Menu
We would like to use SQL Server Encryption to encrypt a couple of columns within our databases. We also need to transfer data between our production and test environment. It seems like the best solution would be to use the same master key, certificate, and symmetric key on the production and test servers so that I could encrypt or decrypt the columns in either production or test environments with the same results.
So far I have tried using the same create script in both environments which did not work. It encrypted on one server but did not decrypt on the other after data was transferred to the other server:
use <database name>
CREATE MASTER KEY ENCRYPTION BY
PASSWORD = <password1>
use <database name>
CREATE CERTIFICATE <certificate name>
WITH SUBJECT = <certificate subject>
use <database name>
CREATE SYMMETRIC KEY <key name>
WITH ALGORITHM = AES_256
ENCRYPTION BY CERTIFICATE <certificate name>
And I have tried creating the master key, certificate, and symmetric key on one server and then restoring it on the other which doesn’t seem to create the key and therefore doesn’t work either.
use <database name>
OPEN MASTER KEY DECRYPTION BY PASSWORD = <password1>
BACKUP MASTER KEY TO FILE = 'c:\masterkey.txt'
ENCRYPTION BY PASSWORD = <password2>
use <database name>
BACKUP CERTIFICATE <certificate name> TO FILE = 'c:\Cert.txt'
WITH PRIVATE KEY ( FILE = 'c:\Key.txt' ,
ENCRYPTION BY PASSWORD = <password3> )
use <database name>
RESTORE MASTER KEY
FROM FILE = 'c:\masterkey.txt'
DECRYPTION BY PASSWORD = <password2>
ENCRYPTION BY PASSWORD = <password1>
use <database name>
OPEN MASTER KEY DECRYPTION BY PASSWORD = <password1>
CREATE CERTIFICATE <certificate name>
FROM FILE = 'c:\Cert.txt'
WITH PRIVATE KEY (FILE = 'c:\Key.txt',
DECRYPTION BY PASSWORD = <password3>)
How can I encrypt on one SQL Server and decrypt on another?
943
Two types of encryption algorithms can be used by the encryption key server: symmetric algorithms and asymmetric algorithms. Symmetric, or secret key encryption, uses a single key for both encryption and decryption.
Make sure you have enabled Always Encrypted for the database connection for the Query Editor window, from which you will run a SELECT query retrieving and decrypting your data. This will instruct the . NET Framework Data Provider for SQL Server (used by SSMS) to decrypt the encrypted columns in the query result set.
We found that when encrypting on the first server, you create the symmetric key specifying the key source and the identity value. Then when decrypting on the other server, you specify the same key source and identity value when creating that symmetric key.
189
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
