Uncover data protection in the world of Panama Papers

Sign in to queue

The Discussion

  • User profile image
    stahtufiang

    // I believe the project on the invention of the wheel was safe patented a long time ago and no one will exploit that, but you're not talking about protecting that nor the secret "data" recipe for your grandmothers apple pie. your analogy of the "panama papers" was well selected, but you can't compare protecting the secret recipe of the apple pie to the dirty books of the suits and tie

  • User profile image
    Dave​ZHallmark

    Thanks for a fantastic video. I built my own "Always Encrypted" demo on my local machine using SQL Server Express (2016) along with an app to access it. When encrypting columns I ran SSMS as "Administrator" so that I could create the certificate in the Local Machine store, rather than in the Current User store, in order to demonstrate the ability to enable/disable multiple users for plain-text visibility. When I run as a different user that has enabled private key visibility ("read" permission in the certificate) everything works fine. But if I turn off that same user's private key visibility, instead of seeing encrypted text in the app, the application times out with this InnerException: "Failed to decrypt a column encryption key using key store provider: 'MSSQL_CERTIFICATE_STORE'. The last 10 bytes of the encrypted column encryption key are: '11-F0-FF-31-DF-61-23-AD-38-9A'. Keyset does not exist." It's the same user with the same permissions, so there is no question that the user can access the Local Machine certificate; the only difference is the private key access that you showed in the demo. What am I doing wrong? Thanks.

Add Your 2 Cents