To be more precise, the certificate private key is the one encrypted by the master key and you can see that under the Remarks section of the CREATE MASTER KEY doc: Isn't the certificate encrypted by the master key? So this also eliminates the possibility that it lets me restore the encrypted DB (even with a different master key) due to the master key being encrypted (and hence "recognised") by the service master key - since on the other instance the service master key should be different. I also tried to restore this DB on another instance (after creating a new master key with a different password and after restoring the certificate as per above) and it still allowed me to restore this DB. Isn't the certificate encrypted by the master key? If so, how does it let you proceed even with a different password for the master key? Also if this is the case, why do we need to backup the master key? When we can just create a new one with a different password and all works well. 'newpassword123!' instead of 'test123!', it will still let you restore the certificate and the DB. My issue is that even if you provide a different password than what you originally used to create the master key (e.g. So I create the master key, restore the certificate from the certificate backup that was taken above and then it lets me restore the DB successfully. Then I take a DB backup using this certificate, delete the DB, certificate and the master key and try to restore the DB which is not possible (I do understand this). I backup this certificate as follows: BACKUP CERTIFICATE CertName TO FILE = 'C:\SQL2019\certbk.cert' Then I create a certificate as follows: CREATE CERTIFICATE CertName I'm trying to understand backup encryption and I have created a master key (in the master DB) and used a password as follows: USE master ĬREATE MASTER KEY ENCRYPTION BY PASSWORD = 'test123!'
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |