Download eBook (PDF) - Red Gate Software

4 – Encryption Basics for SQL ServerCryptographic KeysThe main character on the cryptographic stage is the key. A key contains thealgorithm, the sequences of instructions which is used in the variouscryptographic functions that SQL Server provides to encrypt and decrypt data.An encryption function uses the key to describe how the plain text will beconverted into cipher text. Likewise, without the key, the decryption processcannot occur.Many types of keys are available to work with the cryptography features andfunctions of SQL Server, arranged into a distinct hierarchy.Cryptographic Key HierarchyThe keys that are used with the cryptography features of SQL Server arestructured in a layered, or hierarchical, composition. Each layer of keysencrypts the underlying layer of keys and ultimately the data itself, as shown inFigure 4-1.Figure 4-1: Encryption Key Hierarchy.This hierarchy provides a highly secure infrastructure for sensitive data. At thetop of the hierarchy is the service master key, which operates at the SQL ServerInstance level and is used to protect the database master keys, in each database.This renders the database useless outside of its instance. In addition, withoutthe use of the service master key to protect the database master key, thedatabase master key must be explicitly opened prior to its use.The database master key is used to encrypt the private keys for asymmetrickeys and certificates within a database. By applying this level of protection85