-
EncryptByCert expiry dates
SQL Server 2005 allows to use the EncryptByCert function to encrypt a Column, for example in an Instead-of Insert Trigger, and to use a DecryptByCert function to decrypt a Column, for example in a View.
This is indeed good news, but I have a simple question. To create a Certificate using the CREATE CERTIFICATE you have to give an EXPIRY DATE, or it will default to an expriry date of 1 year. How can one read the encrypted Column after the certificate has expired ?
Is there a way to renew a certificate without having to first decrypt all the fields and export them ?
-
Depends on where and how you get the certificate.
-
Originally Posted by rmiao
Depends on where and how you get the certificate.
Generated by SQL Server and self-signed
-
OK, I created an expired certificate, I only got a warning back but I can happily continue to use it to encrypt and decrypt if using SA. I tried to grant access to the expired certificate to a user and it did not allow me. I guess that the solution in case of an expired certificate is to export the data using SA, create the new certificate, import the data.
The alternative is to use a symmetric key encrypted by a certificate and to keep the symmetric key text in a secure place (on paper, in a safe) and in case the certificate has expired to create a new certificate and create a new symmetric key with the same key text.
Last edited by rgbd; 11-18-2005 at 04:55 PM.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|