在存儲過程中使用密碼打開對稱密鑰

我正在嘗試編寫一個存儲過程來解密由對稱密鑰加密的某些數據，該密鑰使用密碼使用非對稱密鑰加密。在存儲過程中使用密碼打開對稱密鑰

OPEN SYMMETRIC KEY需要密碼的字符串文字，所以我不得不與EXEC sp_executesql做一個工作。有一個更好的方法嗎？

DECLARE @open nvarchar(200), @close nvarchar(200) 
SET @open = 'OPEN SYMMETRIC KEY skey DECRYPTION BY ASYMMETRIC KEY akey WITH PASSWORD = ' + quotename(@password,'''') + ';'; 
SET @close = 'CLOSE SYMMETRIC KEY skey;'; 

EXEC sp_executesql @open 

SELECT [TransactionID],Convert(varchar(max),DECRYPTBYKEY([EncryptedText])) as DecryptedText FROM [dbo].[TestTable]; 

EXEC sp_executesql @close

如果你用錯誤的密碼，它拋出了以下錯誤執行：

Msg 15466, Level 16, State 1, Line 1 
An error occurred during decryption. 
Msg 15315, Level 16, State 1, Line 1 
The key 'skey' is not open. Please open the key before using it.

我是不是應該換EXEC sp_executesql @open在TRY ... CATCH並返回NULL還是有一個（更多）優雅的方式處理這個？

編輯：什麼是最好的方式來處理用不正確的密碼調用這個過程的人？使用密鑰

來源

2012-01-09 Greg

例，請檢查您的數據和代碼：

CREATE ASYMMETRIC KEY akey WITH ALGORITHM = RSA_2048 
ENCRYPTION BY PASSWORD = 'aaa123' 
GO 
CREATE SYMMETRIC KEY skey WITH ALGORITHM = AES_256 ENCRYPTION BY ASYMMETRIC KEY akey 
GO 

DECLARE @t TABLE(plain VARCHAR(100), ciphered VARBINARY(MAX), unciphered VARCHAR(100)) 

INSERT @t(plain) 
VALUES('11111'), ('22222'), ('33333') 

OPEN SYMMETRIC KEY skey DECRYPTION BY ASYMMETRIC KEY akey WITH PASSWORD = 'aaa123' 

UPDATE @t SET Ciphered = ENCRYPTBYKEY(KEY_GUID('skey'), plain) 


UPDATE @t SET unciphered = CAST(DECRYPTBYKEY(ciphered) AS VARCHAR) 

SELECT * FROM @t 

CLOSE SYMMETRIC KEY skey 
DROP SYMMETRIC KEY skey 
DROP ASYMMETRIC KEY akey

對於錯誤的密碼解密嘗試嘗試下面的示例中的正確記錄，具有可變@password玩：

CREATE ASYMMETRIC KEY akey WITH ALGORITHM = RSA_2048 
ENCRYPTION BY PASSWORD = 'aaa123' 
GO 
CREATE SYMMETRIC KEY skey WITH ALGORITHM = AES_256 ENCRYPTION BY ASYMMETRIC KEY akey 
GO 

DECLARE @t TABLE(plain VARCHAR(100), ciphered VARBINARY(MAX), unciphered VARCHAR(100)) 

INSERT @t(plain) 
VALUES('11111'), ('22222'), ('33333') 

OPEN SYMMETRIC KEY skey DECRYPTION BY ASYMMETRIC KEY akey WITH PASSWORD = 'aaa123' 

UPDATE @t SET Ciphered = ENCRYPTBYKEY(KEY_GUID('skey'), plain) 
CLOSE SYMMETRIC KEY skey 

DECLARE @open nvarchar(200), @close nvarchar(200), @password VARCHAR(20) = 'aaa123x' 
SET @open = 'OPEN SYMMETRIC KEY skey DECRYPTION BY ASYMMETRIC KEY akey WITH PASSWORD = ' + quotename(@password,'''') + ';'; 
SET @close = 'CLOSE SYMMETRIC KEY skey;'; 
BEGIN TRY 
    EXEC sp_executesql @open 
    UPDATE @t SET unciphered = CAST(DECRYPTBYKEY(ciphered) AS VARCHAR) 
    SELECT * FROM @t 
    EXEC sp_executesql @close 
END TRY BEGIN CATCH 
    SELECT 'Do whatever you want to do here with this caller. Suspicious caller: '+SUSER_SNAME()+', at: '+CAST(GETDATE() AS VARCHAR) 
END CATCH 

DROP SYMMETRIC KEY skey 
DROP ASYMMETRIC KEY akey

來源

2012-01-09 04:54:25

有關如何在使用此方法時更好地防範SQL注入的任何想法？ – Greg 2012-01-09 04:59:08

像往常一樣 - 因爲你不能傳遞密碼作爲參數，使用自定義密碼字符串檢查，並運行在用戶，只有一個訪問權限下的語句 - 讀取和解密特定列從特定表 – 2012-01-09 05:03:36

您的代碼仍然產生我之前得到的同樣的錯誤 – Greg 2012-01-09 05:09:46

Alter PROCEDURE [dbo].[EncryptAndSaveValues] 
@Value as varchar(100), 
@EnKey as varchar(100) 
AS 
BEGIN 

set nocount on 

Declare @sql nvarchar(1000) 

set @sql=' 
Create Symmetric Key SymmetricKeyforPortal 

With algorithm=desx 

Encryption by password=N'''[email protected]+'''' 

--print @sql 

exec sp_executesql @sql 

set nocount off 
end

https://forums.asp.net/t/1348389.aspx?Declaring+Symmetric+Key+in+Stored+procedure

來源

2017-10-20 06:30:50

在存儲過程中使用密碼打開對稱密鑰

回答

相關問題