Browse by Tags

Tagged Content List
  • Blog Post: Always Encrypted Key rotation – Column master Key rotation.

    Many standards that are used to regulate data security define key rotation requirements in order to meet compliance. In many cases, there are defined regulations that distinguish between the key-encrypting keys (KEK) and data-encrypting keys (DEK) key rotation strategy. In this article, we will be discussing...
  • Blog Post: Encrypting Existing Data with Always Encrypted

    As you have learned from our previous articles, Always Encrypted is a client-side encryption technology - sensitive data is transparently encrypted and decrypted within a client application by a client driver. SQL Server does not have access to plaintext encryption keys and cannot encrypt or decrypt...
  • Blog Post: Always Encrypted Key Metadata

    In the previous articles on Always Encrypted, we used two sample applications (a console app and an ASP .NET web app) to demonstrate how to use Always Encrypted to protect sensitive information stored in a database. We showed a process for setting up Always Encrypted, including configuring the keys –...
  • Blog Post: Developing Web Apps using Always Encrypted

    In our first post on the Always Encrypted technology, Getting Started with Always Encrypted , we showed how to develop a simple console app using Always Encrypted to protect sensitive information. In this article, we will demonstrate the process of developing a web application using Always Encrypted...
  • Blog Post: Getting Started With Always Encrypted

    The recently released SQL Server 2016 Community Technology Preview 2 introduced Always Encrypted , a new security feature that ensures sensitive data is never seen in plaintext in a SQL Server instance. Always Encrypted works by transparently encrypting the data in the application, so that SQL Server...
  • Blog Post: Recommendations for using Cell Level Encryption in Azure SQL Database

    When we introduced Transparent Data Encryption (TDE) to Azure SQL Database, we also introduced Cell-Level Encryption (CLE, also known as SQL Server key hierarchy). For more details on TDE on Azure SQL Database, I would recommend visiting the Channel9 show for an excellent introduction: https://channel9...
  • Blog Post: SQL Application Column Encryption Sample (Codeplex) available

    To achieve many compliance guidelines on Azure SQL Database, the application needs to encrypt the data. The intent of this article is provide some guidelines and an example library for encrypting data at rest for relational databases. We just published the source code for a library at “SQL Application...
  • Blog Post: Integrity checks with EncryptByKey

    This article is a follow up to “Prevent Tampering of Encrypted Data Using @add_authenticator Argument for ENCRYPTBYKEY” . In the last article we described a scenario where the security risk of copying encrypted data from one row to another could be blocked, but there are other scenarios that...
  • Blog Post: Revisiting the RC4 / RC4_128 Cipher

    The implementation of RC4/RC4_128 in SQL Server does not salt the key and this severely weakens the security of data that is encrypted using the RC4/RC4_128 algorithm. In cryptography, an initialization vector (IV) is a fixed size input to a cryptographic algorithm that is typically required to be...
  • Blog Post: How To: Share a Single EKM Credential among Multiple Users

    SQL Server Extensible Key Management (EKM) requires the authentication information (user/password) to be stored in a credential mapped to the primary identity. This version of EKM cannot be used under an impersonated context; that is, you cannot access the EKM while running a module with the EXECUTE...
  • Blog Post: SQL Server EncryptByKey cryptographic message description

    Since the introduction of SQL Server 2008 extensible key management (EKM), new opportunities may arise to handle data encryption on the client while still making the plaintext data accessible to authorized users in SQL Server. One issue between SQL Server and third party clients has been already discussed...
  • Blog Post: SQL Server 2005 Encryption – Encryption and data length limitations (feedback page)

    We have received some feedback regarding the “SQL Server 2005 Encryption – Encryption and data length limitations” article, but unfortunately the owner of this blog is no longer a member of our team and we really don’t have access to it in order to answer to your feedback properly. I would like...
  • Blog Post: OPEN SYMMETRIC KEY scope in SQL Server

    Recently I have heard a few questions regarding the scope of the SYMMETRIC KEY key-ring, especially when using modules (i.e. stored procedures) to open a key. One particular topic that got my attention is the impression that the OPEN SYMMETRIC KEY call may “leak outside the module” (i.e. the key will...
Page 1 of 1 (13 items)