I have done that for testing, and it I think this tells me what I need to know. What I'm trying to prove is that if someone gets both our master DB backup and our encrypted user DB backup, that it is not enough to decrypt the data.

Thanks a bunch!