As part of disaster recovery testing I am trying to ensure that I am able to recreate my DB and still be able to decrypt previously encrypted strings.
So here is what I am doing as a test...
- Creating a database certificate.
- Backing up the certificate and private key to disk.
- Creating a symmetric key, encrypted by certificate.
- Using EncryptByKey to encrypt "Hello World" into a hex string. Keep a hold of this encrypted string for use below.
- Using DecryptByKey to decrypt the hex string into "Hellow World".
This all works great, but then I'm trying this...
- DROP the key and the cert.
- Recreate the cert again from the backed up cert.
- Create a new symmetric key exactly as before.
- Try and decrypt a previously encrypted string and it doesn't work.
The only way I can get it to work is by specifying a KEY_SOURCE and IDENTITY_VALUE when creating the symmetric key but MSDN says that IDENTITY_VALUE is for creating "temporary keys" so not sure about using this.
Any ideas on this?