Databases Reference
In-Depth Information
strings to Unicode; this will help you generate comparable hashes if you end up using hash functions in C# (strings
in C# are Unicode by default). To hash the
MySecret
string as Unicode in SQL Database or SQL Server, use the
N
converter in T-SQL, as such:
SELECT HASHBYTES('sha2_256', N'MySecret')
So far, you've seen a way to encrypt sensitive information for confidentiality, hashed certain columns of a record
for increased integrity, and deployed in Azure for strong availability. As you can see, developing encryption and
hashing routines can be very complex and requires a strong command of the programming language. You may find
it beneficial to create a generic encryption library, like the one shown in the previous examples, that can be reused
across projects.
Certificates
As discussed previously, SQL Database doesn't support X.509 certificates, although you can deploy X.509 certificates
in Windows Azure. Your client code (hosted either on your company's network or in Windows Azure) can use
certificates to encrypt and decrypt values. The use of certificates implies that you're encrypting using a public/private
key pair. The public key is used to encrypt data, and the private key is used to decrypt data.
■
For more information on how to deploy X.509 certificates in Windows Azure, visit the MSDN blog
http://blogs.msdn.com/jnak
and look at the January 2010 archive. The blog entry by Jim Nakashima contains
detailed instructions.
Note
You can easily create a self-signed certificate using the
MakeCert.exe
utility which is a utility you can find in the
Windows SDK. To create a certificate on your machines, run the following command at a command line. You need to
execute this statement as an Administrator or the command will fail:
makecert -ss root -pe -r -n "CN=BlueSyntaxTest" -sky Exchange -sr LocalMachine
Here is a brief overview of the options used to create this certificate:
•
-ss root
stores the certificate in the root certificate store.
•
-pe
marks the private key exportable.
•
-r
creates a self-signed certificate (meaning that it wasn't issued by a root certificate authority
(CA) like Thawte).
•
-n "CN=..."
specifies the subject's name of the certificate.
•
-sky Exchange
specifies that the certificate is used for encryption.
•
-sr LocalMachine
specifies that the certificate store location as
LocalMachine
.
