Integration with CipherTrust Manager
This section outlines the steps to integrate Microsoft SSMS with CipherTrust Manager.
Prerequisite
CADP KSP (32 bit) and SSMS v17.6 must be installed on the target machine. Verify that
msvcp100.dll
andmsvcr100.dll
file is available atC:\Windows\System32 for CADP KSP Installation
.Ensure adding the IP of CipherTrust Manager instance in
ProtectAppICAPI.properties
file.
Integrating Microsoft SQL Server Management Studio with the CipherTrust Manager
To integrate Microsoft SQL Server Management Studio with the CipherTrust Manager:
Creating Always Encrypted Column Master Key
After installation of CADP Key Storage Provider_32 bit, you need to configure Always Encrypted.
From the Start menu, select the Microsoft SQL Server Management Studio, and connect to the desired database.
Once connected, select and expand Databases > expand
<your_database_name>
> expand Security > expand Always Encrypted Keys.From the Key store drop-down list, select the Key Storage Provider (CNG).
From the Select a provider drop-down list, select CADP Key Storage Provider.
Note
If the CADP Key Storage Provider is not visible, ensure that you have correctly installed and registered the CADP Key Storage Provider (32 bit).
In the Name field, enter a name for the CMK. Click on Generate Key to create a new CMK.
You can also view the generated CMK under Keys & Access Management > Records in the CipherTrust Manager.
!!! note For CipherTrust Manager, irrespective of the name provided for the CMK in the Name field, internally CMK is always requesting with Always-Encrypted-Auto 1
Name.
Generate Column Encryption Key
You can enable Always Encrypted Keys and generate a Column Encryption Key (CEK). To generate CEK, select the database.
Click Security > Always Encrypted Keys > Column Encryption Keys, right-click and select New Column Encryption Key
Specify a Name for the CEK.
From the Column master key drop-down, select the CMK using which CEK will be encrypted and Click OK.
This generates a CEK that is Encrypted and signed using the above specified CMK.
Encrypt Table Data
Right click on the table and select Encrypt Columns option.
Column Selection screen is displayed.
Select the column(s) on which you want to apply the encryption (Name, in this case), and select the Encryption Type as Deterministic or Randomized.
Select the column encryption key from the Encryption Key drop-down, and click Next to proceed further.
Click Next to view the summary, and click Finish to complete the encryption process.
Following snapshot shows the result of pass or failure: