No certificates available in the Protocols for MSSQKSERVER Properties window

I am trying to set up SQL Server 2005 to use a test certificate from Thawte for SSL encryption. I have installed the certificate in the local computer, current user and service account's personal certificates folders. I have also installed the root certificate in the Trusted Root Certification Authorities folders of each. All this was done using MMC.

However, when I go to tell SQL Server to use the certificate, no certificates show up in the drop down box. I am using SQL Server Configuration Manager and doing the right-click\Properties\Certificate steps shown in multiple KB and forum articles.

I have also checked the registry entry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\MSSQLServer\SuperSocketNetLib\Certificate. It is blank, which tells me SQL Server should be looking in the certificate store.

If I simply set the ForceEncryption flag, SQL Server starts up OK and generates a self-signed certificate. Using that, the session does get encrypted. However, I need to use a third party certificate.

I have hit a brick wall and am at a loss. Any help would be greatly appreciated.

Please check the following blog see if you certificate meets the requirements:

http://blogs.msdn.com/sql_protocols/archive/2005/12/30/508311.aspx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\MSSQLServer\SuperSocketNetLib\Certificate

store the hash, You can manually set the certificate hash if your does not meet all requirements. To see it in SCM, the cert must meet all requirements.

|||

That blog is one of many I have been working with. Here is what I can ascertain so far-

1) It is in the local computer personal share, the current user personal share and the service (MSSQLSERVER) personal share.

2) Timestamps/system time are synched up.

3) Enhanced Key Usage contains these values-

Server Authentication (1.3.6.1.5.5.7.3.1)

Client Authentication (1.3.6.1.5.5.7.3.2)

4) Not sure how/where to check this.

5) Does not apply.

I have also tried to manually set the certificate in the registry by entering the thumbprint of the certificate into the Certificate key. SQL Server will not start, however, when I try that. What is the correct format for doing that?

One other factor I forgot to mention earlier is that this is being done on a VM in our test bed. Would that have any effect on how this stuff works?

Thanks!

|||

Since 5) does not apply, SCM won't be able to find it. So, you can use hash to load. To do this, you need make sure your server is Yukon SP1+.

VM should not affect this if it's connect to your network.

If your cert thumbprint is

48 b7 ba ff 00 23 30 ...The format of the certificate registry should be 48b7baff002330..., i.e. remove all spaces.

For requirement 4), check the details of the cert, in field of Key Usage, it should contain Key Encipherment which is AT_KEYEXCHANGE.

|||

I am currently downloading and installing SP2.

While looking at the cert, I don't see a Key Usage field. All I see is the Enhanced Key Usage field which contains the values I listed above. I tried generating a new cert and didn't see any way to force that option either. Is there a secret to this?

Also, when entering the thumbprint do I need to prefix with 0x or anything?

Thanks!

|||

You should be able to see it with:
"certutil -v -store my" from cmd window.

or try

1. Log on to the computer that issued the certificate request by using an account that has administrative permissions. 2. Click Start, click Run, type mmc, and then click OK. 3. On the File menu, click Add/Remove Snap-in. 4. In the Add/Remove Snap-in dialog box, click Add. 5. Click Certificates, and then click Add. 6. In the Certificates snap-in dialog box, click Computer account, and then click Next. 7. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish. 8. Click Close, and then click OK. 9.

In the Certificates snap-in, expand Certificates,

You should be able to find it in the "details" tab of that cert|||

Here is the dump of certutil -

================ Certificate 0 ================
X509 Certificate:
Version: 3
Serial Number: 2645916f2c925d570d76a61d83610494
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Issuer:
CN=Thawte Test CA Root
OU=TEST TEST TEST
O=Thawte Certification
S=FOR TESTING PURPOSES ONLY
C=ZA

NotBefore: 4/5/2007 2:06 PM
NotAfter: 4/26/2007 2:06 PM

Subject:
CN=hydra-head2.testwa.crossroads.com
OU=Thawte SSL123 certificate
OU=Go to https://www.thawte.com/repository/index.html
OU=Domain Validated
O=hydra-head2.testwa.crossroads.com

Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 bb 64 f8 72 3a 54 f6 25 36
0010 fb 03 9b b8 b9 01 25 48 a7 3c 0e 5e 16 05 68 8a
0020 78 be b6 d7 18 22 93 f5 b0 2b 1c b7 c4 d0 92 fc
0030 4f 18 03 67 5e 04 4a 27 ea a6 64 fd 76 1f 8e 3a
0040 b5 f9 72 22 a3 4c 36 f9 53 2d d2 bd 26 08 72 ed
0050 19 8e e8 4d 98 a1 5d 3d 03 71 58 89 97 75 1a d7
0060 de 2b 55 8e 61 10 5c ac 43 91 c5 c9 71 25 62 ce
0070 d4 a1 cb 82 9a c3 dd 74 8e 7b b6 07 7f fa 0c 3f
0080 c3 30 97 e1 26 38 b9 02 03 01 00 01
Certificate Extensions: 3
2.5.29.19: Flags = 1(Critical), Length = 2
Basic Constraints
Subject Type=End Entity
Path Length Constraint=None

2.5.29.37: Flags = 0, Length = 16
Enhanced Key Usage
Server Authentication (1.3.6.1.5.5.7.3.1)
Client Authentication (1.3.6.1.5.5.7.3.2)

1.3.6.1.5.5.7.1.1: Flags = 0, Length = 26
Authority Information Access
[1]Authority Info Access
Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1)
Alternative Name:
URL=http://ocsp.thawte.com

Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 8c 41 ee 33 60 d1 76 5b 46 4f 35 b2 72 1a 1e 76
0010 a3 48 a9 d8 73 3c 00 fe 3b 25 f4 b6 d5 21 ed 40
0020 cf 00 47 6d 85 03 94 bb b4 9a 15 10 81 5b 19 19
0030 5b 44 c8 65 9b 21 b2 83 9d 24 23 1b 94 c6 7b c2
0040 50 9b eb 45 51 2c 93 e2 5f 95 d3 26 8f eb 43 b3
0050 ca 7a b3 88 fd b5 65 a4 73 c1 c2 fa b2 2a c7 e4
0060 d0 16 f9 8c d5 4b 42 b1 74 1f 71 35 d3 19 1d f3
0070 cf bb 31 5d 3c fd e5 40 e8 4d 57 f5 5b 4a 5c a1
Non-root Certificate
Key Id Hash(sha1): 2a b6 1c 2d 54 2e 6a 9c f4 17 00 40 d0 fc 35 17 63 2d 2d 31
Cert Hash(md5): b5 bd d0 79 92 0c 4d ef 92 3c 96 57 e3 bd 95 da
Cert Hash(sha1): e5 28 6e 6b a6 52 80 c5 e5 b6 c7 39 42 6a ec 90 88 72 38 97

CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25):
0e 33 b0 bb ad 58 85 fb ca 71 e4 36 76 24 09 70

CERT_MD5_HASH_PROP_ID(4):
b5 bd d0 79 92 0c 4d ef 92 3c 96 57 e3 bd 95 da

CERT_SHA1_HASH_PROP_ID(3):
e5 28 6e 6b a6 52 80 c5 e5 b6 c7 39 42 6a ec 90 88 72 38 97

CERT_KEY_IDENTIFIER_PROP_ID(20):
2a b6 1c 2d 54 2e 6a 9c f4 17 00 40 d0 fc 35 17 63 2d 2d 31

CERT_SIGNATURE_HASH_PROP_ID(15):
58 64 bb 17 9f ff 41 1a 89 c8 b2 28 a5 0f 26 10 f1 df 44 44
No stored keyset property

================ Certificate 1 ================
Archived!
X509 Certificate:
Version: 3
Serial Number: 0cfd25b54b764cb242f8b97915316b8f
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Issuer:
CN=hydra-head2
DC=testwa
DC=crossroads
DC=com

NotBefore: 4/5/2007 10:41 AM
NotAfter: 4/5/2012 10:49 AM

Subject:
CN=hydra-head2
DC=testwa
DC=crossroads
DC=com

Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters:
05 00
Public Key Length: 2048 bits
Public Key: UnusedBits = 0
0000 30 82 01 0a 02 82 01 01 00 c3 b0 88 ce 69 68 03
0010 09 7e 59 8b 0f 3f fd 9d ef 60 5f 45 41 dd 4b 8e
0020 97 23 b6 5a bd 75 b6 73 23 7f 45 f8 42 ee 4d dc
0030 12 81 f5 50 d5 bb 88 e4 83 d4 d7 8e d2 55 9c 14
0040 c0 43 8e 4e 94 d2 99 fd af e8 22 5c af 50 2b 3b
0050 00 1a 0f 62 9c 1a e8 c9 b0 66 1d 1a b8 05 3d fb
0060 08 7d fd 79 6e cc bf e7 c3 e5 34 86 f9 7e ff 88
0070 d5 e8 68 48 e4 d1 ef 39 96 2b a0 24 c8 0f af 7d
0080 b9 9e 6c de 59 de f6 09 da be d7 ab ca 77 19 bc
0090 68 00 41 67 3c 46 99 16 b8 7e 7a de a8 ad c2 08
00a0 8b f4 fb 76 aa 38 cf 35 fd f3 29 b1 fd 69 63 89
00b0 a5 4d 31 18 d6 f5 e0 f3 65 68 ac 85 df 52 7f 7d
00c0 46 fc 34 bd 23 77 3d 16 7e 0b ae d1 f2 89 6c 1e
00d0 04 5f b3 57 38 18 52 1b 1e 1c 1c 54 19 63 c6 31
00e0 48 52 fe 8f f3 0b 02 66 68 dc 20 16 81 76 ac 26
00f0 01 a4 78 67 aa 39 4b 48 04 a2 bc b4 31 c7 4d f7
0100 00 77 16 da 33 36 27 37 1f 02 03 01 00 01
Certificate Extensions: 5
2.5.29.15: Flags = 0, Length = 4
Key Usage
Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)

2.5.29.19: Flags = 1(Critical), Length = 5
Basic Constraints
Subject Type=CA
Path Length Constraint=None

2.5.29.14: Flags = 0, Length = 16
Subject Key Identifier
f6 6a 65 5f 02 fd 68 36 a9 c1 a7 87 f4 83 cb 1b e0 bc 1a 9e

2.5.29.31: Flags = 0, Length = 98
CRL Distribution Points
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://hydra-head2.testwa.crossroads.com/CertEnroll/hydra-head2.crl
URL=file://\\hydra-head2.testwa.crossroads.com\CertEnroll\hydra-head2.crl

1.3.6.1.4.1.311.21.1: Flags = 0, Length = 3
CA Version
V0.0

Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 f8 78 31 c6 95 c3 23 4e d1 ae 35 a9 17 54 c9 a9
0010 1d 90 b3 45 19 2e 87 e7 2f 4e 9f 2b ec 1a e5 56
0020 57 3b f0 12 75 bf f7 2e 7e 98 05 69 71 94 60 b2
0030 d2 3d a7 80 8e 23 ca 5f 5e 73 43 d7 b8 ea fd 62
0040 32 fb da 3d 25 e1 cd d7 a2 4d 83 e4 81 dd f8 a5
0050 f3 dd 0e 83 ae 8f 43 ae d8 7d 2d 10 3e f5 e4 7b
0060 cd 1c 24 f0 48 92 33 07 9a 02 b5 2f e8 f3 d5 84
0070 ba 5a 3f 0a 6c ee 14 d1 61 29 d4 b7 c7 34 c7 0f
0080 72 1d 91 38 f2 40 18 4a 2a 84 d7 51 5b 4a b4 02
0090 2d 53 c6 5f 5a ba 05 00 e3 de 12 91 47 69 ae 12
00a0 0d 09 45 87 6a d8 27 30 a9 75 e9 9b 90 27 7d 48
00b0 bd d0 21 b1 3e 3c e3 82 5f 63 2c 77 31 b4 ba 91
00c0 71 63 62 3f 5e 56 36 d3 24 5b e7 72 e9 c3 59 59
00d0 40 6c 2a 1e 46 b1 5c e6 f8 9e d0 83 01 64 3f 84
00e0 f3 25 dd c9 b5 10 81 01 d4 e9 e5 96 54 12 9c 43
00f0 2d 42 a0 f6 4c b5 22 26 de fa b4 e3 8f b6 c0 25
Signature matches Public Key
Root Certificate: Subject matches Issuer
Key Id Hash(sha1): f6 6a 65 5f 02 fd 68 36 a9 c1 a7 87 f4 83 cb 1b e0 bc 1a 9e
Cert Hash(md5): 76 78 1d 95 5c a5 14 82 41 f4 84 26 a8 c1 a6 54
Cert Hash(sha1): 15 6c ad 1e 8c e5 f8 c5 32 e0 c8 41 ca 60 4c 9a ab ad d2 96

CERT_SIGNATURE_HASH_PROP_ID(15):
23 a9 8c 51 fb 1a 37 0c 1a 13 86 87 6e fa c7 20 d9 bd 49 82

CERT_KEY_IDENTIFIER_PROP_ID(20):
f6 6a 65 5f 02 fd 68 36 a9 c1 a7 87 f4 83 cb 1b e0 bc 1a 9e

CERT_KEY_PROV_INFO_PROP_ID(2):
Key Container = hydra-head2
Provider = Microsoft Strong Cryptographic Provider
ProviderType = 1
Flags = 20
KeySpec = 2

CERT_SHA1_HASH_PROP_ID(3):
15 6c ad 1e 8c e5 f8 c5 32 e0 c8 41 ca 60 4c 9a ab ad d2 96

CERT_MD5_HASH_PROP_ID(4):
76 78 1d 95 5c a5 14 82 41 f4 84 26 a8 c1 a6 54

CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25):
9d d7 87 52 6e 5d f5 46 af ef ea b7 4b bb 2a d3

CERT_ARCHIVED_PROP_ID(19):
c3ffa03e8d4e3852d02c9517e827554a_3ebcabb6-dceb-40ac-b109-3c07d23ca16b

Private Key:
PRIVATEKEYBLOB
Version: 2
aiKeyAlg: 0x2400
CALG_RSA_SIGN
Algorithm Class: 0x2000(1) ALG_CLASS_SIGNATURE
Algorithm Type: 0x400(2) ALG_TYPE_RSA
Algorithm Sub-id: 0x0(0) ALG_SID_RSA_ANY
0000 52 53 41 32 RSA2
0000 ...
048c
Signature test passed
CertUtil: -store command completed successfully.

Also, the thumbprint in MMC is for the root certificate, not the test cert. Which one of these values do you put in the registry?

Thanks!

|||Your second one has Key Usage. The first one does not. Where/how do you get the cert? You can contact them why it's different than others. I'm not sure if we can support this cert(most likely not), but you can try using hash.|||

These particular certs are from Thawte. The first one, I believe is their root certificate you can download. The second one is a one of their trial certs.

I put the sha1 hash for certificate 1 (15 6c ad 1e 8c e5 f8 c5 32 e0 c8 41 ca 60 4c 9a ab ad d2 96) into the registry. I am now getting the following error(s) in the log-

2007-04-05 15:34:03.96 Server Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86)
Oct 14 2005 00:33:37
Copyright (c) 1988-2005 Microsoft Corporation
Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 1)

2007-04-05 15:34:03.98 Server (c) 2005 Microsoft Corporation.
2007-04-05 15:34:03.98 Server All rights reserved.
2007-04-05 15:34:03.98 Server Server process ID is 2496.
2007-04-05 15:34:03.98 Server Logging SQL Server messages in file 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG'.
2007-04-05 15:34:03.99 Server This instance of SQL Server last reported using a process ID of 2040 at 4/5/2007 2:55:24 PM (local) 4/5/2007 7:55:24 PM (UTC). This is an informational message only; no user action is required.
2007-04-05 15:34:03.99 Server Registry startup parameters:
2007-04-05 15:34:04.01 Server -d C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf
2007-04-05 15:34:04.01 Server -e C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG
2007-04-05 15:34:04.01 Server -l C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf
2007-04-05 15:34:04.07 Server SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.
2007-04-05 15:34:04.07 Server Detected 1 CPUs. This is an informational message; no user action is required.
2007-04-05 15:34:04.46 Server Using dynamic lock allocation. Initial allocation of 2500 Lock blocks and 5000 Lock Owner blocks per node. This is an informational message only. No user action is required.
2007-04-05 15:34:05.12 Server Attempting to initialize Microsoft Distributed Transaction Coordinator (MS DTC). This is an informational message only. No user action is required.
2007-04-05 15:34:07.33 Server Attempting to recover in-doubt distributed transactions involving Microsoft Distributed Transaction Coordinator (MS DTC). This is an informational message only. No user action is required.
2007-04-05 15:34:07.36 Server Database Mirroring Transport is disabled in the endpoint configuration.
2007-04-05 15:34:07.47 spid5s Starting up database 'master'.
2007-04-05 15:34:07.91 spid5s Recovery is writing a checkpoint in database 'master' (1). This is an informational message only. No user action is required.
2007-04-05 15:34:08.11 spid5s SQL Trace ID 1 was started by login "sa".
2007-04-05 15:34:08.17 spid5s Starting up database 'mssqlsystemresource'.
2007-04-05 15:34:08.39 spid5s Server name is 'HYDRA-HEAD2'. This is an informational message only. No user action is required.
2007-04-05 15:34:08.41 spid9s Starting up database 'model'.
2007-04-05 15:34:08.92 spid9s Clearing tempdb database.
2007-04-05 15:34:09.30 Server Error: 26014, Severity: 16, State: 1.
2007-04-05 15:34:09.30 Server Unable to load user-specified certificate. The server will not accept a connection. You should verify that the certificate is correctly installed. See "Configuring Certificate for Use by SSL" in Books Online.
2007-04-05 15:34:09.32 Server Error: 17182, Severity: 16, State: 1.
2007-04-05 15:34:09.32 Server TDSSNIClient initialization failed with error 0x80092004, status code 0x80.
2007-04-05 15:34:09.35 Server Error: 17182, Severity: 16, State: 1.
2007-04-05 15:34:09.35 Server TDSSNIClient initialization failed with error 0x80092004, status code 0x1.
2007-04-05 15:34:09.35 Server Error: 17826, Severity: 18, State: 3.
2007-04-05 15:34:09.35 Server Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
2007-04-05 15:34:09.36 Server Error: 17120, Severity: 16, State: 1.
2007-04-05 15:34:09.36 Server SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

Based on this article http://support.microsoft.com/kb/928779, it sounds like it is an issue with the type of cryptographic service provider for the SQL Server certificate. Does this indicate some progress on getting this solved? Am I correct in this assumption?

Thanks!

|||Yes. This means the cert is invalid and we could not load/use it. You have to fix the cert issue.

Newbie: sql 2005 encryption or where do I put that key?

I can encrypt columns in sql 2005 but where do I store the key to decrypt the columns?

I can store the key in the database (or server on which the database resides) but I think that offers little security. I could store the key on another server that the sql server accesses only upon startup (though I don't know exactly how to do that). Or I could store the key on a removable drive that is read (and only needed) when the sql server starts up.

What are your ideas on this matter?

TIA,

barkingdog

Have a look at the encryption hierarchy in SQL Server: http://msdn2.microsoft.com/en-US/library/ms189586.aspx. Also check the other resources mentioned here: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=286374&SiteID=1.

If you store the key in the database, it is stored encrypted. I am not sure why would you think that this scheme offers "little security", can you elaborate on that statement? Before discussing a protection scheme, it would be helpful to state what you are trying to protect against - against what attacks do you want to protect the key?

Thanks
Laurentiu

|||

Laurentiu,

From what you said about storing the key in the database I obviously have a misconception here. But how then, is one supposed to access the encrypted key to de-crypt the data for later display in the UI? Is there a "proxy" stand-in for the real key once it is encrypted?

My concern is to prevent outsiders from, if they somehow gained access to the database (say a stolen or lost backup tape), from being able to decode sensitive fields such as Social Security number. At the same time, when a SSN is entered via the UI the application needs the key to drive the encryption of sensitive fields.

Barkingdog

|||

Basically, there are two ways to encrypt keys (hence two ways to decrypt them): one is to eventually use a password, so the password needs to be specified when the key needs to be used; the second protection is based on DPAPI, so no password needs to be specified. DPAPI basically uses the credentials of the machine and of the service account to protect the key, so to break it, one would have to know those credentials.

For details on DPAPI, see http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/cryptprotectdata.asp. How DPAPI ties in to the key protection scheme is shown in the key hierarchy diagram from the first link in my previous message - you have a chain of encryptions rooted at the DPAPI encryption of the service master key.

For additional information and examples, see the blogs I referred to you earlier. The example from http://blogs.msdn.com/lcris/archive/2005/12/16/504692.aspx has the symmetric keys protected so that no password is required for their use (access control for keys is done through permissions). The post from http://blogs.msdn.com/lcris/archive/2005/10/14/481434.aspx goes over additional considerations related to the use of encryption keys. For a discussion of the protection conferred by encryption, see http://blogs.msdn.com/lcris/archive/2005/12/20/506187.aspx.

For the following explanation, I will assume that you have examined the key hierarchy diagram and that you understand the encryption chain. I will also use SMK and DbMK as shortcuts for the service master key and, respectively, database master key.

In the case of a stolen backup tape that contained a database with encrypted data, the thief cannot decrypt the data without knowledge of the password that protects the DbMK. So the data is secure because removing a database from the server will cut the database from the encryption chain that allows its data to be decrypted.

If you're worried about a stolen laptop scenario, this threat is a little different from the previous one because the thief might be able to figure out how to gain full control of the laptop so that he can connect to the server as usual and decrypt the data. For this scenario you would want to protect the encryption keys by password, and then have the password specified when you're accessing the data (think of it as an additional login operation that grants access to the encrypted data). This would protect against a lost laptop scenario because even with full access to the laptop, knowledge of the password is still required.

Thanks
Laurentiu

|||

Hi,

I have a different type of problem. Lets say I have created a Symetric key (without using a password) and i authorize that key to a user called ASP_NET_My_Appln.

This user is used by my UI(ASP.NET) for querying the DB.

All the programmers who are coding the project WILL know the key name that we are using for encrypting / decrypting the data.

Therefore any programmer who can log into the production server or for that matter the local environment (where we place production server dumps to get the latest data) can decrypt the data by passing a simple SQL like this:

select EncryptXXX(Key,Column) from table

To protect the same I had to resort to use a password phrase. But however there is a problem there too. All the SQLs that we use are stored in SPs. Therefore a sample SP would be:

Sp_GetData @.pwd varchar(10)
AS
OPEN SYMMETRIC...... Password=@.pwd
select EncryptXXX(Key,Column) from table
Close Symmetric...

Anybody who is running the profiler can now read the password as the profiler does not block the same.

What is the best way to overcome this?

Therefore categorising the problems:
1. As far as I see the decyprtion seems to be a very simple select statement. Therefore anyone who has access to the server and knows the correct Key name and table name etc can do the same (Which a programmer WILL know).
2. Profiler is capable of blocking the actual select statements that use encryption commands but NOT the SP that takes the password. How can I overcome that? Should I change my design? Once again the password cannot be hardcoded into an SP as any developer can open it and look into it.

Kindly correct me if I have misqouted anything.

|||

1. To decrypt, you need to have previously opened the key. The access checks on the key and the knowledge of the passwords used to access the key come into place at this time, and it is these checks that restrict the access and use of an encryption key.

2. You're right about not wanting to hardcode the password in a SP. You should treat the key password as a login password and issue a direct OPEN SYMMETRIC KEY statement whenever you want to use the key - the password passed to OPEN will not be traced.

However, I am not sure I understand your scenario very well. Why are your programmers manipulating sensitive data while developing the application? What kind of access to the database and to the sensitive data do they need?

Thanks
Laurentiu

|||>>However, I am not sure I understand your scenario very well. Why are your programmers manipulating sensitive data while developing the application? What kind of access to the database and to the sensitive data do they need?

Its like an internal application that deals with the data for the entire organisation (really sensitive data of employees).

So the programmers themselves MIGHT be hackers...

Since I have to give access to my UI user, anybody who gets hold on the connection string can open a connection to the DB and remove the data by a very simple select stmt. So to protect this I wanted to have passwords for the key. But now i am stuck as to how to protect the password from hackers...|||

As long as the password is not hardcoded in the application, for the programmers to see, they should not be able to get it from just examining the code. What are your concerns if the user is specifying the password to the application?

Thanks
Laurentiu

|||Hi,

When you mean "As long as the password is not hardcoded in the application, for the programmers to see, they should not be able to get it from just examining the code. What are your concerns if the user is specifying the password to the application?"

Are you talking about the UI? If yes then the problem arises when I have to pass it to the DB (to an SP in the DB).

Where and how exactly do you want me to store the password that protects the key?|||

I am suggesting to have the user specify the password. I am not suggesting for the password to be stored somewhere where it can be programmatically retrieved, given that you are trying to prevent the developers of your application from accessing it. Also, I am not suggesting for the password to be passed around as an argument to stored procedures (which would make it visible in a trace) - it should just be passed to the OPEN SYMMETRIC KEY statement.

Thanks
Laurentiu

|||>>it should just be passed to the OPEN SYMMETRIC KEY statement

Exactly, but my open symmetric statement is inside an SP. There can be more than 100 SPs that have to access this password. In this case there are 2 options for me:

1. Hardcode the password in each SP.
2. Pass it as a parameter to the SP.

I choose the second one therefore the problem.|||

Why do you open the key inside the SP? Why can't you open it as part of the logon process for your application and keep it open for as long as you work with the encrypted data. Once you open a key, it is only available within the current session, so you don't have to worry about other users getting to it. Also, you don't need to open it and close it for each access to encrypted data. You can open it once, use it for many encryptions and decryptions (which can happen in stored procedures that you call - they will have access to the opened key), and then close it when you are done (or you can just disconnect your session and it will be destroyed).

Thanks
Laurentiu

|||Hi,

Before I implement your idea i would like to know more about the defenition of a current session.

I am using EntLib, therefore each call to an SP opens / closes a connection from the pool. How is the session defined in this case?

One more thing, to hide the data from the profiler i will have to pass the OPEN stmt as a direct SQL rather than using an SP right?|||

Hi,

You can use CLR function to open symetric key , The script will be in assembly

and the password is hidden at all.

Thanks,

Tarek Ghazali

SQL Server MVP

web site : www.sqlmvp.com

|||

Hi,

I am totally new to this. Could you possibly giude me to some tutorials on the same?