TDE question
-
I have a TDE Question.
After I restore a database that is TDE enabled from one server to another server, does it still TDE enabled?For example I restored the certificate before restore the database, I see in below statement it has DeEncryption, does it mean the database no longer encrypted, how can I make it TDE again? Thanks
-- Restoring the certificate,with the private key:
CREATE CERTIFICATE TDECert FROM FILE = 'C:\SQLBackups\TDECert.cer' WITH PRIVATE KEY ( FILE = N'C:\SQLBackups\TDECert_key.pvk', DECRYPTION BY PASSWORD = 'APrivateKeyP4ssw0rd!' );
-
If the DB was encrypted when the Backup was taken, the DB is at the point of Restore still encrypted.
In order for YOU to be able to do anything with the encrypted DB, you need to restore the required Certificate and if required provide a password with it. Once you have access to your Certificate you (or in this case MSSQL) can use this info to make your encrypted DB readable for you again.
The DB is still encrypted unless you turned off TDE after decrypting the DB. To verify your DB still uses TDE, do a right click on your DB -> Options
and Encryption Enabled should be still set to True.
-
Thanks.
Then what does DECRYPTION word mean in the create certificate statement? THanks- Restoring the certificate,with the private key:
CREATE CERTIFICATE TDECert FROM FILE = 'C:\SQLBackups\TDECert.cer' WITH PRIVATE KEY ( FILE = N'C:\SQLBackups\TDECert_key.pvk', DECRYPTION BY PASSWORD = 'APrivateKeyP4ssw0rd!' );
-
When the certificate you're restoring was originally backed up, it was encrypted with a password. Which, if you think about it, is only sensible, as anyone who gets the certificate files, if they were not password-protected / encrypted, would have the keys to your database.
So the "DECRYPTION BY PASSWORD" portion is "unlocking" the private key for that certificate.
-
I got it. Thanks
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply