Page 100 - DCAP508_DATABASE_ADMINISTRATION
P. 100
Database Administration
Notes 6.5.2 Encryption Mechanisms
SQL Server provides the following mechanisms for encryption:
Transact-SQL functions
Asymmetric keys
Symmetric keys
Certificates
Transparent Data Encryption
Transact-SQL Functions
Individual items can be encrypted as they are inserted or updated using Transact-SQL functions.
Certificates
A public key certificate, usually just called a certificate, is a digitally-signed statement that binds
the value of a public key to the identity of the person, device, or service that holds the
corresponding private key. Certificates are issued and signed by a certification authority (CA).
The entity that receives a certificate from a CA is the subject of that certificate. Typically, certificates
contain the following information.
The public key of the subject.
The identifier information of the subject, such as the name and e-mail address.
The validity period. This is the length of time that the certificate is considered valid.
A certificate is valid only for the period of time specified within it; every certificate
contains Valid From and Valid To dates. These dates set the boundaries of the validity
period. When the validity period for a certificate has passed, a new certificate must be
requested by the subject of the now-expired certificate.
Issuer identifier information.
The digital signature of the issuer.
This signature attests to the validity of the binding between the public key and the identifier
information of the subject. (The process of digitally signing information entails transforming the
information, as well as some secret information held by the sender, into a tag called a signature.)
A primary benefit of certificates is that they relieve hosts of the need to maintain a set of
passwords for individual subjects. Instead, the host merely establishes trust in a certificate
issuer, which may then sign an unlimited number of certificates.
When a host, such as a secure Web server, designates an issuer as a trusted root authority, the
host implicitly trusts the policies that the issuer has used to establish the bindings of certificates
it issues. In effect, the host trusts that the issuer has verified the identity of the certificate
subject. A host designates an issuer as a trusted root authority by putting the self-signed certificate
of the issuer, which contains the public key of the issuer, into the trusted root certification
authority certificate store of the host computer. Intermediate or subordinate certification
authorities are trusted only if they have a valid certification path from a trusted root certification
authority.
94 LOVELY PROFESSIONAL UNIVERSITY
