我看到SQL Server 2016的總是加密功能上的各種文章描述了使用SQL Server Management Studio UI或使用New-SqlColumnEncryptionKey powershell命令創建列加密密鑰。但是如果C#客戶端應用程序本身想要創建列加密密鑰呢?這個ENCRYPTED_VALUE列的格式是什麼?如何從c#客戶端創建總是加密的列加密密鑰
CREATE COLUMN ENCRYPTION KEY CEK1
WITH VALUES (
COLUMN_MASTER_KEY = CMK1,
ALGORITHM = 'RSA_OAEP',
ENCRYPTED_VALUE = ??????
對於證書存儲提供程序,您可以使用SqlColumnEncryptionCertificateStoreProvider.EncryptColumnEncryptionKey Method(例如,如下圖所示:
var randomBytes = new byte[ 32 ];
using (var rng = new RNGCryptoServiceProvider())
{
rng.GetBytes(randomBytes);
}
var provider = new SqlColumnEncryptionCertificateStoreProvider();
var encryptedKey = provider.EncryptColumnEncryptionKey(masterKeyPath, "RSA_OAEP", randomBytes);
var encryptedKeySerialized = "0x" + BitConverter.ToString(encryptedKey).Replace("-", "");
感謝this blog post指着我在正確的方向。