I have a question about the storage of symmetric keys in SQL Server 2005 due to the fact that I have read two conflicting statements on this.
In Laurentiu's blog located at http://blogs.msdn.com/lcris/archive/2005/10/14/481434.aspx, in regards to preventing symmetric key loss he makes the statement that "...Because the keys are stored in the database, they will be saved with the database....".
But in the white paper Improving Data Security by Using SQL Server 2005, which is located at http://www.microsoft.com/technet/itshowcase/content/sqldatsec.mspx, in regards to symmetric keys the statement is made "...Note: The symmetric key is not stored in the database. Only the encrypted values of the symmetric key are stored in the database. Therefore, users who can access the database cannot decrypt the data without first decrypting the symmetric key....".
So I am just wondering which statement is correct, are symmetric keys stored in the database or not
Thanks!
Ginny
SQL 2005 Encryption - Symmetric Keys
IS dude
Both are true, but the white paper statement is not clear.
The white paper statement attempts to explain that the symmetric key is not stored in clear form in the database and it is always stored encrypted, hence a decryption operation always has to happen before it can be used. The way it says this is indeed confusing. You could send a note about this by rating the article and filling in the comments section.
Thanks
Laurentiu