Database Master Key
By defualt, it is protected by password.
We need to manually change the protection to SMK.
It need to create manually.
It use AES algorithm with 256 length.
Single DMK defined for each database.
Show Current DMK
show database AdventureWorks2016’s DMK information
Create DMK
Create DMK for database ‘AdventureWorks2016’ with password ‘P@ssw0rd’
Drop DMK
If this DMK is used to encrypt Asymmetric Keys & Certificates, this DMK is unable to drop.
Backup DMK
Backup DMK named as DMK.dat at SQL Server’s C:\SMK\ with password ‘P@ssw0rd’
Restore DMK
When we restore DMK, SQL Server will decrypt all key and then use the restored DMK to encrypt all key again.
If the decryption fail, the restored will fail.
We use force restore but it will cause loss of data.
DECRYPTION is the password which you set in Backup DMK.
ENCRYPTION is the password which you set in Create DMK.
Using SMK to protect DMK
Regenerate DMK
When we regenerate DMK, SQL Server will decrypt all key and then use the new DMK to encrypt all key again.
If the decryption fail, the regenerate will fail.
We use force regenerate but it will cause loss of data.
Drop existed password from DMK
If the password does not existed, it will return error ‘Cannot drop encryption by password ‘********’.’
1 thought on “Database Master Key”
Comments are closed.