The key itself is created by the SQL Server setup and is generated by the Windows Data Protection API. This key is a Symmetric Key also used within the instance to directly encrypt remote login details for items such as Linked Servers. This sits at the top of the encryption hierarchy and is the principal under which all objects are secured. Looking at the above hierarchy we can see, as the root node, the Service Master Key. Asymmetric keys have extra layers of protection such as a public key and a private key pair for encryption and decryption, this process is slower however and usually requires more CPU effort. There are advantages and disadvantages of both, specifically, Symmetric keys are quick and easy to apply and use the same security descriptor for encryption and decryption. It's important to understand the difference between Symmetric keys and Asymmetric keys. More information may be found on the encryption hierarchy at this link. These are all required in the support of Transparent Database Encryption and Encrypted Backups (new in SQL Server 2014).įirstly, I would like to refer back to the SQL Server encryption hierarchy provided in Books Online by Microsoft Corporation. I want to focus mainly on Service Master Keys, Database Master Keys and Server Certificates. There still seems to be an increased amount of confusion as to how this security side of SQL Server actually works. To check it alltogether I decided to check for existense of database master keys, as DMKs could be created in every database.Welcome to my latest article, which looks into the encryption hierarchy within SQL Server. I got the appointment of checking several instances (each hosting 20 to 30 databases), because the higher ups are afraid someone "could have implemented" some kind of encryption (TDE etc). I'm much more a DB admin than programmer, so I really got lots of stuff I do not know regarding building my own querys - sorry for that 😉
0 kommentar(er)
