Wednesday, September 21, 2011

Transparent Data Encryption


* To provide security for data we can use encryption option.
* To provide security for data and T.Log files of a database as well as backups, we need TDE which  was introduced in SQL Server 2008.
Steps
------
Create a master key
Create or obtain a certificate protected by master key.
Create a database key and protect it by the certificate.
Set the database you want to protect to use the encryption.
--step1:
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'p@ssw0rd';
GO
--step2:
CREATE CERTIFICATE MyTDECert WITH SUBJECT = 'My TDE Certificate'
GO
--step3: To check existing certificates
SELECT * FROM sys.certificates where [name] = 'MyTDECert'
GO
--step4:
Use AdventureWorks
GO
CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_128
ENCRYPTION BY SERVER CERTIFICATE MyTDECert
GO
--step5
ALTER DATABASE AdventureWorks SET ENCRYPTION ON
GO
--Verifying TDE
--step1
    * R.C on database--> Properties -->Options --> Check
        Encryption Enabled: True
--step2:
    Find the current path of the files
    sp_helpdb AdventureWorks

--step3: Detach database
    use master
    go
    sp_detach_db AdventureWorks
    go
--step4:
    Copy data and T.Log files of AdventureWorks into
        d:\AdventureWorks_Files
--step5: Connect to another instance of SQL Server
CREATE DATABASE [AdventureWorks] ON
( FILENAME = 'D:\AdventureWorks_Files\AdventureWorks.mdf'),
( FILENAME = 'D:\AdventureWorks_Files\AdventureWorks_log.ldf')
FOR ATTACH
GO
--The above step fails
--step6: Go to first server take backup of certificate
Use Master
GO
BACKUP CERTIFICATE MyTDECert TO FILE = 'D:\MyTDECert.cert'
 WITH PRIVATE KEY
 (
 FILE = 'D:\EncryptPrivateKey.key',
 ENCRYPTION BY PASSWORD = 'TryToUseOnlyStrongPassword'
 )
GO
--step7: Go to second server where need to attach db
USE [master]
GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'p@ssw0rd';
GO
CREATE CERTIFICATE MyTDECert
 FROM FILE = 'D:\MyTDECert.cert'
 WITH PRIVATE KEY (
 FILE = 'D:\EncryptPrivateKey.key'
 , DECRYPTION BY PASSWORD = 'TryToUseOnlyStrongPassword'
 )
--step8: Run step5 in second server. Now db is attached successfully

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

SQL Server Error Logs

* Error Logs maintains events raised by SQL Server database engine or Agent. * Error Logs are main source for troubleshooting SQL Server...

SQL Server DBA Training

SQL Server DBA Training
SQL Server DBA