SQL Server 加密SQL Server Encryption

适用于: 是SQL Server是Azure SQL 数据库否Azure SQL 数据仓库否并行数据仓库APPLIES TO: yesSQL Server yesAzure SQL Database noAzure SQL Data Warehouse noParallel Data Warehouse

加密是指通过使用密钥或密码对数据进行模糊处理的过程。Encryption is the process of obfuscating data by the use of a key or password. 这会使数据变得毫无用处,除非使用对应的解密密钥或密码。This can make the data useless without the corresponding decryption key or password. 加密并不解决访问控制问题。Encryption does not solve access control problems. 不过,它可以通过限制数据丢失来增强安全性,即使在访问控制失效的情况下。However, it enhances security by limiting data loss even if access controls are bypassed. 例如,如果数据库主机配置有误且黑客获取了敏感数据,则如果数据已加密,那么被盗信息可能会毫无用处。For example, if the database host computer is misconfigured and a hacker obtains sensitive data, that stolen information might be useless if it is encrypted.

重要

虽然加密是可帮助确保安全性的有力工具,但它并不适用于所有数据或连接。Although encryption is a valuable tool to help ensure security, it should not be considered for all data or connections. 在决定是否实现加密时,请考虑用户访问数据的方式。When you are deciding whether to implement encryption, consider how users will access data. 如果用户通过公共网络访问数据,则可能需要使用数据加密以增强安全性。If users access data over a public network, data encryption might be required to increase security. 但是,如果所有访问都具有某项安全 Intranet 配置,则可能不需要使用加密。However, if all access involves a secure intranet configuration, encryption might not be required. 任何时候使用加密时还应包括密码、密钥和证书的维护策略。Any use of encryption should also include a maintenance strategy for passwords, keys, and certificates.

备注

有关传输级别安全 (TSL1.2) 的最新信息,请参阅 TLS 1.2 support for Microsoft SQL Server(对 Microsoft SQL Server 的 TLS 1.2 支持)。The latest information about Transport Level Security (TSL1.2) is available at TLS 1.2 support for Microsoft SQL Server.

您可以在 SQL ServerSQL Server 中为连接、数据和存储过程使用加密。You can use encryption in SQL ServerSQL Server for connections, data, and stored procedures. 以下主题包含关于 SQL ServerSQL Server 中的加密的详细信息。The following topics contain more information about encryption in SQL ServerSQL Server.

加密层次结构Encryption Hierarchy
提供有关 SQL ServerSQL Server中的加密层次结构的信息。Information about the encryption hierarchy in SQL ServerSQL Server.

选择加密算法Choose an Encryption Algorithm
说明如何选择有效的加密算法。Information about how to select an effective encrypting algorithm.

透明数据加密 (TDE)Transparent Data Encryption (TDE)
提供有关如何以透明方式来加密数据的一般信息。General information about how to encrypt data transparently.

SQL Server 和数据库加密密钥(数据库引擎)SQL Server and Database Encryption Keys (Database Engine)
SQL ServerSQL Server中,加密密钥包括一组用来保护敏感数据的公钥、私钥和对称密钥。In SQL ServerSQL Server, encryption keys include a combination of public, private, and symmetric keys that are used to protect sensitive data. 该部分介绍如何实现和管理加密密钥。This section explains how to implement and manage encryption keys.

Always Encrypted(数据库引擎)Always Encrypted (Database Engine)
确保本地数据库管理员、云数据库操作员或其他权限虽高但没有获得此方面授权的用户无法访问加密的数据。Ensuring on-premises database administrators, cloud database operators, or other high-privileged, but unauthorized users, cannot access the encrypted data.

动态数据屏蔽Dynamic Data Masking
通过对非特权用户屏蔽敏感数据来限制敏感数据的公开。Limiting sensitive data exposure by masking it to non-privileged users.

SQL Server 证书和非对称密钥SQL Server Certificates and Asymmetric Keys
有关如何使用公钥加密的信息。Information about using Public Key Cryptography.

保护 SQL ServerSecuring SQL Server
简要介绍如何帮助确保 SQL ServerSQL Server 平台的安全性以及如何处理用户和安全对象。Overview of how to help secure the SQL ServerSQL Server platform, and how to work with users and securable objects.

Azure SQL 数据库安全功能概述An overview of Azure SQL Database security capabilities
对用于保护数据、控制访问及执行主动监视的 Azure SQL 数据库安全功能的概述。Overview of Azure SQL Database security for protecting data, controlling access, and proactive monitoring.

加密函数 (Transact-SQL)Cryptographic Functions (Transact-SQL)
说明如何实现加密函数。Information about how to implement cryptographic functions.

ENCRYPTBYPASSPHRASE (Transact-SQL)ENCRYPTBYPASSPHRASE (Transact-SQL)
说明如何使用密码来加密数据。Information about how to use a password to encrypt data.

ENCRYPTBYKEY (Transact-SQL)ENCRYPTBYKEY (Transact-SQL)
说明如何使用对称密钥来加密数据。Information about how to use a symmetric key to encrypt data.

ENCRYPTBYASYMKEY (Transact-SQL)ENCRYPTBYASYMKEY (Transact-SQL)
说明如何使用非对称密钥来加密数据。Information about how to use an asymmetric key to encrypt data.

ENCRYPTBYCERT (Transact-SQL)ENCRYPTBYCERT (Transact-SQL)
说明如何使用证书来加密数据。Information about how to use a certificate to encrypt data.

外部资源External Resources

Microsoft TechNet:SQL Server 技术中心:SQL Server 2012 安全性和保护Microsoft TechNet: SQL Server TechCenter: SQL Server 2012 Security and Protection
包含有关 SQL ServerSQL Server 安全性的最新信息。Current information about SQL ServerSQL Server security.

另请参阅See Also

sys.key_encryptions (Transact-SQL) sys.key_encryptions (Transact-SQL)
SQL Server 和数据库加密密钥(数据库引擎) SQL Server and Database Encryption Keys (Database Engine)
备份和还原 Reporting Services 加密密钥 Back Up and Restore Reporting Services Encryption Keys
启用数据库引擎的加密连接Enable Encrypted Connections to the Database Engine