SQL Server supports the encryption of data through a number of mechanisms. These include:
Cryptographic functions for the encryption and signing of individual values,
The Transparent Data Encryption (TDE) feature through which the data and log files associated with a database are encrypted, and
Support for SSL and IPSec to encrypt data as it is transmitted between the server and clients.
In addition, SQL Server supports an internally managed cryptographic key infrastructure but may also integrate with an externally managed infrastructure through its Extensible Key Management (EKM) interface.
To get a more in-depth and complete overview of the SQL Server cryptographic capabilities, please refere to this white paper.
Cryptographic Functions
With SQL Server 2005, a collection of cryptographic functions were introduced into the database product for the encryption and signing of individual values. Prior to the 2005 release, applications could store encrypted values and signatures within the database but relied on external functions to perform the encryption and signing work. By moving the functions into the database engine, SQL Server provides greater and more consistent access to cryptographic functionality and allows an application to more easily leverage a centrally managed encryption key infrastructure.
The Encryption Functions
The encryption functions support encryption using either symmetric or asymmetric keys. Symmetric key encryption has less performance overhead while asymmetric key encryption provides stronger protection.
To perform symmetric key encryption, SQL Server provides two functions: EncryptByKey() and EncryptByPassPhrase(). The EncryptByKey() function leverages a symmetric key registered in advance with SQL Server. With the EncryptByPassPhrase() function, a temporary symmetric key is generated using a passphrase supplied with the function. The choice of which function to employ comes down to the needs of the application and the availability of key management support within the organization.
Read more: MSDN Blogs
Cryptographic functions for the encryption and signing of individual values,
The Transparent Data Encryption (TDE) feature through which the data and log files associated with a database are encrypted, and
Support for SSL and IPSec to encrypt data as it is transmitted between the server and clients.
In addition, SQL Server supports an internally managed cryptographic key infrastructure but may also integrate with an externally managed infrastructure through its Extensible Key Management (EKM) interface.
To get a more in-depth and complete overview of the SQL Server cryptographic capabilities, please refere to this white paper.
Cryptographic Functions
With SQL Server 2005, a collection of cryptographic functions were introduced into the database product for the encryption and signing of individual values. Prior to the 2005 release, applications could store encrypted values and signatures within the database but relied on external functions to perform the encryption and signing work. By moving the functions into the database engine, SQL Server provides greater and more consistent access to cryptographic functionality and allows an application to more easily leverage a centrally managed encryption key infrastructure.
The Encryption Functions
The encryption functions support encryption using either symmetric or asymmetric keys. Symmetric key encryption has less performance overhead while asymmetric key encryption provides stronger protection.
To perform symmetric key encryption, SQL Server provides two functions: EncryptByKey() and EncryptByPassPhrase(). The EncryptByKey() function leverages a symmetric key registered in advance with SQL Server. With the EncryptByPassPhrase() function, a temporary symmetric key is generated using a passphrase supplied with the function. The choice of which function to employ comes down to the needs of the application and the availability of key management support within the organization.
Read more: MSDN Blogs