Scribd
Upload
8 views4 pages

TDENEWdoc

Uploaded by

darga shaik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
8 views4 pages

TDENEWdoc

Uploaded by

darga shaik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

TDE: Transparent data encryption is used to secure our database

backup files and database files.

Create Master Key


Step1:
USE master;
GO

CREATE MASTER KEY


ENCRYPTION BY PASSWORD = 'Test@123';
GO

Create certificate
Step2:
USE master;
GO

CREATE CERTIFICATE TDECERT1


WITH SUBJECT = 'DBATDECERTIFICATE';
GO
STEP3:
Create Database Encryption Key

USE DynamicsAX

GO

CREATE DATABASE ENCRYPTION KEY


WITH ALGORITHM = AES_256
ENCRYPTION BY SERVER CERTIFICATE TDECERT1;
GO

Warning: The certificate used for encrypting the database encryption key has not
been backed up. You should immediately back up the certificate and the private
key associated with the certificate. If the certificate ever becomes unavailable
or if you must restore or attach the database on another server, you must have
backups of both the certificate and the private key or you will not be able to
open the database.

STEP4:
Enable TDE on the user database
USE [AdventureWorks2016]

GO

ALTER DATABASE AdventureWorks2016


SET ENCRYPTION ON;

GO
Step5:

Back up the certificate

Back up the certificate is important to restore


TDE enabled database backup file without
this we can’t restore db
Use Master

go

Backup certificate TDECERT1

TO FILE='C:\SQLTesting\TDECERT1CERT\TDECERT1. cer'

with private key(file='C:\SQLTesting\TDECERT1CERT\TDECERT1. key',

encryption by password='Test@1234')

-Run this on destination server to create the database master key


CREATE MASTER KEY
ENCRYPTION BY PASSWORD = 'SecondServerPassw0rd!';
GO

-- Restoring the certificate and the private key on destination server


CREATE CERTIFICATE TDECer
FROM FILE = N'C:\SQLBackups\TDECert.cer'
WITH PRIVATE KEY (
FILE = N'C:\SQLBackups\TDECert_key.pvk',
DECRYPTION BY PASSWORD = 'APrivateKeyP4ssw0rd!'
);
GO

After this, try to restore the database again. The restore will complete successfully.

We can’t restore TDE enabled database without certificate

Create a Master Key in destination server.

The password provided here is different from the one we used in the source server since we are

creating a new master key for this server.

USE master
GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'D1ffPa$$w0rd'

After a master key has been created, create a certificate by importing the certificate we created
earlier. Here the ‘Decryption By Password’ parameter is same as that provided to export the certificate
to a file

You might also like