I'm working on a project where credit card details will be captured in Database 1, periodically this data will then be transferred to a table in Database 2.
I would like to make use of SQL Server 2005 encryption functionality to control this though am getting buried in certificates / symmetric keys / asymmetric keys.
I understand that first I must go through the process of :
(a). Set up a database master key in Database 2.
(b). Set up an asymmetric key in Database 2.
(c). Supply the public key from the asymmetric key to the 3rd party and the algorithm used to perform the encryption.
(d). The 3rd party will capture and encrypt the credit card in Database 1 using the public key.
(e). Periodically we will extract the data from this database and insert the data into a staging table in Database 2.
(f). Once in Database 2 we will use the asymmetric key to decrypt the credit card.
My questions are :
(a). Is the process I have outlined above the best solution ?
- I'm worried about the performance of using asymmetric keys.
- Should I use a symmetric key encrypted by asymmetric key ?
(b). How do I give the 3rd party the public key ?
View Complete Post