Our application currently uses a SQL Symmetric key, protected by a SQL certificate. There is also a master key setup on the database.
We have a new requirement to enhance the secure key management process using HSM. We tried a symmetric key protected by HSM and also tried a Symmetric key protected by Asymmetric
key that is protected by HSM. However, in comparison with the simple SQL symmetric key without HSM, the HSM based setup is taking at least twice the time on average to perform encryption/decryption.
Is there a better way to take advantage of HSM based key management on SQL server, without having to create a symmetric key or asymmetric key that uses HSM for every encryption/decryption
call? Is there a way we can just protect the database master key generation process using HSM and then use the simple SQL symmetric key without HSM? We are just looking to provide additional security for managing the key using HSM.
View Complete Post