I am using the following statement to backup symmetric key in order to migrate the database to another server:
BACKUP SYMMETRIC KEY PEK
TO FILE = 'c:\symmetric_key'
ENCRYPTION BY PASSWORD = '3dH85Hhk003GHk2597gheij4';
I am getting the following error when I run the above statement.
Incorrect syntax near 'SYMMETRIC'.
Any ideas how to solve this?
Thanks.
Instead of backing up, I created a new key.
Create identical symmetric keys on two servers
I'm trying to use an application external to SQL Server to decrypt data (that I've) encrypted in Azure SQL Database. I can decrypt it natively in SQL Server using DecryptByKey - but I want to do this on the client computer. I know the key_source parameter used to generate the key and I can decode the initialisation vector and cipher data from the field data thanks to this SO post.
The key is being created by:
create symmetric key #tempkey
with algorithm = AES_256,
key_source='*****'
encryption by password = '*****'
I'm not able to find a reference to the key-derivation algorithm used by SQL server to convert the key_source into
the actual key. Sqlity says that the details are not published, however this blog article is getting old now - and I'm hoping that's changed.
Inspecting the key information in sys.key_encryptions:
key_id|thumbprint|crypt_type|crypt_type_desc|crypt_property
259|NULL|ESP2|ENCRYPTION BY PASSWORD V2|NULL
sys.symmetric_keys doesn't appear to yield anything of use
There is a similar SO question here; but the answer refers to using a stored procedure to complete the decryption - which is not what I want to do.
Can anyone point me in the right direction of the key derivation algorithm implementation so that given the known key_source, I can generate the symmetric encryption key value and decrypt the cipher data?
My work-around is to do both encryption and decryption outside of SQL Server, but I'd like to avoid that if I can.
I am trying to saved the data in database table in encrypted format to hide the data store in the database table to be read by the user
Any advice how I can do this with out much effort on application level with less overhead on my application side?
Read this MS SQL Server Encryption Hierarchy
Ex:
-- Open the symmetric key with which to encrypt the data.
OPEN SYMMETRIC KEY SSN_Key_01
DECRYPTION BY CERTIFICATE HumanResources037;
-- Encrypt the value in column NationalIDNumber with symmetric key
-- SSN_Key_01. Save the result in column EncryptedNationalIDNumber.
UPDATE HumanResources.Employee
SET EncryptedNationalIDNumber
= EncryptByKey(Key_GUID('SSN_Key_01'), NationalIDNumber);
MSDN EcryptionByKey syntax
I had a SQL database on a previous server, of which I had a master key and certificate creating using the following syntax:
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'AReallyReallyReallySecurePassword!!!!!'
CREATE CERTIFICATE CPCertificate01 WITH SUBJECT = 'CP Certificate'
CREATE SYMMETRIC KEY SSN_Key_01 WITH ALGORITHM = TRIPLE_DES ENCRYPTION BY CERTIFICATE CPCertificate01
I've done a backup of this database, and now restored it onto a new server (fresh install of SQL Server as well).
When I try to run commands against the database, I get this error:
Cannot find the symmetric key 'SSN_Key_01', because it does not exist
or you do not have permission.
However if I run this code...
select * from sys.symmetric_keys
...I can see SSN_Key_01 listed in the result set.
I also get other errors relating the master key not existing.
Can anyone please guide me as to how I can recreate the encryption settings on the new server without losing any of my data? I still have access to the old server if required. Thanks.
I have backed up an encrypted DB (symmetric key/certificate) and
restored it on a different server.
Unfortuantely we're having problems with the decryption... hoping
someone can help.
In the restored db, I can see the Symmetric Key and the Certificate in
SSMS, but when I try to Open the key using the cert ( open symmetric
key KeyA decryption by certificate CertB )I get the
following very descriptive error:
Msg 15466, Level 16, State 1, Line 1
An error occurred during decryption.
Any ideas?
Thanks in advance.
http://blogs.msdn.com/lcris/archive/2007/11/16/sql-server-2005-restoring-the-backup-of-a-database-that-uses-encryption.aspx answers this:
"When you restore a database that uses encryption features, there is only one thing you need to take care off - if the database master key (DbMK) needs a service master key (SMK) encryption, you need to regenerate this encryption. Note that this encryption is made by default when you create the DbMK, but it may be intentionally dropped, if you want tighter control of access to the encrypted data. Anyway, if you did have such SMK encryption for the DbMK, the steps to regenerate it are the following:
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'password'
ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY
CLOSE MASTER KEY
That's it - the database encryption features should now work as when the backup was taken. Also note that it doesn't matter if you restore the database on the server where the backup was taken or elsewhere. The only thing that matters for this procedure is that you know one of the passwords protecting the DbMK "
The master key was decrypted by the service master key on the source server and we were decrypting the master key with password on the destination. I altered the master key to be decrypted by the service master key and it's working now.
The problem you are probably experiencing is that the Database Master Key for the servers is different. To my understanding the other keys are based off of this and it could cause problems when trying to decrypt the data. Check out the encryption hierarchy for a description of the steps that go into data encryption.
I hope this answer helps and isn't too off-track. :)
http://social.msdn.microsoft.com/forums/en-US/sqlsecurity/thread/34c9c35c-2d08-4873-abfd-aae40240dfe7/?prof=required
That link worked for me, follow the 2 links to backup/restore
You can do the restore from the destination server using a UNC, you do not have to copy the file.