Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Using Encryption

In SMO, the service master key is represented by the ServiceMasterKey object. This is referenced by the ServiceMasterKey property of the Server object. It can be regenerated by using the Regenerate method.

The database master key is represented by the MasterKey object. The IsEncryptedByServer property indicates whether or not the database master key is encrypted by the service master key. The encrypted copy in the master database is automatically updated whenever the database master key is changed.

It is possible to drop service key encryption using the DropServiceKeyEncryption method and encrypt the database master key with a password. In that situation, you will have to explicitly open the database master key before accessing private keys that it has secured.

When a database is being attached to an instance of SQL Server, you must either supply the password for the database master key or execute the AddServiceKeyEncryption method to make an unencrypted copy of the database master key available for encryption with the service master key. This step is recommended to avoid the need to explicitly open the database master key.

The Regenerate method regenerates the database master key. When the database master key is regenerated, all the keys that have been encrypted with the database master key are decrypted, and then encrypts them with the new database master key. The DropServiceKeyEncryption method removes the encryption of the database master key by the service master key. AddServiceKeyEncryption causes a copy of the master key to be encrypted using the service master key and stored in both the current database and in the master database.

In SMO, certificates are represented by the Certificate object. The Certificate object has properties that specify the public key, the name of the subject, period of validity, and information about the issuer. Permission to access the certificate is controlled by using the Grant, Revoke and Deny methods.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft