Confused about encryption RRS feed

  • Question

  • Hi there, I'm a little confused here. I'd like to encrypt the contents of my database as a last line of defence against attacks. I've read the articles from 4 Guys From Rolla (http://aspnet.4guysfromrolla.com/articles/022807-1.aspx), which explain how to use the different encryption methods, but I feel like I'm missing something. What would be the accepted method for encrypting potentially sensitive data but still allowing it to be decrypted at runtime with the minimum of overheads? Using a symmetric key seems the most straightforward - I assume you'd pass the secure password in via a stored procedure or somesuch. However, how does this compare with the security of a digital certificate or asymmetric key? Would it be possible to encrypt the symmetric key using an asymmetric key, so that the data itself is encrypted using a symmetric key, but that key itself is more secure because it's been asymmetrically encrypted? I'm a bit lost as when, where and why you'd use the different approaches? Thanks for your time!
    Tuesday, September 1, 2009 8:31 AM