locked
some questions about EKM RRS feed

  • Question

  •  

    1

    Say i have a symmetric key and use it encrypt some data in database . 

    I can remove it from the device after i store it  in an off-box device with EKM?

    Then i can decrypt the data with the key through EKM?

     

    2 is there some document about how to implement EKM interface ?

    Wednesday, March 26, 2008 10:14 AM

Answers

  • Hi,

     

    Answers to your questions:

    1 - You cannot export or import a key from database into an EKM device.

    2 - The documentation for the SQLEKM interface is currently provided only to KM/HSM vendors under a non-disclosure agreement and a technical document agreement.  If you fall into this category, then let me know and I'd be happy to begin discussions.

     

    Thanks,

    Il-Sung

    SQL Server Engine Security PM

    Friday, March 28, 2008 12:22 AM

All replies

  • Hi,

     

    Answers to your questions:

    1 - You cannot export or import a key from database into an EKM device.

    2 - The documentation for the SQLEKM interface is currently provided only to KM/HSM vendors under a non-disclosure agreement and a technical document agreement.  If you fall into this category, then let me know and I'd be happy to begin discussions.

     

    Thanks,

    Il-Sung

    SQL Server Engine Security PM

    Friday, March 28, 2008 12:22 AM
  • Sunday, May 25, 2008 8:20 AM
  • EKM device can be used to store the asymmetric key used to encrypt the DEK.

    Regards,
    Ankit
    Thursday, May 28, 2009 5:13 AM