Home Forums Article Discussions Article Discussions by Author Discuss Content Posted by Steve Jones TDE and Backups RE: TDE and Backups

  • August 11, 2011 at 5:57 am

    #1367205

    From the referenced article...

    Transparent data encryption (TDE) performs real-time I/O encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module.

    ....

    Note

    When enabling TDE, you should immediately back up the certificate and the private key associated with the certificate. If the certificate ever becomes unavailable or if you must restore or attach the database on another server, you must have backups of both the certificate and the private key or you will not be able to open the database.

    From the article, I didn't consider DEK == certificate