stackoom
  简体   繁体   中英

SQL Server 2005 - Restoring an encrypted DB on a different server

 原文  2008-10-16 19:30:11       sql-server/ sql-server-2005/ encryption/ symmetric-key

Question

I have backed up an encrypted DB (symmetric key/certificate) and restored it on a different server.

Unfortuantely we're having problems with the decryption... hoping someone can help.

In the restored db, I can see the Symmetric Key and the Certificate in SSMS, but when I try to Open the key using the cert ( open symmetric key KeyA decryption by certificate CertB )I get the following very descriptive error:

Msg 15466, Level 16, State 1, Line 1 An error occurred during decryption.

Any ideas?

Thanks in advance.

4 answers

solution1
 3  2008-10-22 14:30:32

http://blogs.msdn.com/lcris/archive/2007/11/16/sql-server-2005-restoring-the-backup-of-a-database-that-uses-encryption.aspx answers this:

"When you restore a database that uses encryption features, there is only one thing you need to take care off - if the database master key (DbMK) needs a service master key (SMK) encryption, you need to regenerate this encryption. Note that this encryption is made by default when you create the DbMK, but it may be intentionally dropped, if you want tighter control of access to the encrypted data. Anyway, if you did have such SMK encryption for the DbMK, the steps to regenerate it are the following:

OPEN MASTER KEY DECRYPTION BY PASSWORD = 'password' ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY CLOSE MASTER KEY

That's it - the database encryption features should now work as when the backup was taken. Also note that it doesn't matter if you restore the database on the server where the backup was taken or elsewhere. The only thing that matters for this procedure is that you know one of the passwords protecting the DbMK "

solution2
 1  2019-02-21 15:07:54

The master key was decrypted by the service master key on the source server and we were decrypting the master key with password on the destination. I altered the master key to be decrypted by the service master key and it's working now.

solution3
 0  2012-04-09 16:56:27

http://social.msdn.microsoft.com/forums/en-US/sqlsecurity/thread/34c9c35c-2d08-4873-abfd-aae40240dfe7/?prof=required

That link worked for me, follow the 2 links to backup/restore

You can do the restore from the destination server using a UNC, you do not have to copy the file.

solution4
 0  2008-10-16 22:31:01

The problem you are probably experiencing is that the Database Master Key for the servers is different. To my understanding the other keys are based off of this and it could cause problems when trying to decrypt the data. Check out the encryption hierarchy for a description of the steps that go into data encryption.

I hope this answer helps and isn't too off-track. :)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Restoring a TDE Encrypted Database Backup to a Different Server - SQL Server 2008 Restoring a MSDE database to SQL Server 2005 Restoring a DB with FullTextSearch To a Different DB same server Restoring SQL Server 2014 database in SQL Server 2005 Restoring replicated DB onto a different server Trouble restoring sql server DB on docker container Restoring SQL Server DB, replacing the existing one Question on Performance Counters when Restoring SQL Server 2005 Database Linking ALL Users to Login after restoring a SQL Server 2005 database SQL Server 2005 DB Mirroring Error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM