SQL Server Performance

TDE - database encryption master key query

Discussion in 'ALL SQL SERVER QUESTIONS' started by Trev256b, May 6, 2013.

  1. Trev256b Member

    1) you have to have a master key created for TDE to work, however, can any master key be created on a SQL instance for any database to be encrypted on the same instance?

    2) i.e. if I cretae TDE and delte the database and the master key remains, can I create a new database that is encrypted by using the pre-existing master key?
  2. Shehap MVP, MCTS, MCITP SQL Server

    We have 2 kind of master keys:

    · SMK (service master key) which should be installed on the entire of SQL instance to link it with the windows cryptographic key of OS

    · DMK ( database master key) which should be created on master DB level

    So if you deleted DB , you don’t need to create again the same DMK but if you are planning to restore DB on a different instance you have to re-create the same DMK with the same password not to impact negatively on the entire of other symmetric keys interrelated with this DMK

    You can find out more details at http://msdn.microsoft.com/en-us/library/bb934049.aspx

    Kindly let me know if any furhter help is needed

Share This Page