SQL Server 备份加密和解密还原
打开SSMS
1.--创建证书
CREATE CERTIFICATE MyCertificate_backup
WITH SUBJECT = 'My Certificate for backup';
--查询证书
SELECT name, start_date, expiry_date
FROM sys.certificates; -- 显示证书名称、生效日期及过期日期
2.--创建主密钥
--如果您的环境中还没有主密钥,您可能需要创建一个。主密钥用于保护证书的私钥。
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '强密码';
-- 查询主密钥:
SELECT * FROM sys.symmetric_keys
3.使用证书备份
--使用证书备份
BACKUP DATABASE [BOSA]
TO DISK = N'F:\SQL_Backup\FULL\BOSA_20250418_152936.bak'
WITH ENCRYPTION (ALGORITHM =AES_256, SERVER CERTIFICATE = MyCertificate_backup); -- MyCertificate_backup 为上边创建的证书名称
GO
--查询备份文件是否加密
RESTORE HEADERONLY
FROM DISK = N'F:\SQL_Backup\FULL\BOSA_20250418_092736.bak';
-- 备份数据库主密钥
BACKUP MASTER KEY
TO FILE = 'E:\SQL_Backup\SQL_Certificate\DMKfilename.key '
ENCRYPTION BY PASSWORD = 'xxxxxxx';
GO
-- 备份证书
BACKUP CERTIFICATE MyCertificate_backup
TO FILE = 'E:\SQL_Backup\SQL_Certificate\MyCertificateFilename.cer '
WITH PRIVATE KEY(
FILE = 'E:\SQL_Backup\SQL_Certificate\MyCertificateKeyFilename.key ',
ENCRYPTION BY PASSWORD = ' xxxxxxx ');
GO
4. 异地还原
注: 证书本地还原正常,异地还原报错
--异地还原
USE master;
GO
RESTORE DATABASE [BOSA_20250418]
FROM DISK='E:\sfisbak\BOSA_20250418_152936.bak' WITH NORECOVERY,
MOVE 'BOSA' TO 'H:\SFIS_Data\BOSA20250418.mdf',
MOVE 'BOSA_log' TO 'H:\SFIS_Data\BOSA20250418_log.ldf'
GO
5异地导入证书
--删除证书
DROP CERTIFICATE MyCertificate_backup;
--导入证书
create certificate MyCertificate_backup
from file =N'E:\sfisbak\MyCertificateFilename.cer'
with private key
(
file=N'E:\sfisbak\MyCertificateKeyFilename.key',
decryption by password=N'',
encryption by password=N''
)
--正常还原
USE master;
GO
RESTORE DATABASE [BOSA_20250418]
FROM DISK='E:\sfisbak\BOSA_20250418_152936.bak' WITH NORECOVERY,
MOVE 'BOSA' TO 'H:\SFIS_Data\BOSA20250418.mdf',
MOVE 'BOSA_log' TO 'H:\SFIS_Data\BOSA20250418_log.ldf',
replace;
GO