Download eBook (PDF) - Red Gate Software

5 – Cell-Level EncryptionSuccessful validation is confirmed by the fact that only the user that is amember of the Sensitive_high database role will return a row that reflectsthe metadata of our HighSymKey1 symmetric key.Figure 5-3: Results of key hierarchy access validation.Required Schema ModificationsThe binary data type stores the numeric representation of a value based upona fixed length, which is set when the data type is used. For example, use of abinary data type with the fixed length of five would store the value of"0x4100000000" for the character of "A".The varbinary data type stores the same numeric representation; but with avariable length. For example, the value of "A" is stored with the value of"0x41" while "ABC" is stored as "0x414243". The binary and varbinarydata types both have a maximum length of 8,000 characters.Cell-level encryption requires the encrypted value to be stored in a column thatis the data type of varbinary since the encryption methods ofEncryptByAsymKey, EncryptByCert, EncryptByKey andEncryptByPassphrase returns their cipher text in varbinary.Creating the Encrypted ColumnEarlier in this chapter, we discussed the levels of granularity that are availablewith cell-level encryption. In this exercise, we will be encrypting all cellswithin a single column with the same key.In our review of our Borrower_Identification table, the column thatcontains the sensitivity classification of "High" is the Identification_Value114