Why should I backup the DBMK?.... RRS feed

  • General discussion

  • I need a bird's eye view on this: what keys (Service Master, Database master, etc) should be backed up? When would I need to restore them?

    I gather that if the server containing the encrypted data  fails and we need to restore the data to a rebuilt server,  the DBMK will be needed.  Then again, I'n not sure if we need the DBMK if the encrpyiton was done using only a passphrase and symmetric key. I think DBMK is relevant only when certs are involved.


    Sunday, November 15, 2009 5:57 AM

All replies

  • No.  The DBMK is used with all encryption objects within a database - symmetric keys, asymmetric keys, and certificates.  When you create one of the encryption objects, it is automatically encrypted using the DBMK.  If you specify a pass phrase, you also get the object encrypted using that key.  That is why a database owner can decrypt objects within a database.  Now, if you drop the private key, the one generated by the DBMK encryption, then the only way to access one of the encryption objects is by knowing the pass phrase.  So, you need a backup of the DBMK when you are using it to encrypt an object within the database.

    Mike Hotek BlowFrog Software, Inc. http://www.BlowFrogSoftware.com Affordable database tools for SQL Server professionals
    Monday, November 16, 2009 4:55 AM