locked
Database Encryption RRS feed

  • Question

  • In Transparent Data Encryption, how the data will be( plain text or cipher text ) inside the database? 
    Friday, September 8, 2017 10:27 AM

Answers

  • In Transparent Data Encryption, how the data will be( plain text or cipher text ) inside the database? 

    The database will be encrypted when residing on disk or mdf file. Here is quote from BOL

    The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. TDE protects data "at rest", meaning the data and log files. It provides the ability to comply with many laws, regulations, and guidelines established in various industries. This enables software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.


    Cheers,

    Shashank

    Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it

    My TechNet Wiki Articles

    MVP

    Friday, September 8, 2017 12:31 PM
  • Hi Naresh mali,

    In short:

    With TDE enabled, the database file(on disk) will be encrypted as a whole, but the data(in table) will still be in plain text for anyone\anything who has access to the database. That’s why it’s called ‘Transparent Data Encryption’ as whoever has access to the database would not notice the encryption.

    For more information, please refer to this article.

    If you have any other questions, please let me know.

    Regards,
    Lin

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Naresh Mali Wednesday, September 13, 2017 4:42 AM
    Monday, September 11, 2017 5:27 AM

All replies

  • The data and log files (.mdf/.ndf/.ldf typically) is what is encrypted.  Between the database and the application, its plain text.  Is that what you are looking for?

    More info here


    22 years of database experience, most with SQL Server. Please 'Mark as answered' those posts that helped you.

    Friday, September 8, 2017 12:09 PM
  • In Transparent Data Encryption, how the data will be( plain text or cipher text ) inside the database? 

    The database will be encrypted when residing on disk or mdf file. Here is quote from BOL

    The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. TDE protects data "at rest", meaning the data and log files. It provides the ability to comply with many laws, regulations, and guidelines established in various industries. This enables software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.


    Cheers,

    Shashank

    Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it

    My TechNet Wiki Articles

    MVP

    Friday, September 8, 2017 12:31 PM
  • Hi Naresh mali,

    In short:

    With TDE enabled, the database file(on disk) will be encrypted as a whole, but the data(in table) will still be in plain text for anyone\anything who has access to the database. That’s why it’s called ‘Transparent Data Encryption’ as whoever has access to the database would not notice the encryption.

    For more information, please refer to this article.

    If you have any other questions, please let me know.

    Regards,
    Lin

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Naresh Mali Wednesday, September 13, 2017 4:42 AM
    Monday, September 11, 2017 5:27 AM