3

我正在构建一个存储员工信息的数据库,包括银行账户详细信息。存储银行帐户详细信息,以便我们可以检查当前或过去使用我们公司的员工,在我们的情况下,这可能是担心欺诈的一个原因。我一直在MSDN和其他地方阅读 SQL Server 2008 R2 Encrption and Decryption 并提出以下示例脚本:

IF NOT EXISTS(SELECT * FROM sys.symmetric_keys WHERE symmetric_key_id = 101)
    CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'BankDetai!5'
GO

CREATE CERTIFICATE Employees_01 WITH SUBJECT = 'Employee Bank Account Details'
GO

CREATE SYMMETRIC KEY AccountNos_01
    WITH ALGORITHM = AES_256
    ENCRYPTION BY CERTIFICATE Employees_01
GO

CREATE TABLE #Bank_Accounts
( Id            INT IDENTITY(1,1)   NOT NULL    CONSTRAINT PK_BankAccount_Id PRIMARY KEY CLUSTERED (Id ASC)
 ,AccountNumber VARBINARY(128)      NOT NULL
 ,BankName      NVARCHAR(255)       NOT NULL
 ,CountryCode   VARCHAR(2)          NOT NULL
 ,CreateDate    DATETIME2(0)        NOT NULL
 ,EmployeeId    INT                 NOT NULL
 ,IsActive      BIT                 NOT NULL
 ,SortCode      VARBINARY(128)      NOT NULL
);

OPEN SYMMETRIC KEY AccountNos_01
    DECRYPTION BY CERTIFICATE Employees_01;

CREATE TABLE #SampleBankAccounts
( Id INT IDENTITY(1,1)
 ,AccountNumber VARCHAR(255)
 ,BankName      NVARCHAR(255)
 ,CountryCode   VARCHAR(2)
 ,EmployeeId    INT NOT NULL
 ,IsActive      BIT
 ,SortCode      VARCHAR(255))

INSERT #SampleBankAccounts
SELECT * FROM
(   SELECT
         '123456789'    AccountNo
        ,'Barclays'     BankName
        ,'US'           Country
        ,1              Employee
        ,1              IsActive
        ,'12-34-56'     SortCode
UNION
    SELECT
         '9876543210'
        ,'Barclays'
        ,'US'
        ,1
        ,0
        ,'12-34-56'
UNION
    SELECT
         '111111111111'
        ,'HSBC'
        ,'UK'
        ,2
        ,1
        ,'222222'
UNION
    SELECT
         'IBAN 123 456 9875 3215'
        ,'Nationwide'
        ,'ES'
        ,3
        ,1
        ,'00_gn321654'
)AS Samples
ORDER BY Employee

MERGE #Bank_Accounts        AS Target
USING #SampleBankAccounts   AS Source   ON Target.EmployeeId = Source.EmployeeId
                                            AND Source.AccountNumber = Target.AccountNumber
                                            AND Source.BankName = Target.BankName
                                            AND Source.CountryCode = Target.CountryCode
                                            AND Source.SortCode = Target.SortCode
WHEN NOT MATCHED
    THEN INSERT (AccountNumber, BankName,CountryCode,CreateDate,EmployeeId,IsActive,SortCode)
        VALUES (
             ENCRYPTBYKEY(KEY_GUID('AccountNos_01'),Source.AccountNumber)
            ,Source.BankName
            ,Source.CountryCode
            ,GETDATE()
            ,Source.EmployeeId
            ,Source.IsActive
            ,ENCRYPTBYKEY(KEY_GUID('AccountNos_01'),Source.SortCode));
GO


DROP TABLE #SampleBankAccounts

这似乎工作正常,但现在我需要获取一个变量,例如@AccountNo,看看它是否与我们存储的任何银行账户匹配(我很可能会使用存储过程)。如果可能的话,我宁愿避免在任何脚本中解密,所以我想知道是否可以加密@AccountNo变量然后比较它,所以我们可能会看到匹配:

DECLARE @MyTestBankAccount NVARCHAR(255) = '123456789'
DECLARE @MyEncryptedTestBankAccount VARBINARY(128)

OPEN SYMMETRIC KEY AccountNos_01
    DECRYPTION BY CERTIFICATE Employees_01;

SELECT @MyEncryptedTestBankAccount = ENCRYPTBYKEY(KEY_GUID('AccountNos_01'),@MyTestBankAccount)

SELECT
     AccountNumber
    ,EmployeeId
FROM Bank_Accounts
WHERE
    @MyEncryptedTestBankAccount = AccountNumber

这不起作用;如您所见,我使用了应该出现在表中的帐号,但没有返回任何结果。我试图解密帐号列并将其与变量进行比较,但我得到了大量的汉字(就像在这个问题中一样),它们与加密和解密变量创建的字符不匹配,所以这也不适用于比赛......

那么为什么下面的查询(使用上面的数据)没有给我帐户详细信息的加密和解密值?我可以使用此方法针对给定的银行账户搜索员工银行账户吗?

OPEN SYMMETRIC KEY AccountNos_01
    DECRYPTION BY CERTIFICATE Employees_01;
SELECT
     AccountNumber                                  AS Encrypted_AccountNo
    ,EmployeeId                                     AS EmployeeId
    ,CONVERT(NVARCHAR,DECRYPTBYKEY(AccountNumber))  AS Decrypted_AccountNo
FROM Bank_Accounts
4

1 回答 1

0

于是我找到了答案:退出SQL Server,重新进入。

必须更新某些东西才能工作,因为现在一切都很好。

~温柔的尖叫~

于 2015-01-23T10:17:53.090 回答