Solved

Need explanation of keys and encryption for SQL Server 2008

Posted on 2009-04-04
4
400 Views
Last Modified: 2012-08-13
Im studying for my MCTS for SQL Server 2008. Ive read both the MCTS 70-432 self paced training kit and SQL Server 2008 step by step; but, I still seem to be missing something. For example I have trouble with the following question from the self paced test questions (even when I look at the correct answer):

You have implemented encryption using a symmetric key in the Cosmos database on INST01, which is protected by a database master key, which is in turn protected by the service master key of INST01. You restore the database to INST02 and are unable to decrypt the data. What must you do to fix the problem?

Does any one have a URL to a good explanation of how this stuff fits together and how it all works?

Thanks
Ron

0
Comment
Question by:rmtye
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 2

Expert Comment

by:ReinisB
ID: 24069305
Try searching on code project for .net encryption.  This is a pretty good starting point: http://www.codeproject.com/KB/security/Crypto.aspx .

The MCTS 70-536 study guide has explanations of .net encryption and security - that's where I found out about encryption more.
0
 
LVL 78

Expert Comment

by:arnold
ID: 24069988
INST02 Is missing the pair of keys that are used/required to decrypt the data.
0
 
LVL 11

Accepted Solution

by:
techhealth earned 125 total points
ID: 24070161
Do you understand how the symmetric key is "protected" by the db master key? And by the same token, database key "protected" by the service master key?  That's the key (no pun intended) to understand a question like the one you mentioned.  All the protection is based on encryption by certificate.  And there's an encryption chain from the highest SMK (service master key) to DMK (database master key) to database encryption key (DEK).  You have to have the key to decrypt anything at its lower levels.  Then it's easier to understand why the new instance can't decrypt database:  the upper level of the protection chain for DEK - DMK - is missing, which was stored in the original master database.

Here's a good explanation of the concepts:
http://msdn.microsoft.com/en-us/library/cc278098.aspx



0
 

Expert Comment

by:adeel289
ID: 25579231
Can any one send me this "Microsoft Self Paced 70-432" book in the soft form?
it would be a great help from you to me.
Thank you ,
Adeel Shafqat
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data architecture is an important aspect in Software as a Service (SaaS) delivery model. This article is a study on the database of a single-tenant application that could be extended to support multiple tenants. The application is web-based develope…
In this article I will describe the Backup & Restore method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question