Home Forums SQL Server 2012 SQL 2012 - General Restore TDE Database without the Private Key RE: Restore TDE Database without the Private Key

  • February 9, 2016 at 8:50 am

    #1857407

    Do you understand what needs to be done, or do you need more info?

    The certificate is protected by something inside SQL Server. Whatever that protection is must be unlocked to perform a backup. As Perry mentioned, you may or may not need the password here.

    The password on the backup is completely separate to, and unrelated to, the protection on the cert in SQL Server. You can use a new password with every backup, but you want to be sure that you match those up correctly, the backup with the password. Note that you can't overwrite the backup file. If I execute these together, they work, but if I do them again, I get a "can't write into file" error.

    BACKUP CERTIFICATE MyCert

    TO FILE = 'MyCert.cer'

    WITH PRIVATE KEY (

    FILE = 'MyCert.pvk',

    ENCRYPTION BY PASSWORD = 'AStr0ngB@ckUpP@ssw0rd4TDEcERT%'

    , DECRYPTION BY PASSWORD = 'MyCert')

    GO

    BACKUP CERTIFICATE MyCert

    TO FILE = 'MyCert2.cer'

    WITH PRIVATE KEY (

    FILE = 'MyCert2.pvk',

    ENCRYPTION BY PASSWORD = 'NextStr0ngB@ckUpP@ssw0rd4TDEcERT%'

    , DECRYPTION BY PASSWORD = 'MyCert')

    GO