Download eBook (PDF) - Red Gate Software

5 – Cell-Level EncryptionGO@level2type='COLUMN',@level2name='Identification_Value_E';Listing 5-12: Documenting the encrypted column.Views and Stored ProceduresThe sensitive data that is contained within the Borrower_Identificationtable is now protected with cell-level encryption. Our next steps are to createthe views and stored procedures via which our users can interact with theBorrower_Identification table. With the inclusion of cryptographicfunctionality to these objects we will need to pay careful attention to thehandling of failed encryption and decryption efforts.Failed Decryption HandlingCurrently, when an attempt to open the symmetric key, and performdecryption, fails due to the user not having the appropriate permissions to thekey, the value of NULL is returned. This is not very informative to the end userand does not differentiate a true NULL value from a failed decryption attempt.Therefore, we will present the following requirement:Requirement 5: Handling unauthorized decryption attemptsWhen the value of NULL is returned by a failed decryption attempt, it will bereplaced with the value "".Data Modification HandlingProtecting the integrity of the encrypted data that is stored in the database is acritical concern. When a user updates or inserts a row that contains data in ourhigh sensitivity column, the encryption key will need to be opened. If the userhas the required permission to use the key, encryption will be applied and thetransaction will be committed. However, if the user does not have the necessarypermissions to the encryption key, the value that will be captured in theencrypted column will be a value of NULL, resulting in the loss of the valuepassed to the table.By restricting insert or update activity to those who have permissions grantedto the encryption key, we ensure that the value that is passed to the encrypted118