Assume I've backed up a SQL Server database with Management Studio, and that database have some encrypted columns. Now I want to restore this database into another fresh-enrolled MSSQL server. To use encrypted columns I had to:
- Create database master key;
- Create certificate;
- Create symmetric key.
Which of those are stored along with backup, and which I should backup manually and restore on the other server manually as well? I see there is SQL statements backup master key, restore master key, backup certificate, create certificate ... from file. So, along with database itself, there are:
- Master key;
- Master key password;
- Certificate;
- Certificate private key;
- Symmetric key.
So what (and how) should I deal with when I restore my database on a fresh server? Thank you!
-
Have you used TDE to encrypt data in the source system?M.Ali– M.Ali2021年04月09日 11:19:09 +00:00Commented Apr 9, 2021 at 11:19
-
@M.Ali no, I use column encryption with EncryptByKey / DecryptByKey functions.nyan-cat– nyan-cat2021年04月09日 11:23:45 +00:00Commented Apr 9, 2021 at 11:23
2 Answers 2
You are using column encryption. This is not always-encrypted. When you backup your data base and restore it, you only need to recover the master key. Anything else will be restored through the backup file.
You can restore the master key with this command:
USE [Your_DB_Name]
GO
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'Your_MasterKey_Password'
ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY
CLOSE MASTER KEY
To restore a TDE enabled backups on a different server, you need to do the following:
- Backup Certificate along with the databases on the source system
- Ensure there is already a master key on the destination server if not create one
- Create certificate on the target server from the Backup files (Certificate backup file and the private key file) from the source server
- Finally, restore backup and it should work.