Você pode encontrar as colunas criptografadas com chaves \ certificados pesquisando todas as colunas varbinárias e verificando uma chave de criptografia com a função KEY_NAME.
No entanto, esse processo é um pouco caro e demorado. Se você precisar encontrar essas colunas regularmente, sugiro "marcar" as colunas com propriedades estendidas. Podemos desenvolver a solução de Edward Dortland e "marcar" as colunas encontradas com propriedades estendidas como encrypted, encryptkey e encryptcert.
--create a table to hold all varbinary columns and tables
CREATE TABLE #TablesWithVarbinCols ( ID int IDENTITY,
SchemaName nvarchar(128),
TableName nvarchar(128),
ColumnName nvarchar(128)
);
--find and store all table and column names of user tables containing a
varbinary column
INSERT INTO #TablesWithVarbinCols (SchemaName,TableName,ColumnName)
SELECT s.[name] as SchemaName,
o.[name] as TableName,
c.[name] as ColumnName
FROM sys.objects o
INNER JOIN sys.schemas s
ON s.[schema_id] = o.[schema_id]
INNER JOIN sys.columns c
ON o.[object_id]=c.[object_id]
INNER JOIN sys.types t
ON c.system_type_id=t.system_type_id
WHERE o.[type]='U'
AND t.name=N'varbinary'
AND c.max_length > -1;
DECLARE @sch nvarchar(128)
DECLARE @col nvarchar(256)
DECLARE @tab nvarchar(256)
DECLARE @key nvarchar(256)
DECLARE @cert nvarchar(256)
DECLARE @c int = 1
DECLARE @MaxC int
DECLARE @SQL nvarchar(max)
SELECT @MaxC=MAX(ID)
FROM #TablesWithVarbinCols
--loop the previous result and create a simple select statement with a
key_name() is not null where clause.
--If you have a result, store the details
WHILE @c <= @MaxC
BEGIN
SET @key = NULL;
SELECT @sch=SchemaName,
@Tab=TableName,
@col=ColumnName
FROM #TablesWithVarbinCols
WHERE ID=@c
SET @SQL='SELECT DISTINCT @key= key_name('+@Col +') from '+ @tab +'
WHERE key_name('+@Col +') is not null;'
exec sp_executesql @SQL, N'@key nvarchar(256) out', @key out
SELECT @cert = c.name
from sys.symmetric_keys sk
join sys.key_encryptions ke
on
sk.symmetric_key_id= ke.key_id
join sys.certificates c
on
ke.thumbprint=c.thumbprint
where sk.name = @key
IF (@key IS NOT NULL)
BEGIN
SET @SQL=
'EXEC sp_addextendedproperty @name = N''encrypted'', @value = N''1'', '+
'@level0type = N''Schema'', @level0name = '''+@Sch+''', '+
'@level1type = N''Table'', @level1name = '''+@tab+''','+
'@level2type = N''Column'', @level2name = '''+@col+'''
'
EXEC sp_executesql @SQL
SET @SQL=
'EXEC sp_addextendedproperty @name = N''encryptkey'', @value = '''+@key+''', '+
'@level0type = N''Schema'', @level0name = '''+@Sch+''', '+
'@level1type = N''Table'', @level1name = '''+@tab+''','+
'@level2type = N''Column'', @level2name = '''+@col+'''
'
EXEC sp_executesql @SQL
SET @SQL=
'EXEC sp_addextendedproperty @name = N''encryptcert'', @value = '''+@cert+''', '+
'@level0type = N''Schema'', @level0name = '''+@Sch+''', '+
'@level1type = N''Table'', @level1name = '''+@tab+''','+
'@level2type = N''Column'', @level2name = '''+@col+'''
'
EXEC sp_executesql @SQL
END
DELETE
FROM #TablesWithVarbinCols
WHERE id=@c;
SET @c=@c+1
END
drop table #TablesWithVarbinCols
Em seguida, podemos encontrar facilmente as colunas criptografadas pesquisando as propriedades estendidas.
--Adjust WHERE clause depending on what tags you are looking for
SELECT
SCHEMA_NAME(tbl.schema_id) AS SchemaName,
tbl.name AS TableName,
clmns.name AS ColumnName,
p.name AS ExtendedPropertyName, --remove for programming
CAST(p.value AS sql_variant) AS ExtendedPropertyValue
FROM
sys.tables AS tbl
INNER JOIN sys.all_columns AS clmns ON clmns.object_id=tbl.object_id
INNER JOIN sys.extended_properties AS p ON p.major_id=tbl.object_id AND p.minor_id=clmns.column_id AND p.class=1
WHERE p.name in ('encrypted','encryptkey','encryptcert')