May 1, 2019 at 7:04 pm
The only way I know of for making an encrypted backup of a database is to 1) create a master key on both the server where the encrypted backup will be made and on the server where it will be restored, 2) create a certificate on the originating server, 3) backup the certificate, 4) make the encrypted backup using the certificate.
To restore, 1) restore certificate backup made in 3, above, onto destination server, 2) restore the encrypted backup.
But if I need the same certificate to both backup and restore, that's like using symmetric keys, isn't it? How do I use asymmetric keys; in other words, how can I restore the encrypted backup without sending the thing I used to encrypt it (the certificate)?
Thanks
May 1, 2019 at 8:18 pm
The certificate is for being able to know about the asymmetric key, it's not really like symmetric keys. Does reading through this help clear things up? The last paragraph explains the use of the certificate:
Description of Symmetric and Asymmetric Encryption
Sue
May 1, 2019 at 11:19 pm
Thanks, Sue. I'm afraid I'm just as confused. From the explanation of asymmetrical keys, I was expecting the destination server to send me a public key so that I could encrypt my backup, send it to them, and then they'd use their private key to restore the encrypted backup. But that doesn't seem to be how it's done.
Instead, I encrypt the backup with a certificate that I create then back up. They then restore the certificate backup onto their server and use it to restore the encrypted backup of the database. So, I'm creating the "thing" that encrypts, I send them them that "thing," and they use that same "thing" to restore the encrypted backup. That sounds more like the description of the behavior of symmetrical keys. Also, the certificate seems to have a private key in it (a .pvt file). If it does, then I'm sending them the private key! isn't that what asymmetrical is supposed to prevent?
Thanks again for your help!
Peter 🙂
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply