Solved

Need explanation of keys and encryption for SQL Server 2008

Posted on 2009-04-04
4
398 Views
Last Modified: 2012-08-13
Im studying for my MCTS for SQL Server 2008. Ive read both the MCTS 70-432 self paced training kit and SQL Server 2008 step by step; but, I still seem to be missing something. For example I have trouble with the following question from the self paced test questions (even when I look at the correct answer):

You have implemented encryption using a symmetric key in the Cosmos database on INST01, which is protected by a database master key, which is in turn protected by the service master key of INST01. You restore the database to INST02 and are unable to decrypt the data. What must you do to fix the problem?

Does any one have a URL to a good explanation of how this stuff fits together and how it all works?

Thanks
Ron

0
Comment
Question by:rmtye
4 Comments
 
LVL 2

Expert Comment

by:ReinisB
ID: 24069305
Try searching on code project for .net encryption.  This is a pretty good starting point: http://www.codeproject.com/KB/security/Crypto.aspx .

The MCTS 70-536 study guide has explanations of .net encryption and security - that's where I found out about encryption more.
0
 
LVL 77

Expert Comment

by:arnold
ID: 24069988
INST02 Is missing the pair of keys that are used/required to decrypt the data.
0
 
LVL 11

Accepted Solution

by:
techhealth earned 125 total points
ID: 24070161
Do you understand how the symmetric key is "protected" by the db master key? And by the same token, database key "protected" by the service master key?  That's the key (no pun intended) to understand a question like the one you mentioned.  All the protection is based on encryption by certificate.  And there's an encryption chain from the highest SMK (service master key) to DMK (database master key) to database encryption key (DEK).  You have to have the key to decrypt anything at its lower levels.  Then it's easier to understand why the new instance can't decrypt database:  the upper level of the protection chain for DEK - DMK - is missing, which was stored in the original master database.

Here's a good explanation of the concepts:
http://msdn.microsoft.com/en-us/library/cc278098.aspx



0
 

Expert Comment

by:adeel289
ID: 25579231
Can any one send me this "Microsoft Self Paced 70-432" book in the soft form?
it would be a great help from you to me.
Thank you ,
Adeel Shafqat
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data architecture is an important aspect in Software as a Service (SaaS) delivery model. This article is a study on the database of a single-tenant application that could be extended to support multiple tenants. The application is web-based develope…
If you have heard of RFC822 date formats, they can be quite a challenge in SQL Server. RFC822 is an Internet standard format for email message headers, including all dates within those headers. The RFC822 protocols are available in detail at:   ht…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question