Certificates

Certificates
Certificates is another tools to encrypt data.
It use a public key and a private key to encrypt data.
Certificates can be backup and restore.
One Database can have many Certificates.

Create Certificates
“SUBJECT” is the subject name of the certification.
Accounting to X.509, subject name is used to store name of the person or entioty to whom the certificate is being issued.
However, it is useless in MS SQL Server. We can use it as description of certificate.
The maximum lenght of this is 128 characters long.
START_DATE is the certificate valid datatime (YYYYMMDD HH:MM:SS)
EXPIRY_DATE is the certificate invalid datatime (YYYYMMDD HH:MM:SS)
Expired certificate is no effect on encryption of data.

USE AdventureWorks2016
-- Create Certificates named "TESTINGC02"
-- which is protected by DMK,
-- start at 19Feb2019 12:00:00, end at 31Jan2020 13:00:00
CREATE CERTIFICATE TESTINGC02
WITH SUBJECT = 'subject name of the certification',
START_DATE = '20190219 12:00:00',
EXPIRY_DATE = '20201031 13:00:00'

USE AdventureWorks2016
-- Create Certificates named "TESTINGC03"
-- which is protected by Password
-- start at 19Feb2019 12:00:00, end at 31Jan2020 13:00:00
CREATE CERTIFICATE TESTINGC03
ENCRYPTION BY PASSWORD = 'P@ssw0rd'
WITH SUBJECT = 'subject name of the certification',
START_DATE = '20190219 12:00:00',
EXPIRY_DATE = '20201031 13:00:00'

Backup Certificates
If the certificates is protected by Password, you need add “DECRYPTION BY PASSWORD” with the password.

USE AdventureWorks2016
BACKUP CERTIFICATE TESTINGC03 TO FILE = 'C:\Sources\CERTIFICATE_BK.cer'
WITH PRIVATE KEY(
FILE = 'C:\Sources\PRIVATE.pvk',
ENCRYPTION BY PASSWORD = 'P@ssw0rd',
DECRYPTION BY PASSWORD = 'P@ssw0rd'
);

Restore Certificates
Using create certificate by file to restore certificate

USE AdventureWorks2016
CREATE CERTIFICATE TESTING03
ENCRYPTION BY PASSWORD = 'P@ssw0rd'
FROM FILE = 'C:\Sources\CERTIFICATE_BK.cer'
WITH PRIVATE KEY (
File = 'C:\Sources\PRIVATE.pvk',
DECRYPTION BY PASSWORD = 'P@ssw0rd'
);

DROP Certificates

USE AdventureWorks2016
DROP CERTIFICATE TESTING03

Change the protection of private key from password to DMK

USE AdventureWorks2016
ALTER CERTIFICATE TESTINGC03
WITH PRIVATE KEY(
DECRYPTION BY PASSWORD = 'P@ssw0rd'
);

Change the protection of private key from DMK to password

USE AdventureWorks2016
ALTER CERTIFICATE TESTINGC03
WITH PRIVATE KEY(
ENCRYPTION BY PASSWORD = 'P@ssw0rd'
);

Change the password of private key protection

USE AdventureWorks2016
ALTER CERTIFICATE TESTINGC02
WITH PRIVATE KEY(
DECRYPTION BY PASSWORD = 'P@ssw0rd',
ENCRYPTION BY PASSWORD = 'NewP@ssw0rd'
);

Joe's choice

Certificates

Author: Joe Chan

Search Me

Recent Posts

Author: Joe Chan

Search Me

Recent Posts

Tag Cloud