The following new functions are useful when you are encrypting objects: is_objectsigned, asymkeyproperty, symkeyproperty, CRYPT_GEN_RANDOM, KEY_NAME, and sys.fn_check_object_signatures.

Transparent data encryption (TDE) introduces a new database option that encrypts the database files automatically, without needing to alter any applications. This prevents unauthorized users from accessing a database, even if they obtain the database files or database backup files. For more information about database encryption, see Understanding Transparent Data Encryption (TDE).

The extensible key management (EKM) feature allows third-party enterprise key management and hardware security module (HSM) vendors to register their devices in SQL Server. Once registered, SQL Server users can use the encryption keys stored on these modules, as well as leveraging the advanced encryption features that these modules support, such as bulk encryption/decryption and many key management functions such as key aging and key rotation. This feature also allows data protection from database administrators (except members of the sysadmin group). Data can be encrypted and decrypted using Transact-SQL cryptographic statements, and SQL Server uses the external EKM device as the key store. For more information on extensible key management, see Understanding Extensible Key Management (EKM).

The DES algorithm names are clarified and TRIPLE_DES_3KEY is now available. For more information, see CREATE SYMMETRIC KEY (Transact-SQL).

The RC4 algorithm is deprecated. This feature will be removed in a future version of Microsoft SQL Server. Do not use this feature in new development work, and modify applications that currently use this feature as soon as possible. Use another algorithm such as AES. For more information, see CREATE SYMMETRIC KEY (Transact-SQL).

Concepts

Other Resources

Help and Information