sql-server - SQL Server 将算法从 TRIPLE_DES 更改为 AES_128

问题描述

我想更改 SQL Server 数据库的算法，因为它将从 2008R2 更新到 2017。

我想要删除并放置 AES 128 的 TRIPLE DES 代码是：

CREATE MASTER KEY ENCRYPTION
BY PASSWORD ='mypassword'
go

CREATE CERTIFICATE my_certificate
ENCRYPTION BY PASSWORD = 'mypassword'
WITH SUBJECT = 'Password',
EXPIRY_DATE = '12/31/2199';
go

CREATE SYMMETRIC KEY my_symmetric_key
WITH ALGORITHM = TRIPLE_DES
ENCRYPTION BY CERTIFICATE my_certificate;
go

GRANT CONTROL ON CERTIFICATE::my_certificate TO public
GO 
GRANT VIEW DEFINITION ON SYMMETRIC KEY::my_symmetric_key TO public
GO 
GRANT REFERENCES ON SYMMETRIC KEY::my_symmetric_key TO public
GO 
GRANT CONTROL ON SYMMETRIC KEY::my_symmetric_key TO public
GO 

我试图将它们全部删除并创建一个新的 AES 128：

DROP SYMMETRIC KEY my_symmetric_key
go

DROP CERTIFICATE my_certificate
go

DROP MASTER KEY 
go

CREATE MASTER KEY ENCRYPTION
BY PASSWORD ='mypassword'
go

CREATE CERTIFICATE my_certificate
WITH SUBJECT = 'Password',
EXPIRY_DATE = '12/31/2029';

CREATE SYMMETRIC KEY my_symmetric_key
WITH ALGORITHM   = AES_128, IDENTITY_VALUE = 'myidentityvalue', KEY_SOURCE = 'mykeysource'
ENCRYPTION BY PASSWORD = 'mypassword';

GRANT CONTROL ON CERTIFICATE::my_certificate TO public
GO 
GRANT VIEW DEFINITION ON SYMMETRIC KEY::my_symmetric_key TO public
GO 
GRANT REFERENCES ON SYMMETRIC KEY::my_symmetric_key TO public
GO 
GRANT CONTROL ON SYMMETRIC KEY::my_symmetric_key TO public
GO 

虽然我没有收到错误，但我尝试了 ENCRYPTION

    OPEN SYMMETRIC KEY my_symmetric_key
        DECRYPTION BY CERTIFICATE my_certificate WITH PASSWORD = 'mypassword'
..
    SELECT CAST(EncryptByKey(Key_Guid('my_symmetric_key') , @thingtodecrypt) as varbinary)

我得到这个错误：

The key is not encrypted using the specified decryptor

任何帮助表示赞赏

标签： sql-serverencryptionaesdes