I've got a DB in which i need to store the encrypted values for a column. I use the SQL Server encryption format for encryption. The format is as follows:
CREATE MASTER KEY ENCRYPTION BY PASSWORD 'dsagfdsagv418515adsf'
CREATE CERTIFICATE 'CERTIFICATE_NAME'
CREATE SYMMETRIC KEY 'KEY_NAME'
WITH ALGORITHM = AES_256
ENCRYPTION BY CERTIFICATE 'CERTIFICATE_NAME';
Now I am able to encrypt and decrypt the column, using EncryptByKey and DecryptByKey functions resp.
Now I see a security threat here in a way, that the SYMMETRIC KEY is visible to DBA and other DB Users. They can always decrypt that column using the key anytime they want. This is not feasable in my application. Can someone please suggest what can be done to safeguard this key?
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!