error in backup encryption

Question

error in backup encryption

joujousagem2006 1602

SSCommitted

Points: 1779
More actions
April 21, 2018 at 8:43 am

#330517

Hello everyone
I need to encrypt my backup sql If I start the operation of the backup
I come to have this error

Who has an idea about the root cause of this error
Here is the script I used for creating the certificate
CREATE CERTIFICATE Shipping04 ENCRYPTION BY PASSWORD = 'pGFD4bb925DGvbd2439587y' WITH SUBJECT = 'backup_Encryption', EXPIRY_DATE = '20301031'; GO
thank you

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply

AlexSQLForums SSChampion Points: 14277 More actions · Answer 1

Run the following in master to confirm if your cert is bound to your db
SELECT DB_NAME(db.database_id) DbName, db.encryption_state,cer.thumbprint,db.key_algorithm,db.key_length , encryptor_type, cer.name, cer.expiry_date, cer.subject FROM sys.dm_database_encryption_keys db INNER JOIN sys.certificates cer ON db.encryptor_thumbprint = cer.thumbprint

Alex S

Jeff Moden SSC Guru Points: 1003867 More actions · Answer 2

Hopefully you didn't just publish a real password. 😉

--Jeff Moden

RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

Change is inevitable... Change for the better is not.

Helpful Links:
How to post code problems
How to Post Performance Problems
Create a Tally Function (fnTally)

Perry Whittle SSC Guru Points: 233866 More actions · Answer 3

joujousagem2006 1602 - Saturday, April 21, 2018 8:43 AM
Hello everyone
I need to encrypt my backup sql If I start the operation of the backup
I come to have this error

Who has an idea about the root cause of this error
Here is the script I used for creating the certificate
CREATE CERTIFICATE Shipping04 ENCRYPTION BY PASSWORD = 'pGFD4bb925DGvbd2439587y' WITH SUBJECT = 'backup_Encryption', EXPIRY_DATE = '20301031'; GO
thank you

SQL Server is doing exactly what you told it to do 😉

Sadly, you told the database engine when creating the certificate, do not protect the private key with the database master key
use a password instead. This would be a little more what you're probably after

use master

go

CREATE CERTIFICATE Shipping04 AUTHORIZATION [someuser] WITH SUBJECT = 'backup_Encryption', EXPIRY_DATE = '20301031'

Or alter the certificate to use DMK using

ALTER CERTIFICATE Shipping04 WITH PRIVATE KEY (DECRYPTION BY PASSWORD = 'pGFD4bb925DGvbd2439587y')

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" 😉