Encrypting mdf files

**Erland Sommarskog** · Feb 16 '07, 10:55 PM

Re: Encrypting mdf files

rsm (prakandapandit @yahoo.com) writes:

We want to encrypt MS Sql Server data files - .mdf and .ldf with
logged in user certificate and make sure that MS Sql Server service
(running as Local System Account) can decrypt it.
>
Is it possible to encrypt data files with a certificate that resides
in logged in user's
cert store and also MS SQL Server Service 'service account's cert
store?

No.

If you are using SQL 2005, there are encryption routines builtin,
so that you encrypt some columns. Keep in mind that encrypting key
columns will have a very serious impact on performance.

--
Erland Sommarskog, SQL Server MVP, esquel@sommarsk og.se

Books Online for SQL Server 2005 at

http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx

Books Online for SQL Server 2000 at

http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx

**David Portas** · Feb 19 '07, 10:45 PM

Re: Encrypting mdf files

On 16 Feb, 04:16, "rsm" <prakandapan... @yahoo.comwrote :

Hi,
>
We want to encrypt MS Sql Server data files - .mdf and .ldf with
logged in user certificate and make sure that MS Sql Server service
(running as Local System Account) can decrypt it.
>
Is it possible to encrypt data files with a certificate that resides
in logged in user's
cert store and also MS SQL Server Service 'service account's cert
store?
>

No. Assuming you are using SQL Server 2005 you should read the
encryption topics in Books Online.

It is in principle possible to encrypt every bit of user data in a
database, but I can't think of any good reasons for wanting to do that
- and there are many good reasons why NOT to do it. Could you explain
a bit more about your requirements.

--
David Portas, SQL Server MVP

Whenever possible please post enough code to reproduce your problem.
Including CREATE TABLE and INSERT statements usually helps.
State what version of SQL Server you are using and specify the content
of any error messages.

SQL Server Books Online:

Books Online

http://msdn2.microsoft.com/library/ms130214(en-US,SQL.90).aspx

--

**rsm** · Feb 22 '07, 07:45 PM

Re: Encrypting mdf files

We are using SQL Server 2000.

We are trying to provide an encryption solution for SQL Server
database. ldf and mdf files are some thing we want to encrypt.

Problem is that if we encrypt using user cert, we need to run SQL
Server service as that user which works fine until user changes his
password. In this case, we have to some how automatically change SQL
Server service 'run as' user password. I was wondering if there is a
way to install user cert as service cert so SQL Server can decrypt the
ldf files on its own.

**Greg D. Moore \(Strider\)** · Feb 22 '07, 10:35 PM

Re: Encrypting mdf files

"rsm" <prakandapandit @yahoo.comwrote in message
news:1172172849 .993451.142190@ t69g2000cwt.goo glegroups.com.. .

We are using SQL Server 2000.
>
We are trying to provide an encryption solution for SQL Server
database. ldf and mdf files are some thing we want to encrypt.
>
Problem is that if we encrypt using user cert, we need to run SQL
Server service as that user which works fine until user changes his
password. In this case, we have to some how automatically change SQL
Server service 'run as' user password. I was wondering if there is a
way to install user cert as service cert so SQL Server can decrypt the
ldf files on its own.
>

There is no built-in encryption in SQL 2000, so I'm 99% sure the answer is
no.

Simple answer; the user SQL Server runs under shouldn't be changing its
password often and when it does, should go through a normal change
procedure.

--
Greg Moore
SQL Server DBA Consulting
sql (at) greenms.com http://www.greenms.com

Encrypting mdf files

Encrypting mdf files

Comment

Comment

Comment

Comment