April 13, 2009 at 2:29 pm
Our industry requires rekeying encrypted data once a year. When the server / database was built, the following were established:
1) Service Master Key (with password)
2) Database Master Key (with password)
3) Asymmetric Key for specific column (w/o password)
4) Symmetric Key for Asymmetric Key
In order to meet compliance, will performing an Alter on the Service Master Key (with a new password), followed by an Alter on the Database Master Key essentially re-key the sensitive data (i.e. will this go through the table columns encrypted with this key and change the encrypted binary data)?
Or should I create a new Asymetric Key / Symmetric Key pair, and decrpyt with old, re-encrypt with new, and update my application to reuse new pair?
Or should I do all of these (i.e established new Service Master Key, Database Master Key, Asymmetric Key, Symmetric Key)?
Thanks,
Kevin
April 13, 2009 at 4:05 pm
Sounds backwards, symmetric key should encrypt data for specific column.
Asymmetric key should encrypt symmetric key.
What I've seen is that reencryption can be change the asym key, reencrypt the sym key with that.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply