Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I duplicate a SQL Server symmetric key?

We have a server with a database that has a symmetric key (Database -> Security -> Symmetric Key). We have a backup duplicate databases that we are using as a test databases, but we don't have this key in there.

How can I duplicate this symmetric key (or make a new one exactly like the old) and put it in the existing databases? It has to have the same value and key-name as the other one.

This is on SQL Server 2008.

alt text

like image 204
rlb.usa Avatar asked Apr 02 '10 20:04

rlb.usa


People also ask

Does symmetric encryption use two keys?

There are three primary types of modern encryption: symmetric, asymmetric, and hashing. Symmetric cryptography uses a single key to encrypt and decrypt. Asymmetric cryptography uses two keys, one to encrypt and the other to decrypt. Hashing is a one-way cryptographic transformation using an algorithm, but no key.

How are symmetric keys shared?

Symmetric key cryptography relies on a shared key between two parties. Asymmetric key cryptography uses a public-private key pair where one key is used to encrypt and the other to decrypt. Symmetric cryptography is more efficient and therefore more suitable for encrypting/decrypting large volumes of data.

How is a symmetric key generated?

Symmetric algorithms require the creation of a key and an initialization vector (IV). You must keep this key secret from anyone who shouldn't decrypt your data. The IV doesn't have to be secret but should be changed for each session. Asymmetric algorithms require the creation of a public key and a private key.

How many keys are used in symmetric key?

Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic data. The entities communicating via symmetric encryption must exchange the key so that it can be used in the decryption process.


1 Answers

When you create your symmetric key in the first place, ensure you are using the KEY_SOURCE, IDENTITY_VALUE and ALGORITHM parameters.

If you haven't already, create the database master key and certificate to protect your symmetric key.

-- Create Database Master Key 
CREATE MASTER KEY ENCRYPTION BY
PASSWORD = 'Your Database Master Key Password here' 
GO

-- Create Encryption Certificate 
CREATE CERTIFICATE MyCertificateName
WITH SUBJECT = 'Your Certificate Description Here' 
GO

-- Create Symmetric Key
CREATE SYMMETRIC KEY MyKeyName WITH
IDENTITY_VALUE = 'Enter a key description',
ALGORITHM = AES_256, 
KEY_SOURCE = 'Enter a key phrase here (keep very secret)'
ENCRYPTION BY CERTIFICATE MyCertificateName;
  • The IDENTITY_VALUE parameter is used to create the guid in sys.symmetric_keys table, which needs to be the same in both databases to work.

  • The KEY_SOURCE parameter is used to create the actual key itself, so make sure this is exactly the same and well protected.

  • The ALGORITHM is of course which algorithm sql server uses to encrypt and decrypt the data, which must be the same to work.

You should be able to run the above script on both databases (replaced with your own values of course) and it will successfully decrypt data encrypted in the other database.

If your existing key wasn't created this way, you are going to have to decrypt everything with your old key and re-encrypt it back with the new one.

A couple of good sources on key creation can be found here:

like image 193
Ben Cull Avatar answered Oct 05 '22 11:10

Ben Cull