Database Reference
In-Depth Information
Figure 4-3.
Record with the encrypted value, a hash, and a vector
Last but not least, you should know that SQL Server and SQL Azure both support hashing natively.
Unfortunately, support for hashing in both database platforms is limited to the MD5 and SHA-1
algorithms. The hashing method used in the C# code shown previously uses SHA-256 as its algorithm,
which is much stronger. Here is a quick example of how to compute an SHA-1 hash in SQL:
SELECT HASHBYTES('sha1', 'MySecret')
The output of
HASHBYTES()
is a byte array as well:
0xEABBEC6F31804EB968E2FAEAAEF150546A595FC3
So far, you've seen a way to encrypt sensitive information for confidentiality, hashed certain
columns of a record for increased integrity, and deployed in Azure for strong availability. As you can see,
developing encryption and hashing routines can be very complex and requires a strong command of the
programming language. You may find it beneficial to create a generic encryption library, like the one
shown in the previous examples, that can be reused across projects.
Certificates
As discussed previously, SQL Azure doesn't support X.509 certificates, although you can deploy X.509
certificates in Windows Azure. Your client code (either hosted on your company's network or in
Windows Azure) can use certificates to encrypt and decrypt values. The use of certificates implies that
you're encrypting using a public/private key pair. The public key is used to encrypt data, and the private
key is used to decrypt data.
Note
For more information on how to deploy X.509 certificates in Windows Azure, visit the MSDN blog
http://blogs.msdn.com/jnak
and look at the January 2010 archive. The blog entry by Jim Nakashima contains
detailed instructions.
