locked
DEK RRS feed

  • Question

  • Hi

    I do have DEK encypted with Asymmetric Key on EKM PRovider. I need to upgrade my EKM Provider DLL.Do we need to decrypt the database first or unregistering the cryptographic provider and registering with new Cryptographic provider will work.

    Thursday, December 3, 2015 8:03 AM

Answers

  • Hi RajivKan,

    Based on my research, when upgrading EKM Provider DLL, we must use the ALTER CRYPTOGRAPHIC PROVIDER statement. There is an example for your reference.

    ALTER CRYPTOGRAPHIC PROVIDER SecurityProvider 
    
    DISABLE;
    
    GO
    
    ALTER CRYPTOGRAPHIC PROVIDER SecurityProvider
    
    FROM FILE = 'c:\SecurityProvider\SecurityProvider_v2.dll';
    
    GO
    
    ALTER CRYPTOGRAPHIC PROVIDER SecurityProvider 
    
    ENABLE;
    
    GO
    


    After that, you can generate a new  ASYMMETRIC KEY and alter the database encryption key to use the newly ASYMMETRIC KEY by executing the following commands. In this way, the entire database will be re-encrypted.

    Use <Yourdatabase>
    go
    ALTER DATABASE ENCRYPTION KEY ENCRYPTION BY SERVER ASYMMETRIC KEY Encryptor_Name 
    go
    
    


    Reference:
    ALTER CRYPTOGRAPHIC PROVIDER (Transact-SQL)
    ALTER DATABASE ENCRYPTION KEY (Transact-SQL)



    Thanks,
    Lydia Zhang


    Lydia Zhang
    TechNet Community Support



    Friday, December 4, 2015 5:48 AM