one column in sql server 2008 database is encrypted with symmetric key, master key password not found, how to decrypt this column? I create a new database with different name in the same server and transfre that table by generating script. When I tried o run query, it said symmetric key and certificate not found. Error 3102 and 3013
Sql-server – how to decrypt one encrypted column with lost password
sql server
Related Question
- SQL Server – Creating Encrypted Backups with Password Certificate
- Sql-server – How to stop decrypting data after opening master key in SQL Server
- Sql-server – How to migrate a database that has a database master key and certificate for encryption
- Sql-server – How to grant or allow a particular SQL Server Login/User to always view a Column Level Encrypted data
- Sql-server – How to decrypt data on a replicated MSSQL database
- Sql-server – How to restore TDE encrypted DB on AWS (with certificate not stored in master)
- Sql-server – Backup and restore SQL Server database with encrypted columns: what should I backup along with database
Best Answer
In order to decrypt the column that is encrypted by symmetric key you would have to create the exact same symmetric key on the new database.
Since symmetric keys cannot be backed up, in order to use them on another database you would have to provide them 2 attributes that have to be specified when creating a new symmetric key on a different database to decrypt a column.
Those two attributes are KEY_SOURCE and IDENTITY_VALUE
After you have specified these attributes you need to encrypt that key, with one of the following: password, certificate, another symmetric key, asymmetric key, or some third party provider. In your case is certificate, therefore you need to create a certificate from certificate(original DB) that you supposedly backed up already. Such as:
This DECRYPTION BY PASSWORD is password that you specified when you were making a certificate backup.
And last step is creating an actual symmetric key, with the same KEY_SOURCE and IDENTITY_VALUE as the one on original DB, with certificate(that you just created) specified encryption.
So in summary,