SYMMETRIC KEY Incorrect syntax near 'TRIPLE_DES'

  • Hi All


    I'm using SQL2016

    I'm having an issue with a piece of code generated in SQL2008

    Sample code below

    This returns Incorrect syntax near 'TRIPLE_DES'.

    So, looking around, it appears as though TRIPLE_DES has been deprecated

    Is there an obvious replacement for TRIPLE_DES here?


    - Damian

  • As you're on 2016 you have to use AES_128, AES_192, or AES_256; all other algorithms have been deprecated. As per the documentation if you want to use a different (deprecated) algorithm you need to use compatibility mode 120 or lower on the database you are creating the key on.


    Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.

  • Use AES. You'll have to decrypt, encrypt your data, but it's more secure.

  • Thanks, I'll look at AES as I'd like to move this project into 2016

    - Damian

  • Appreciate I could test this but what if i just changed the line WITH ALGORITHM = TRIPLE_DES to WITH ALGORITHM = AES_128

    Or is it not that simple?


    - Damian

  • You can do that, but the key will not decrypt any data that you've already encrypted. These symmetric keys are deterministic with the same identity and key source, so you can create these and use them to encrypt data, drop them, then create them later to decrypt data.

    This management of keys across time is a tricky business, so be careful how you convert this.

  • This was removed by the editor as SPAM

  • Thanks Steve

    In this instance, the table is truncated before been populated and encrypted so it sounds like it should be fine (I will test though).

    It is decrypted fairly soon after

    I get your point regarding existing encrypted data and that makes sense as it would try to use the new algorothm for the decryption of data encrytped using a different algorithm.

    - Damian

  • This was removed by the editor as SPAM

  • This was removed by the editor as SPAM

Viewing 10 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply