Download eBook (PDF) - Red Gate Software

6 – Transparent Data EncryptionReversing the Implementation of TDEIt was once said that the only things certain in life are death and taxes. It couldbe argued that change is another certainty. You may find yourself in a situationwhere TDE has been implemented, you have validated that it works, are readyfor users to begin using the newly-encrypted database and then, lo-and-behold,a request to reverse TDE comes your way.Boss: "I would like you to proceed with implementing TDEimmediately …"DBA: "Cool, I'll get right on it."(DBA Implements TDE)Boss: "Hey, as I was saying yesterday: I would like you to proceedwith implementing TDE next week after our presentation to theTechnology Committee."DBA: "No problem … ah …"(Begin reversal process)If, at the time this request comes your way, no transactions have beenperformed on the encrypted database then you can reverse the TDEimplementation using the following steps:1. Restore the backup file of the HomeLending database that wascreated before TDE was implemented.2. Drop the certificate that was created in the Master database. Thisshould only be done if there are no other user databases in the instancethat have been TDE-enabled. If there are other user databases in theinstance that have TDE enabled, you will want to leave the Masterdatabase items untouched.3. Drop the database master key that was created in the Masterdatabase. This should only be done if there are no other user databasesin the instance that have TDE enabled. Otherwise, you will want toleave the Master database items untouched.4. Restart the instance in which the HomeLending database resides. Ifthere are not any other user databases on the instance that have TDEimplemented, this action will force the recreation of the TempDBdatabase in an unencrypted format.Listing 6-12 shows the code to implement these steps.144