For this reason, you should back up the database master key and store the backup in a secure off-site location. If it's deleted or corrupted, SQL Server may be unable to decrypt those keys, and the data encrypted using them will be effectively lost.
The database master key is used to encrypt other keys and certificates inside a database. A DMK that is not encrypted by the service master key must be opened by using the OPEN MASTER KEY statement and a password.This topic describes how to back up a database master key in SQL Server by using Transact-SQL. However, this default can be changed by using the DROP ENCRYPTION BY SERVICE MASTER KEY option of the ALTER MASTER KEY statement. The copy of the DMK stored in the master system database is silently updated whenever the DMK is changed. It is stored in both the database where it is used and in the master system database. To enable the automatic decryption of the master key, a copy of the key is encrypted by using the SMK. When it is created, the master key is encrypted by using the Triple DES algorithm and a user-supplied password. It can also be used to encrypt data, but loker it has length limitations that make it less practical for data than using a symmetric key. The database master key is a symmetric key that is used to protect the private keys of certificates and asymmetric keys that are present in the database. The service master key can only be decrypted by the service account under which it was created or by a principal that has access to the machine's credentials.
The DPAPI uses a key that is derived from the Windows credentials of the SQL Server service account and the computer's credentials. The SMK is encrypted by using the local computer key using the Windows Data Protection API (DPAPI). The SMK is automatically generated the first time the SQL Server instance is started and is used to encrypt a linked server password, credentials, and the database master key.
SQL Server has two primary applications for keys: a service master key (SMK) generated on and for a SQL Server instance, and a database master key (DMK) used for a database.
0 kommentar(er)
