Question: I have a requirement to encrypt a database backup flat file. The encrypted file will be further encrypted on disk and archived. I don’t need to encrypt the data within the database file .
For more information on data encryption: Encrypting data in SQL Server - SQL Server DBA
Is there a way to encrypt a file that is straightforward?
Answer: Winzip has encryption features. You can easily utilise the Encryption methods within Winzip. It’s important to have some process and control around the encryption. It is possible someone else will be restoring the encrypted file!
The Winzip encryption types are:
1) AES encryption – 128-bit and 256-bit
2) Zip 2.0 encryption
Some notes on managing the file encryption with Winzip
1) 256-bit is stronger than 128-bit encryption. Unless you have a speed requirement, I’d recommend to use the 256-bit version as this offers a stronger method.
2) Password strength. The password strength is dependant on length and characters mix used.
3) Add the files to the Winzip archive rather than move. This makes it clear , the file still exists in plain text on the directory. A separate process should decide how to deal with the plain text file
4) Encrypt the archive once all the files are added to the archive.
5) Files within a WinZip encrypted archive are protected when the archive is attached to an email.
6) Place the password in a secure password vault
Complete a test to validate the steps. These are a some basic steps
1) Backup db to file system
2) Create encrypted archive
3) Extract file from encrypted archive
4) Restore db to original server