鲁达 作为DBA数据库的安全显得特别的重要,如果数据库在备份的时候未进行加密,第三方拿到备份文件后便可以还原到任意一台服务器上,导致数据泄露的事情。
下面介绍下使用证书来备份数据库来保护数据的安全:
一、创建加密备份证书
1.---创建数据库主密钥
CREATE MASTER KEY ENCRYPTION BY PASSWORD='a@123'
2. ---打开当前数据库的主密钥
OPEN MASTER KEY DECRYPTION BY PASSWORD='a@123'
3.---导出数据库主密钥
BACKUP MASTER KEY TO FILE ='F:\bak\MASTER_key' ENCRYPTION BY PASSWORD='a@123'
4.---从备份文件中导入主数据库密钥
RESTORE MASTER KEY FROM FILE ='F:\bak\MASTER_key'
DECRYPTION BY PASSWORD='a@123'
ENCRYPTION BY PASSWORD='a@123'
5.---删除当前数据库的主密钥
CLOSE MASTER KEY ---如果当前密钥打开状态,需要先进行关闭
DROP MASTER KEY ---删除主密钥
6.---创建证书(使用下面第八步的方式创建证书)
CREATE CERTIFICATE MyCertificate ENCRYPTION BY PASSWORD ='a@123'
WITH SUBJECT='ENCRYPTION CERTIFICATE'
7.---备份证书
BACKUP CERTIFICATE MyCertificate TO FILE='F:\bak\MyCertificate'
WITH PRIVATE KEY(FILE ='F:\bak\; ,
DECRYPTION BY PASSWORD ='a@123',
ENCRYPTION BY PASSWORD='a@123'
)
8.---创建/还原证书
CREATE CERTIFICATE MyCertificate FROM FILE='F:\bak\MyCertificate'
WITH PRIVATE KEY(FILE ='F:\bak\;,
DECRYPTION BY PASSWORD ='a@123')
9.---删除证书
DROP CERTIFICATE MyCertificate
10.---加密数据库备份
BACKUP DATABASE bm TO disk ='F:\bak\bm.bak' WITH ENCRYPTION(ALGORITHM=AES_256,SERVER
CERTIFICATE=MyCertificate)
select * from
select * from
select * from
二、还原数据库步骤
1、将下面两个个文件拷贝到需要还原的服务器上。
MASTER_key和
2、依次执行下面脚本
---创建数据库主密钥
CREATE MASTER KEY ENCRYPTION BY PASSWORD='a@123'
---打开当前数据库的主密钥
OPEN MASTER KEY DECRYPTION BY PASSWORD='a@123'
---从备份文件中导入主数据库密钥
RESTORE MASTER KEY FROM FILE ='F:\MSSQL\Backup\MASTER_key'
DECRYPTION BY PASSWORD='a@123'
ENCRYPTION BY PASSWORD='a@123'
---创建/还原证书
CREATE CERTIFICATE MyCertificate FROM FILE='F:\MSSQL\Backup\MyCertificate'
WITH PRIVATE KEY(FILE ='F:\MSSQL\Backup\;,
DECRYPTION BY PASSWORD ='a@123'