0

I looked around and can't find a solid answer on any of the technet articles, so I was wondering if anyone knows what information a user could access if they got a hold of the database master key password?

I am using certificate signed symmetric key encryption in SQL Server for a few columns of sensitive data. I basically need to know if another user got a hold of the database master key if they could access my user's certificate to decrypt the columns.

Dan
  • 1,101
  • 1
  • 9
  • 30
  • Yes. No. Maybe. Please clarify your question. What users do you refer to? What kind of encryption are you using TDE or column level encryption? –  Jan 31 '14 at 19:55
  • Other users that have access to sql server. Its column level encryption. – Dan Feb 03 '14 at 19:03
  • Other users who have access to SQL Server are able to decrypt data using the certificate that that you created without the need of master key. If they get Master Key they can restore database on their machine and decrypt all data. Encryption is meant more to protect data at rest. How are you securing the certificates? Read this question for more info http://stackoverflow.com/questions/2327931/how-to-control-what-users-can-decrypt-sql-server-symmetric-key-encryption –  Feb 03 '14 at 19:17
  • So anyone that has access to SQL server can call OPEN SYMMETRIC KEY with the key my user created? I used this article as reference so it seems weird that other users would have access to the key or certificate your user created and they would still recommend this approach: http://technet.microsoft.com/en-us/library/ms179331.aspx – Dan Feb 03 '14 at 19:56
  • Here is explanation: http://stackoverflow.com/questions/7858313/sql-server-permissions-to-use-symetric-keys-certificates –  Feb 03 '14 at 20:00

0 Answers0