Learn SQL Concepts

All Kinds of topics related to Transact SQL, SQL Server Database Administration, SQL Server Query Optimization, SQL Server Trouble Shooting.

Thursday, April 20, 2017

How to create a certificate and symmetric key logins to encrypt a database connection?

           , , ,      No comments   

Problem: How to create a certificate and symmetric key logins to encrypt a database connection?

Solution: U​SE​R

For giving access to a user to SQL Server Instance we must create a login for the user or user group in the master database and we can authenticate the login.
      1.     Certificate
You can create a certificate to be associated with a login if a database master key is present
by using the CREATE CERTIFICATE statement
2.     Asymmetric Key
You can also use an asymmetric key to authenticate SQL logins. Unlike certificates, asymmetric
keys contain both a public key and a private key.

Example 1:
In this example, I would like to show we can create a certificate and create login using the certificate with the help of T-SQL.
Use master
GO
--creating master key.
CREATE MASTER KEY ENCRYPTION BY PASSWORD ='Encrytpion123!@#'
Use master
GO
--creating certificate
CREATE CERTIFICATE TDE_CERTIFICATE WITH SUBJECT ='TDE CERTIFICATE';
Use master
GO

--creating login from certificate
CREATE LOGIN TDE_CERTIFICATE FROM CERTIFICATE TDE_CERTIFICATE;

Example 2:
In this example, I would like to show we can create a master key and create login using the certificate with the help of T-SQL.

Use master
GO
--creating master key.
CREATE MASTER KEY ENCRYPTION BY PASSWORD ='Encrytpion456!@#'

USE master
GO
CREATE ASYMMETRIC KEY Sql_user WITH ALGORITHM =RSA_2048

USE Master
GO
IF NOT EXISTS(
select * from sys.asymmetric_keys where name='Sql_user')
BEGIN
CREATE LOGIN sql_user FROM ASYMMETRIC KEY Sql_user;
END

  
To verify a login whether login is created we can verify it by going to the security node and clicking the logins folder or checking in the System catalog views for server credentials/ logins.
select name,type_desc from master.sys.server_principals
where name 
IN(
'sql_user',
'TDE_CERTIFICATE')

OUTPUT:
name
type_desc
sql_user
ASYMMETRIC_KEY_MAPPED_LOGIN
TDE_CERTIFICATE
CERTIFICATE_MAPPED_LOGIN
In the later articles let’s see how to use certificate and asymmetric keys for logins.


0 comments:

Post a Comment

Certifications

Total Pageviews

Blog Archive

Popular Posts

Categories

SQL (31) T-SQL (20) Stored Procedures (10) Performance gains (9) Database (8) DDL (6) SysObjects (6) DML (5) Delete (5) Execution plans (5) Functions (5) Update (5) rows (5) statistics (5) Configurations (4) RESTORE (4) columns (4) execute (4) group by (4) Alter Schema (3) Backup (3) Change Tracking (3) DBCC (3) JOINS (3) SQL SERVER AGENT (3) Transform (3) XML (3) batchexecution (3) count (3) details (3) dynamicSQL (3) partitions (3) query (3) ALerts (2) BREAK (2) CASE (2) ClusteredIndex (2) Command line (2) Conditional Execution (2) ControlFlow (2) Create Schema (2) DATE FORMAT (2) DBCC_SHOW_STATISTICS (2) ENCRYPTION (2) Error Logging (2) FOR XML (2) GOTO (2) Insert (2) Maintainance Statements (2) NonClusteredIndex (2) Optimize (2) PARAMETERS (2) RAISERROR (2) SELECT (2) SET OPERATORS (2) SHRINK LOG (2) SHRINKFILE (2) SQL SERVER (2) Sp's (2) Sp_configure (2) Union (2) Views (2) constriants. (2) execution requests (2) export (2) flatfile (2) foriegn keys (2) format (2) full (2) full text search (2) log (2) merge (2) objetcs (2) output (2) properties (2) script execution (2) sessions (2) sqlcmd (2) sum (2) sys storedprocedures (2) table Hints (2) @@SPID (1) ALTER VIEW (1) AVG (1) Application Refresh with latest data. (1) Audit data (1) AuditActions (1) BCP (1) BEGIN TRANSACTION (1) CAST (1) CHECK OPTION (1) CHECKSUM (1) COLUMNPROPERTY (1) CONNECTION INFORMATION (1) CONTINUE (1) CONVERT (1) CREATE VIEW (1) CROSS APPLY (1) CTE (1) CUSTOM SYSTEM MESSAGE (1) Change columns (1) Charindex (1) Combine Results (1) Conditional filter (1) Contains (1) Create Type (1) Create steps (1) Cursors (1) Custom ERROR Message (1) DATEADD (1) DATEDIFF (1) DB Mail (1) DELAY (1) DIFFERENCE (1) DML TRIGGERS (1) DROP VIEW. (1) Data generator (1) DataTypes (1) Database backup file results (1) Differential (1) Disable change tracking (1) ERRORMESSAGE (1) EXCEPT (1) EXISTS (1) EXPLICIT (1) EXTENDED STORED PROCEDURES (1) Email Operators (1) Errorstate (1) Exception Handling (1) Execute at a time (1) FILELIST ONLY (1) FOR INSERT (1) FORMATMESSAGE (1) FULL OUTER JOIN (1) Full text catalog (1) Full text indexing (1) GLOBAL (1) GUID (1) IF EXISTS (1) IFEXISTS (1) INNER JOIN (1) INTERSECT (1) In-Memory tables (1) Index (1) Index seek (1) Indexes (1) Information_schema.Columns (1) Inner query (1) Jobs (1) Join (1) LEFT OUTER JOIN (1) LOCAL (1) MAXDOP (1) Mail Account (1) Mail Profile (1) MailProfile (1) Memory-Optimized-tables (1) Multiple rows into one row. (1) NameReverese (1) Nested SQL Select (1) Nested stored procedure (1) Notifications (1) OPENXML (1) OUTER JOIN (1) OVER (1) Operator (1) PIVOT (1) Production version (1) Purge History records (1) REGISTRY (1) RETURN (1) RIGHT OUTER JOIN (1) ROLLBACK TRANSACTION (1) ROW_NUMBER (1) Recompile (1) Recursion (1) Recursive CTE (1) SCHEMABINDING (1) SERVER WIDE (1) SHRINK DATA FILE (1) SOUDNEX (1) SPID (1) SQL SERVER AGENT JOB Errors (1) SQL SERVER AGENT JOB History (1) SQL SERVER AGENT JOB Steps (1) SQL SERVER SESSION (1) SQLPERF (1) SQL_VARIANT (1) SYSTEMFUNCTIONS (1) Scalar valued Functions (1) Schedule Jobs (1) Send Db email (1) Sp_add_alert (1) Sp_refreshview (1) Sp_rename (1) Sp_update_alert (1) StringConcatenation (1) SubQueries (1) Substring (1) Sys.Columns (1) Sys.Index_columns (1) THROW (1) TIME (1) TIME ZONE INFO (1) TRY CATCH (1) Table valued Functions (1) Temp Objects (1) Temporary Table (1) TestData (1) TextSearch (1) TimeStamp (1) Transaction locks (1) Triggers (1) UNION ALL (1) UNPIVOT (1) VIEW_METADATA (1) Validations. (1) WAITFOR (1) WHERE (1) WHERE EXISTS (1) WHILE LOOP (1) XML AUTO (1) XML EXPLICIT (1) XML PATH (1) XML RAW (1) XML to SQL (1) advantages (1) backupdate (1) backupversion (1) catalogviews (1) change versions (1) cmdshell (1) compatibility (1) create statistics (1) csv (1) database mail (1) database version (1) datetime (1) defaultconstraints (1) defragment indexes (1) disadvantages (1) distinct (1) exit from code. (1) extract xml (1) getdate() (1) getutcdate() (1) header (1) index fragmentation (1) index scan (1) index usage (1) latch (1) like (1) locks (1) logical operators (1) looping (1) mail log (1) missing indexes (1) multiple columns (1) non-schema bounded views (1) pages fullness (1) phone number (1) predicates (1) query text (1) re organize (1) rebuild (1) sp_executesql (1) sp_lock (1) sp_recompile (1) statastics (1) sys (1) tenses of a verb (1) update metadata (1) update statistics (1) user-defined system error (1) user-defined table type (1) wait (1) xls (1) xp_cmdshell (1)

Thank you!

Thanks for viewing the blog, hope you got what you are looking for. Please post a comment if you need some more information..
~Mahesh Sambu