Monday, March 12, 2012

Key Management Utility

We are getting our arms around best practices for data encryption using SQL
Sever 2005. We can (and have) implemented data encryption via certificates
under the following guidelines using the scripting available through SSMS.
http://www.microsoft.com/technet/it.../sqldatsec.mspx
One of our internal guidelines mandates three factor authentication for the
encryption keys that must be changed every 90 days.
Is there a key management utility available that could aid in this process
or will we need to develop our own using the scripting comands?
TIA,
- Marc CastrechiniDear Marc,
From your description, I understand that:
Your SQL Server 2005 is using data encryption by certificates. Due to your
company's policy the keys must be changed every 90 days, so you want to
know if a key management utility existed can help you on this process.
If I have misunderstood, please let me know.
If they want to use new certificate, you need to manually write script to
remove the old certificate and add the new one. Also, you need to get the
symmetric keys protected by certificates before they drop the old
certificate. There is no tool in SQL 2005 to do this automatically. You
can consider to create a job to run the script.
Also, you may use self-signed certificate which is not related to with
certificates issued by CA at all.
For more information, you can refer to:
http://www.microsoft.com/technet/it.../sqldatsec.mspx
Sincerely,
Charles Wang
Microsoft Online Community Support
========================================
==============
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from this issue.
========================================
==============
This posting is provided "AS IS" with no warranties, and confers no rights.
========================================
==============|||Hi,
I am interested in this issue. Would you mind letting me know the result of
the suggestions?
I will appreciate your posting back for further research if this issue
perists.
It's always my pleasure to be of assistance.
Sincerely,
Charles Wang
Microsoft Online Community Support
========================================
==============
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from this issue.
========================================
==============
This posting is provided "AS IS" with no warranties, and confers no rights.
========================================
==============
Posted by depredationnmqp at 4:31 AM
Labels: , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)