First, you probably should have someone else responsible for setting this up or working with you. Encryption is serious business and if you lose keys, you lose data. Microsoft is not going to be able to help you recover stuff. Once the keys are gone, the data is gone.

In terms of the keys, the system creates the service master key. You want this if you need to recover this instance without re-installing everything. It's less critical than other keys. The master key was created by someone, which is fine. You want a backup of this if you are trying to recover this database or restore it elsewhere. You need this key.

Can you run this?

Use Master;

go

BACKUP MASTER KEY TO FILE = 'exportedmasterkey'

ENCRYPTION BY PASSWORD = 'mytest'

If that works, then you are OK.

In terms of your certificate, this is inside the database protected by TDE. This is not tempdb, even though that is protected, you don't care. You don't experiment there.

Here's the code I use in a TDE demo:

USE master

;

go

BACKUP CERTIFICATE TDEPRimer_CertSecurity

TO FILE = 'tdeprimer_cert'

WITH PRIVATE KEY (

FILE = 'tdeprimer_cert.pvk',

ENCRYPTION BY PASSWORD = 'AStr0ngB@ckUpP@ssw0rd4TDEcERT%')

;

go

This should give me two files in my \data folder. Can you do that.