locked
TDE Certificate Expiry Significance RRS feed

  • Question

  • Hi All,

    1. I have TDE enabled on my SQL 2016 STD Cluster DB. what is significance of Expiry Date for TDE certificate created.

    2. As i came across blogs that say TDE will work without any issue even if certificate expires. However it will create an point from Audit perspective as Certificate is been already expired.

    3. Can we use HSM (Hardware security module) to integrate with SQL TDE?any steps will be appreciated.

    Thanks in Advance.

    AKash


    Regards, AKash Pawar

    Tuesday, July 23, 2019 6:12 PM

Answers

  • Hi Akash Pawar,

     

    >>I have TDE enabled on my SQL 2016 STD Cluster DB. what is significance of Expiry Date for TDE certificate created.

     

     You need to change certificate regularly. After old certificate is expired you can create a new certificate just in case someone copied this certificate or steals it , just like you change password.

     

    >>As i came across blogs that say TDE will work without any issue even if certificate expires. However it will create an point from Audit perspective as Certificate is been already expired.

     

    the Database Encryption Key (DEK) in the user database is the key that encrypts the data at rest. DEK is the symmetric key stored in the user database boot record. The certificate which is stored in the master database is used to secure and protect the DEK. This is why data at rest encrypted with TDE will still work even after the certificate used in TDE has expired.

     

    When you restore a backup of this certificate on another instance, you will get a warning that the certificate expires.

     

    >>Can we use HSM (Hardware security module) to integrate with SQL TDE?any steps will be appreciated.

     

    Yes, you can. Using TDE with extensible key management (EKM) and an HSM separates your database files from your encryption key, which reduces your vulnerability risk if either your database system or your HSM were compromised. During encryption and decryption processes, the encryption key never leaves the HSM, so SQL Server can only send requests to the HSM but never has access to the key itself.Please refer to https://techcommunity.microsoft.com/t5/Azure-SQL-Database/Feature-Spotlight-Transparent-Data-Encryption-TDE/ba-p/386117

     

    Best regards,

    Dedmon Dai


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com


    Wednesday, July 24, 2019 5:35 AM

All replies

  • Hi Akash Pawar,

     

    >>I have TDE enabled on my SQL 2016 STD Cluster DB. what is significance of Expiry Date for TDE certificate created.

     

     You need to change certificate regularly. After old certificate is expired you can create a new certificate just in case someone copied this certificate or steals it , just like you change password.

     

    >>As i came across blogs that say TDE will work without any issue even if certificate expires. However it will create an point from Audit perspective as Certificate is been already expired.

     

    the Database Encryption Key (DEK) in the user database is the key that encrypts the data at rest. DEK is the symmetric key stored in the user database boot record. The certificate which is stored in the master database is used to secure and protect the DEK. This is why data at rest encrypted with TDE will still work even after the certificate used in TDE has expired.

     

    When you restore a backup of this certificate on another instance, you will get a warning that the certificate expires.

     

    >>Can we use HSM (Hardware security module) to integrate with SQL TDE?any steps will be appreciated.

     

    Yes, you can. Using TDE with extensible key management (EKM) and an HSM separates your database files from your encryption key, which reduces your vulnerability risk if either your database system or your HSM were compromised. During encryption and decryption processes, the encryption key never leaves the HSM, so SQL Server can only send requests to the HSM but never has access to the key itself.Please refer to https://techcommunity.microsoft.com/t5/Azure-SQL-Database/Feature-Spotlight-Transparent-Data-Encryption-TDE/ba-p/386117

     

    Best regards,

    Dedmon Dai


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com


    Wednesday, July 24, 2019 5:35 AM
  • Hi Dedmon Dai,

    Thanks for up to the mark answers.


    Regards, AKash Pawar

    Thursday, July 25, 2019 6:02 PM