Solved

Need explanation of keys and encryption for SQL Server 2008

Posted on 2009-04-04
4
394 Views
Last Modified: 2012-08-13
Im studying for my MCTS for SQL Server 2008. Ive read both the MCTS 70-432 self paced training kit and SQL Server 2008 step by step; but, I still seem to be missing something. For example I have trouble with the following question from the self paced test questions (even when I look at the correct answer):

You have implemented encryption using a symmetric key in the Cosmos database on INST01, which is protected by a database master key, which is in turn protected by the service master key of INST01. You restore the database to INST02 and are unable to decrypt the data. What must you do to fix the problem?

Does any one have a URL to a good explanation of how this stuff fits together and how it all works?

Thanks
Ron

0
Comment
Question by:rmtye
4 Comments
 
LVL 2

Expert Comment

by:ReinisB
ID: 24069305
Try searching on code project for .net encryption.  This is a pretty good starting point: http://www.codeproject.com/KB/security/Crypto.aspx .

The MCTS 70-536 study guide has explanations of .net encryption and security - that's where I found out about encryption more.
0
 
LVL 77

Expert Comment

by:arnold
ID: 24069988
INST02 Is missing the pair of keys that are used/required to decrypt the data.
0
 
LVL 11

Accepted Solution

by:
techhealth earned 125 total points
ID: 24070161
Do you understand how the symmetric key is "protected" by the db master key? And by the same token, database key "protected" by the service master key?  That's the key (no pun intended) to understand a question like the one you mentioned.  All the protection is based on encryption by certificate.  And there's an encryption chain from the highest SMK (service master key) to DMK (database master key) to database encryption key (DEK).  You have to have the key to decrypt anything at its lower levels.  Then it's easier to understand why the new instance can't decrypt database:  the upper level of the protection chain for DEK - DMK - is missing, which was stored in the original master database.

Here's a good explanation of the concepts:
http://msdn.microsoft.com/en-us/library/cc278098.aspx



0
 

Expert Comment

by:adeel289
ID: 25579231
Can any one send me this "Microsoft Self Paced 70-432" book in the soft form?
it would be a great help from you to me.
Thank you ,
Adeel Shafqat
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have heard of RFC822 date formats, they can be quite a challenge in SQL Server. RFC822 is an Internet standard format for email message headers, including all dates within those headers. The RFC822 protocols are available in detail at:   ht…
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now