Download eBook (PDF) - Red Gate Software

7 – One-Way EncryptionThese steps would be repeated, as needed, for each column in the databasetables that are subject to the implementation of one-way encryption.Please note that the process of implementing one-way encryption involvesmodification of existing database objects. Please perform a full databasebackup prior to proceeding in the event that recovery is required.Create the Primary Hash ColumnAs noted in the review of the Borrower_Identification table in Chapter5, the Identification_Value column contains the plain textrepresentation of the actual identification value for a given borrower. Forexample, if the identification value was a Social Security Number, the valuecontained in this column would appear in the format of "555-55-5555".The Hashbytes method that we'll use to one-way-encrypt ourIdentification_Value column returns a varbinary data type, whichstores a variable-length numeric representation of a value. For example, thevalue of "A" is stored with the value of "0x41" while "ABC" is stored as"0x414243". The varbinary ( and Binary) data type has a maximum lengthof 8,000 characters.However, in the original schema design, the Identification_Valuecolumn is of data type varchar. Therefore, we will need to create a newcolumn in the HomeLending database to store the encrypted varbinaryvalues. Listing 7.3 shows the script to create a newIdentification_Value_H column (where the "H" stands for hash) withthe varbinary data type, using the ALTER TABLE method.USE HomeLending;GOALTER TABLE dbo.Borrower_IdentificationADD Identification_Value_H varbinary(MAX) NULL;GOListing 7-3: Creating the hash column.In Listing 7-4, we execute the sp_addextendedproperty system storedprocedure in order to document the fact that the newIdentification_Value_H column is classified as "High" sensitivity.USE HomeLending;GO158