Implementing Transparent Data Encryption
Like many encryption scenarios, TDE is dependent on an encryption key. The TDE database encryption key is a symmetric key that secures the encrypted database. The DEK is protected using a certificate stored in the master database of the SQL Server instance where the encrypted database is installed.
Implementing TDE for a specific database is accomplished by following these steps:
• Create a master key.
• Create or obtain a certificate protected by the master key.
• Create a database encryption key and protect it by the certificate.
• Configure the database to use encryption.
Listing 12.1 demonstrates the commands needed to encrypt the AdventureWorks2008R2 database, including the creation of a master key, ...
Get Microsoft® SQL Server 2008 R2 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
