The password for the private key does not have to be the same as the database master key password. You must retain copies of both the certificate file and the private key file in order to recover the certificate. For more information, see Transparent Data Encryption (TDE). The certificate or asymmetric key must be installed in the master database of the destination server, so that SQL Server can access the database files. When moving a TDE protected database, you must also move the certificate or asymmetric key that is used to open the DEK. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. TDE performs real-time I/O encryption and decryption of the data and log files. This topic describes how to protect a database by using transparent data encryption (TDE), and then move the database to another instance of SQL Server by using SQL Server Management Studio or Transact-SQL. Applies to: SQL Server (all supported versions)
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |