What is the purpose of the Encrypt by Password Option in TDE syntax?

All we need is an easy explanation of the problem, so here it is.

The information I have so far is that I can simply do the following to create a valid certificate to use for tde. What good or advantage is the Encrypt with Password = option if I can do it without that?

Conversely, why not just make the certificate with this simple syntax instead of using a password or doing it using the FROM BINARY syntax?

Create Certificate tdeCert WITH Subject = 'My tde certificate'

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

What good or advantage is the Encrypt with Password = option if I can do it without that?

If you omit this it’ll encrypt it with the database master key, so really, it’s up to you to decide how you would like the private key protected, though since this is for TDE the best course of action is to use the DMK as it will then be able to transparently decrypt it for use (via the transparent decryption hierarchy).

[…] or even the FROM BINARY syntax.

FROM BINARY is an easy way to transfer keys around without needing to move the physical certificate. This way, a certificate can be created on one machine and then an identical copy created on another machine all via TSQL and no need to remotely copy files.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply