SQL Server Column Level Encryption - Rotating Keys

Posted by BarDev on Server Fault See other posts from Server Fault or by BarDev
Published on 2011-02-28T21:49:54Z Indexed on 2011/02/28 23:27 UTC
Read the original article Hit count: 427

Filed under:

sql-server

|

sql-server-2008

|

sql-server-2005

|

encryption

We are thinking about using SQL Server Column (cell) Level Encryption for sensitive data. There should be no problem when we initially encryption the column, but we have requirements that every year the Encryption Key needs to change. It seems that this requirement may be problem.

Assumption: The table that includes the column that has sensitive data will have 500 million records.

Below are the steps we have thought about implementing. During the encryption/decryption process is the data online, and also how long would this process take?

Initially encrypt the column
New Year
Decrypt the column
Encrypt the column with new key.

Question : When the column is being decrypted/encrypted is the data online (available to be query)? Does SQL Server provide feature that allows for key changes while the data is online?

BarDev

© Server Fault or respective owner

Related posts about sql-server

SQL SERVER – Beginning SQL Server: One Step at a Time – SQL Server Magazine

as seen on SQL Authority - Search for 'SQL Authority'
I am glad to announce that along with SQLAuthority.com, I will be blogging on the prominent site of SQL Server Magazine. My very first blog post there is already live; read here: Beginning SQL Server: One Step at a Time. My association with SQL Server Magazine has been quite long, I have written nearly… >>> More
How to install SQL Server 2005 Configuration Manager without installing SQL Server Management Studio

as seen on Server Fault - Search for 'Server Fault'
Hi, I need to configure SQL Server aliases on a public-facing production server. To do that, I need to install SQL Server Configuration Manager. I was not able to find a standalone installer for that, so I am having to install SQL Server 2005 Client Components. This approach is not ideal as we don't… >>> More
[MAJ] SQL Server 2005 Express Edition - La version gratuite de SQL Server 2005

as seen on ASP-PHP.net - Search for 'ASP-PHP.net'
Modification technique pour le site de l'article. >>> More
How to create SQL Server Express DB from SQL Server DB

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a SQL Server 2008 DB. I want to extract SOME tables (and associated schema, constraints, indexes, etc) and create a SQL Server Express DB. It isn't a sync of the target, we stomp on it. We ONLY need to do this in the file system (not across the wire). We are not fond of the synchronization… >>> More
sql server 2000 error, error trying to connect to sql server 2005

as seen on Stack Overflow - Search for 'Stack Overflow'
i am connecting to sql server 2000 on a remote computer with a dotnet application, but when i try to open the connection it gives the following error: When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections What… >>> More

Related posts about sql-server-2008

Cumulative Update packages for SQL Server 2008 R2 RTM & SQL Server 2008 SP1

as seen on SQL Blogcasts - Search for 'SQL Blogcasts'
Here is the news on Cumulative Update release news on SQL Server 2008 R2 RTM & SQL Server 2008 Service Pack 1. First let us go through SQL Server 2008 R2 RTM cumulative update, release consist the only hotfixes that were released in Cumulative Update 5, 6, & 7 for SQL Server 2008 SP1. Cumulative… >>> More
SQL Server 2008 Vs Sql Server 2008 R2 in web-development

as seen on Stack Overflow - Search for 'Stack Overflow'
This will give many opportunities in Web-development transition from Sql Server 2008 to Sql Server 2008 R2: 1.If database in one instance of SQL Server. 2.a) if in the server PC have 1 processor b) if in the server PC have 4 processors >>> More
SQL Server 2008 to SQL Server 2008

as seen on Stack Overflow - Search for 'Stack Overflow'
I have an MDF and LDF file of SQL Server 2005. i attached it with SQL Server 2008 and did some change in data. now when i attached it back to sql server 2005 Express Edition it gives version error. The database 'E:\DB\JOBPERS.MDF' cannot be opened because it is version 655. This server supports version… >>> More
SharePoint 2010 – SQL Server has an unsupported version 10.0.2531.0

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I am trying to perform a database attach upgrade to SharePoint Foundation 2010. At this point I am trying to attach the content database to a Web application by using Windows Powershell: Mount-SPContentDatabase -Name <DatabaseName> -DatabaseServer <ServerName> -WebApplication <URL>… >>> More
Uninstalling Reporting Server 2008 on Windows Server 2008

as seen on SQL Blog - Search for 'SQL Blog'
Ha. I had quite disputable pleasure of installing and reinstalling and reinstalling and reinstalling – I think about 5 times before it worked – Reporting Server 2008 on Windows Server with the same year number in name. During my struggle I came across an error which seems to be not quite unfamiliar… >>> More