April 14, 2011 at 9:08 am
Good day,
I'm curious how some of you handle the rotation of your encryption keys for PCI Compliance.
I've got about 20 databases across 3 servers (2005 and 2008) using encryption. Each database has maybe 2-3 tables using encryption, with each table encrypting maybe 2-3 columns. I followed standard advice of Database Master Key encrypting a Certificate which encrypts a Symmetric Key which encrypts the data. The keys are different for each database.
The thought of manually decrypting the data, then re-encrypting it, and managing the keys is not appealing. There's massive room for error doing this many tables manually. One misplacement of a key or some other unforeseen mistake and I render my data unusable.
Do you roll your own solution or can anyone recommend a 3rd party tool (that doesn't break the bank of a smaller company)? I'll take any thoughts on the matter.
Thanks!
June 18, 2012 at 5:30 pm
Hi there henry,
I know this post is quite old, however it would be interesting to find out if you have found a solution?
Regards
| If in Doubt...don't do it!! |
June 19, 2012 at 7:03 am
No, I never found a good solution for rotating keys. I've scoured the intertubes and can barely find any discussion of how folks handle it. This leads me to one of 2 conclusions: One, folks don't want to discuss it publicly for security reasons. Two, folks are not rotating their keys.
If you come across anything good, please post or send me a PM. Thanks!
June 19, 2012 at 7:05 pm
I PM'ed you
| If in Doubt...don't do it!! |
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply