over kill to me, I could agree with the point if the actual database backups were stored in the same location but I assume your backups are on premise? Providing you access S3 as a service using a suitable API and encrypt your traffic with SSL when uploading where is the risk? When stored at rest in S3 you can enable encryption as well as other security measures. Yes there are stories of data leaks from S3 but almost every single one has been down to mis-configuration rather than being hacked.

The keys are only of any use if you have access to the backup media and unless you combine your own network with amazons using direct connect or a VPN then those encryption certificates are useless to anyone without the actual media.


MCITP SQL 2005, MCSA SQL 2012
Chris Harshman
Chris Harshman
SSC-Dedicated
SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)

Group: General Forum Members
Points: 38040 Visits: 7168
Theo Ekelmans - Tuesday, March 6, 2018 2:34 AM
He demands HARDcopy..... as in something physical and durable he can store in his datavault (the kind of vault that survives 24 hour blazing fire, a 4 story drop and then having the entire building collapse upon it) BigGrin
I sincerely hope that by "his datavault" you are referring to some third party off site service, not something he personally has at his house or something Smile

Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum









































































































































































SQLServerCentral


Search