Anda dapat menemukan kolom yang dienkripsi dengan kunci \ sertifikat dengan mencari semua kolom varbinary dan memeriksa kunci enkripsi dengan fungsi KEY_NAME.
Namun, proses ini agak mahal dan memakan waktu. Jika Anda perlu menemukan kolom ini secara teratur, saya sarankan "memberi tag" pada kolom dengan properti yang diperluas. Kita dapat membangun solusi Edward Dortland dan "memberi tag" pada kolom-kolom yang ditemukan dengan properti diperluas seperti dienkripsi, kunci enkripsi, dan kode enkripsi.
--create a table to hold all varbinary columns and tables
CREATE TABLE #TablesWithVarbinCols ( ID int IDENTITY,
SchemaName nvarchar(128),
TableName nvarchar(128),
ColumnName nvarchar(128)
);
--find and store all table and column names of user tables containing a
varbinary column
INSERT INTO #TablesWithVarbinCols (SchemaName,TableName,ColumnName)
SELECT s.[name] as SchemaName,
o.[name] as TableName,
c.[name] as ColumnName
FROM sys.objects o
INNER JOIN sys.schemas s
ON s.[schema_id] = o.[schema_id]
INNER JOIN sys.columns c
ON o.[object_id]=c.[object_id]
INNER JOIN sys.types t
ON c.system_type_id=t.system_type_id
WHERE o.[type]='U'
AND t.name=N'varbinary'
AND c.max_length > -1;
DECLARE @sch nvarchar(128)
DECLARE @col nvarchar(256)
DECLARE @tab nvarchar(256)
DECLARE @key nvarchar(256)
DECLARE @cert nvarchar(256)
DECLARE @c int = 1
DECLARE @MaxC int
DECLARE @SQL nvarchar(max)
SELECT @MaxC=MAX(ID)
FROM #TablesWithVarbinCols
--loop the previous result and create a simple select statement with a
key_name() is not null where clause.
--If you have a result, store the details
WHILE @c <= @MaxC
BEGIN
SET @key = NULL;
SELECT @sch=SchemaName,
@Tab=TableName,
@col=ColumnName
FROM #TablesWithVarbinCols
WHERE ID=@c
SET @SQL='SELECT DISTINCT @key= key_name('+@Col +') from '+ @tab +'
WHERE key_name('+@Col +') is not null;'
exec sp_executesql @SQL, N'@key nvarchar(256) out', @key out
SELECT @cert = c.name
from sys.symmetric_keys sk
join sys.key_encryptions ke
on
sk.symmetric_key_id= ke.key_id
join sys.certificates c
on
ke.thumbprint=c.thumbprint
where sk.name = @key
IF (@key IS NOT NULL)
BEGIN
SET @SQL=
'EXEC sp_addextendedproperty @name = N''encrypted'', @value = N''1'', '+
'@level0type = N''Schema'', @level0name = '''+@Sch+''', '+
'@level1type = N''Table'', @level1name = '''+@tab+''','+
'@level2type = N''Column'', @level2name = '''+@col+'''
'
EXEC sp_executesql @SQL
SET @SQL=
'EXEC sp_addextendedproperty @name = N''encryptkey'', @value = '''+@key+''', '+
'@level0type = N''Schema'', @level0name = '''+@Sch+''', '+
'@level1type = N''Table'', @level1name = '''+@tab+''','+
'@level2type = N''Column'', @level2name = '''+@col+'''
'
EXEC sp_executesql @SQL
SET @SQL=
'EXEC sp_addextendedproperty @name = N''encryptcert'', @value = '''+@cert+''', '+
'@level0type = N''Schema'', @level0name = '''+@Sch+''', '+
'@level1type = N''Table'', @level1name = '''+@tab+''','+
'@level2type = N''Column'', @level2name = '''+@col+'''
'
EXEC sp_executesql @SQL
END
DELETE
FROM #TablesWithVarbinCols
WHERE id=@c;
SET @c=@c+1
END
drop table #TablesWithVarbinCols
Kemudian kita dapat dengan mudah menemukan kolom terenkripsi dengan mencari properti yang diperluas.
--Adjust WHERE clause depending on what tags you are looking for
SELECT
SCHEMA_NAME(tbl.schema_id) AS SchemaName,
tbl.name AS TableName,
clmns.name AS ColumnName,
p.name AS ExtendedPropertyName, --remove for programming
CAST(p.value AS sql_variant) AS ExtendedPropertyValue
FROM
sys.tables AS tbl
INNER JOIN sys.all_columns AS clmns ON clmns.object_id=tbl.object_id
INNER JOIN sys.extended_properties AS p ON p.major_id=tbl.object_id AND p.minor_id=clmns.column_id AND p.class=1
WHERE p.name in ('encrypted','encryptkey','encryptcert')