October 24, 2011 at 9:10 am
Hi,
I have never been able to understand the use of certificates within SQL Server and despite reading through a number of different articles on encryption i'm still a little fuzzy.
I was working through the tutorial listed below and the exercise starts by creating a database master key, then a certificate and then a symmetric key which is used to encrypt data. Why can't you simply use the certificate rather then creating another key?
Thanks,
October 24, 2011 at 9:37 am
The symmetric key itself is encrypted with the certificate. That means you don't have to transmit the key in plaintext, which would kind of defeat the purpose of encryption in the first place.
Take a look at: http://msdn.microsoft.com/en-us/library/ms188357.aspx
It has data on encrypting symmetric keys.
The key thing (pun intended) is to understand encryption hierarchies. Take a look at this: http://msdn.microsoft.com/en-us/library/ms189586.aspx
There's a reasonably clear explanation of why symmetric keys need to be encrypted here: http://www.suse.de/~garloff/Writings/mutt_gpg/node3.html
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
October 24, 2011 at 9:40 am
Thanks very much; i will read through the links that you have provided.
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply