Solved

Need explanation of keys and encryption for SQL Server 2008

Posted on 2009-04-04
4
392 Views
Last Modified: 2012-08-13
Im studying for my MCTS for SQL Server 2008. Ive read both the MCTS 70-432 self paced training kit and SQL Server 2008 step by step; but, I still seem to be missing something. For example I have trouble with the following question from the self paced test questions (even when I look at the correct answer):

You have implemented encryption using a symmetric key in the Cosmos database on INST01, which is protected by a database master key, which is in turn protected by the service master key of INST01. You restore the database to INST02 and are unable to decrypt the data. What must you do to fix the problem?

Does any one have a URL to a good explanation of how this stuff fits together and how it all works?

Thanks
Ron

0
Comment
Question by:rmtye
4 Comments
 
LVL 2

Expert Comment

by:ReinisB
Comment Utility
Try searching on code project for .net encryption.  This is a pretty good starting point: http://www.codeproject.com/KB/security/Crypto.aspx .

The MCTS 70-536 study guide has explanations of .net encryption and security - that's where I found out about encryption more.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
INST02 Is missing the pair of keys that are used/required to decrypt the data.
0
 
LVL 11

Accepted Solution

by:
techhealth earned 125 total points
Comment Utility
Do you understand how the symmetric key is "protected" by the db master key? And by the same token, database key "protected" by the service master key?  That's the key (no pun intended) to understand a question like the one you mentioned.  All the protection is based on encryption by certificate.  And there's an encryption chain from the highest SMK (service master key) to DMK (database master key) to database encryption key (DEK).  You have to have the key to decrypt anything at its lower levels.  Then it's easier to understand why the new instance can't decrypt database:  the upper level of the protection chain for DEK - DMK - is missing, which was stored in the original master database.

Here's a good explanation of the concepts:
http://msdn.microsoft.com/en-us/library/cc278098.aspx



0
 

Expert Comment

by:adeel289
Comment Utility
Can any one send me this "Microsoft Self Paced 70-432" book in the soft form?
it would be a great help from you to me.
Thank you ,
Adeel Shafqat
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

In SQL Server, when rows are selected from a table, does it retrieve data in the order in which it is inserted?  Many believe this is the case. Let us try to examine for ourselves with an example. To get started, use the following script, wh…
In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now