Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need explanation of keys and encryption for SQL Server 2008

Posted on 2009-04-04
4
Medium Priority
?
411 Views
Last Modified: 2012-08-13
Im studying for my MCTS for SQL Server 2008. Ive read both the MCTS 70-432 self paced training kit and SQL Server 2008 step by step; but, I still seem to be missing something. For example I have trouble with the following question from the self paced test questions (even when I look at the correct answer):

You have implemented encryption using a symmetric key in the Cosmos database on INST01, which is protected by a database master key, which is in turn protected by the service master key of INST01. You restore the database to INST02 and are unable to decrypt the data. What must you do to fix the problem?

Does any one have a URL to a good explanation of how this stuff fits together and how it all works?

Thanks
Ron

0
Comment
Question by:rmtye
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 2

Expert Comment

by:ReinisB
ID: 24069305
Try searching on code project for .net encryption.  This is a pretty good starting point: http://www.codeproject.com/KB/security/Crypto.aspx .

The MCTS 70-536 study guide has explanations of .net encryption and security - that's where I found out about encryption more.
0
 
LVL 80

Expert Comment

by:arnold
ID: 24069988
INST02 Is missing the pair of keys that are used/required to decrypt the data.
0
 
LVL 11

Accepted Solution

by:
techhealth earned 375 total points
ID: 24070161
Do you understand how the symmetric key is "protected" by the db master key? And by the same token, database key "protected" by the service master key?  That's the key (no pun intended) to understand a question like the one you mentioned.  All the protection is based on encryption by certificate.  And there's an encryption chain from the highest SMK (service master key) to DMK (database master key) to database encryption key (DEK).  You have to have the key to decrypt anything at its lower levels.  Then it's easier to understand why the new instance can't decrypt database:  the upper level of the protection chain for DEK - DMK - is missing, which was stored in the original master database.

Here's a good explanation of the concepts:
http://msdn.microsoft.com/en-us/library/cc278098.aspx



0
 

Expert Comment

by:adeel289
ID: 25579231
Can any one send me this "Microsoft Self Paced 70-432" book in the soft form?
it would be a great help from you to me.
Thank you ,
Adeel Shafqat
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In SQL Server, when rows are selected from a table, does it retrieve data in the order in which it is inserted?  Many believe this is the case. Let us try to examine for ourselves with an example. To get started, use the following script, wh…
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question