I've got a DB in which i need to store the encrypted values for a column. I use the SQL Server encryption format for encryption. The format is as follows:
CREATE MASTER KEY ENCRYPTION BY PASSWORD 'dsagfdsagv418515adsf'
CREATE CERTIFICATE 'CERTIFICATE_NAME'
CREATE SYMMETRIC KEY 'KEY_NAME'
WITH ALGORITHM = AES_256
ENCRYPTION BY CERTIFICATE 'CERTIFICATE_NAME';
Now I am able to encrypt and decrypt the column, using EncryptByKey and DecryptByKey functions resp.
Now I see a security threat here in a way, that the SYMMETRIC KEY is visible to DBA and other DB Users. They can always decrypt that column using the key anytime they want. This is not feasable in my application. Can someone please suggest what can be done to safeguard this key?