Database master key

Hi

For encytion in database, the following statement is correct?

I found it in msdn book.

The database master key is not mandatory if you want to encrypt data.

I think the SQL Server Security forum is more appropriate for your question.

Paul A. Mestemaker II
Program Manager
Microsoft SQL Server Manageability
http://blogs.msdn.com/sqlrem/

|||

Yes that is correct. The database master key is not required for data encryption.

Sung

|||

When I tried creating certificate without having database master key, it complained.

After I created, it worked fine.

|||

If you don't have a database master key, you will need to specify password encryption. You can use the following to create the certificate:

create certificate <cert_name> encryption by password = '<your_password>' with subject = '<subject>'

For symmetric keys, asymmetric keys, and certificates, you can always optionally specify and use a password for encryption instead of using the encryption hierarchy. Please check BOL for the proper syntax. They should be similar to " ENCRYPTION BY PASSWORD = '<password>' ". This is very useful for restricting access to this data from database owner (who otherwise automatically has rights to the database master key).

We also have two built-ins that allow you to completely bypass using keys: EncryptByPassPhrase and DecryptByPassPhrase. This is NOT the recommended method for encrypting data, but it may be useful depending on your use scenarios.

Hope this helps, please let me know if you have any further questions,

Sung