locked
[SQLServer2005] I don't have a database master key, I still can create a symmetric key. Why? RRS feed

  • Question

  • When I don't have master key for AdventureWorks, I still can do this:

     

    CREATE SYMMETRIC KEY Test

    WITH ALGORITHM = DES

    ENCRYPTION BY PASSWORD = 'abc123.';

     

    What if I create a symmetric key without database master key?

    I read MSDN but it doesn't say about this.

    Saturday, November 13, 2010 7:55 AM

Answers

  • The SQL Server Books Online (http://msdn.microsoft.com/en-us/library/ms188357.aspx) says: "when a symmetric key is encrypted with a password instead of the public key of the database master key, the TRIPLE DES encryption algorithm is used."  So the database master key does not come into play here.  The database master key would be needed indirectly if you instead protected the symmetric key with an asymmetric key or certificate that was encrypted with the database master key.


    Dan Guzman, SQL Server MVP, http://weblogs.sqlteam.com/dang/
    Saturday, November 13, 2010 7:25 PM