Getting: The Key Is Not Encrypted Using The Specified Decryptor After DB Restore.
Jul 11, 2007
We are using SQL Server 2005
A client of ours did a back up and restore of a database which we have created a db master key as well as asymmetric, symmetric keys and certificates.
After the restore we issue:
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'ourpwd'
go
ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY
go
We get the following error:
Msg 15313, Level 16, State 1, Line 1
The key is not encrypted using the specified decryptor.
Msg 15581, Level 16, State 3, Line 2
Please create a master key in the database or open the master key in the session before performing this operation.
I had the client issue the Open Master Key statement in the prod DB and got the same MSG 15313 error. But, the encryption functions still work on their DB.
I am not able to reproduce the errors in house on our own DB's.
What does the error:
Msg 15313, Level 16, State 1, Line 1
The key is not encrypted using the specified decryptor.
Indicate?
Have they been using the wrong password to try to open the key?
I have been searching all morning and can not find any good documentation regarding the error.
I have a DB in which I encrypt a few columns in a table. I am using a Symmetric key to encrypt and decrypt the data. When I take a back up of this DB and restore on another server ... my decryption doesn't work. I have dropped the master key and recreated it with same password and that didn't help either.
What are the rules to follow when we restore a db on a different server that has encrypted data ?? Thanks.
when I read my mail this morning, a friend of mine had sent me a decryptor he found on the net, for encrypted SQL Server stored procedures and other things that can be stored and encrypted in its syscomments system table. I've only tested it with SQL Server 7 so far (and it worked for a copy of sp_helptext I added with encryption), but it claims to handle SQL Server 2000 as well. It's called dSQLSRVD, if you want to go looking for it.
I have an issue to restore an encrypted backup via GUI.I can restore an encrypted backup on another instance using t-sql command, but cannot do the same using the GUI of sql server 2014. The message error is: No backupset selected to be restored.I have restored the master key from the instance where the encrypted backup was created on the instance where I want to restore the encrypted backup, then restored the certificate. I managed to open the master key. I have the following versions:
On the instance where the encrypted backup is taken: Microsoft SQL Server 2014 - 12.0.2000.8 (X64) Feb 20 2014 20:04:26 Copyright (c) Microsoft Corporation Standard Edition (64-bit) on Windows NT 6.2 <X64> (Build 9200: )
On the instance where I'm trying to restore the bakcup via GUI: Microsoft SQL Server 2014 - 12.0.2000.8 (X64) Feb 20 2014 20:04:26 Copyright (c) Microsoft Corporation Standard Edition (64-bit) on Windows NT 6.3 <X64> (Build 9600: )
I need to start encrypting several fields in a database and have been doing some testing with a test database first. I've run into problems when attempting to restore the database on either the same server (but different database) or to a separate server.
First, here's how i created the symmetric key and encrypted data in the original database:
create master key encryption by password = 'testAppleA3';
create certificate test with subject = 'test certificate', EXPIRY_DATE = '1/1/2010';
create symmetric key sk_Test with algorithm = triple_des encryption by certificate test;
open symmetric key sk_Test decryption by certificate test;
insert into employees values (101,'Jane Doe',encryptbykey(key_guid('sk_Test'),'$200000')); insert into employees values(102,'Bob Jones',encryptbykey(key_guid('sk_Test'),'$500000'));
select * from employees --delete from employees select id,name,cast(decryptbykey(salary) as varchar(10)) as salary from employees
close all symmetric keys
Next I backup up this test database and restore it to a new database on a different server (same issue if restore to different database but on same server).
Then if i attempt to open the key in the new database and decrypt:
open symmetric key sk_Test decryption by certificate test;
I get the error: An error occurred during decryption.
Ok, well not unexpected, so reading the forums, i try doing the below first in the new database:
ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY
Then I try opening the key again and get the error again:
An error occurred during decryption.
So then it occurs to me, maybe i need to drop and recreate it so i do
drop symmetric key sk_test
then
create symmetric key sk_Test with algorithm = triple_des encryption by certificate test;
and then try to open it.
Same error!
So then i decide, let's drop everything, the master key, the certificate and then symmetric key:
drop symmetric key sk_test drop certificate test drop master key
Then recreate the master key:
create master key encryption by password = 'testAppleA3';
Restore the certificate from a backup i had made to a file:
CREATE CERTIFICATE test FROM FILE = 'c:storedcertsencryptiontestcert'
Recreate the symmetric key again:
create symmetric key sk_Test with algorithm = triple_des encryption by certificate test;
And now open the key only to get the error:
Cannot decrypt or encrypt using the specified certificate, either because it has no private key or because the password provided for the private key is incorrect.
So what am I doing wrong here? In this scenario I would appear to have lost all access to decrypt the data in the database despite restoring from a backup which restored the symmetric key and certificate and i obviously know the password for the master key.
I also tried running the command
ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY
when we built the login control by built in login control of vs2005 the passwords are saved in the database which is automatically created.how can i get the unencrypted form of these passwords from database.
Hi there, I was wondering if anyone knew of a way to encrypt a table? I now you can encrypt Stored Procedures, triggers and view, but can you encrypt a table??
I may have a requirement to send data from a SQL Server at site A to an Oracle server at site B. These sites have no network connection between them, and the current suggestion is to use ftp, but the transfer (or username and password) will not be encrypted.
If I create a DTS package transferring data from site A, will that transfer be encrypted?
If not, is there an option with SQL Server DTS to ensure that the data is sent in an encrypted form?
I wonder if it is possible to retrieve encrypted password somehow? Like I have saved password (blueRays) in encrypted formate. How can I retrieve it "where password='blueRays' "?
In a Multi Server Job under SQL Server Agent (MSX), we have a series ofsteps like:DTSRun /~Z0x8E8635E6BBA...The ~Z means it's an encrypted hexidecimal string. The person who createdthis step is no longer accessible, and the string can't be triviallydecrypted, so I don't know what this runs.Someone once mentioned that I could go to Query Analyzer, run it, andwatch the execution plan. However, if I start the job, the executionplan simply walks through the steps required to find the job, and doesn'tgo into the details of the job. I don't know how to run the DTSRuncommand directly within Query Analyzer.Is there a way I can use the execution plan to determine what package thisDTSRun line is executing? Please give me the appropriate command orcommands.-Adam
Can anyone tell me how to find out if a .sdf file is encrypted? Im using C# and would like to know if the db that I am trying to open is encrypted. I would then like to attempt to open the db.
I have mirroring set up in a test environment and it works great however I need to know/understand how the endpoints are encrypted. I have them set to use the AES algorithm; however I can not tell from BOL what keys they are using. I know the service master key is the root encryption key and endpoints sit at the server level (same level as service masterkey) but I am not sure if the endpoints use it to perform the encryption or not; do they and if not what do they use?
I have a simple .NET page that asks the user to create a new account. One of the fields on that page is 'Password'. I store the password in a SQL 2000 Database. However, it appears in the database as clear-text.
Is there a way to encrypt this so it doesn't appear as clear-text in the DB?
I have some encrypted stored procedure. I want to use the output of the encrypted stored procedure insert the output into temp table. is it possible to do. If so please let me know how can I proceed. Thanks in advance
I have a USERS table on an SQL Server 2000 with two fields, USER_NAME AND PASSWORD, and I want to encrypt the passwords when I stored them on the table. I used {Encrypt N ‘MyPassWord’} to encrypt the password and it looks that the passwords have been encrypted.
Went, however, I execute a SELECT statement for a specific password all passwords are returned.
This is a small sable code: ------------------------------------------------------------------------------------------------ CREATE TABLE dbo.Users ( User_Name nvarchar (10) NOT NULL , PassWord nvarchar (50) NOT NULL )
GO
INSERT INTO USERS (User_Name, PassWord) VALUES ('MyName', {Encrypt N 'MyPassWord'})
GO
INSERT INTO USERS (User_Name, PassWord) VALUES ('YourName', {Encrypt N 'YourPassWord'})
GO
SELECT * FROM USERS WHERE PassWord = {Encrypt N 'MyPassWord'}
(2 row(s) affected) ------------------------------------------------------------------------------------------------- Unfortunately both (All) rows are return
Is it any way to encrypt password and be able to select them? Is it any other way to encrypt data into the database?
I ran into something interesting today and was wondering how one would do this. I have some 3rd party stored procs and one was kicking out a truncate error so I took it upon myself to investigate the stored proc that was kicking out this error. So when I tried viewing the sp, I received an error:*****Encrypted object is not transferable, and script could not be generated.***** and then it brings up a blank editing screen.
First I believe this was a custom error message as it just doesnt seem like the way SQL Server would have presented it.
So how would someone prohibit viewing of a stored proc like this?
I Forgot for my longtime used home expense update application password which has backend sql expressedition database.
i was used the application before 3 years, unfortunately i stopped updating my home expendature to the software.and now i require to login the application but i dont how reset the password in db, i have open database include tables of users profile. and password, but its encrypted.
I read a previous post that Raul responded to on the format of the data prefixing Symmetric key encrypted columns, is it possible to reproduce these from a client? Given I know the key name, i can pull back the first 16 for the GUID, for now 01000000 will work for the version, the IV can be created or read, but the last 8 bytes were marked as 'header', can I get an explanation on what this is or if it is required?
The purpose is in being able to do SQL Server compatible encryption on the client side, given a shared certificate for the public password. I certainly can do this with a CLR function and use my own encryption, but comparably it is dog slow, the built in SQL functions will encrypt/decrypt 100k rows in about 20 seconds or less on my test box, where as the CLR function takes 5.5 minutes. This performance difference is too huge to ignore.
I would like to be able to generate a SQL Server compatible prefix for a Symmetric keyed column or find a way to improve the CLR function performance of an AES_256 (rijndael) up to something at least remotely close to the built in functions.
I built an vb.net app that set some parameters and runs a store proc. Besides, the vb.net app creates an user with admin rights, his credentials: username and password are stored in DB.
I thouth to encrypt password with hash + salt method.
The problem....
Hashing password means that they are not decrypted ...only compared ..and here the problem....I would like to reuse this password to be used in the addlinked server store proc and other sql statement.
How can I Manage encrypted password to be used later...
I am trying to lookup a dialog from conversation_endpoints, however if a dialog was created with the encryption setting to ON and thereis no master Key in the database then the record put in the conversation_endpoints is the same as one without encryption.
How can I distinguish between the one requested with no ecryption and requested with encryption but setup with none due to the lack of a key?
I have a question regarding the configuration of SSL for SQL Server connections. I am very familiar with configuring IIS to use SSL certs and the host headers that are different from the physical machine name however I do not see these same provisions in SQL server.
I.E.
I have a server on a domain named MYDB and the domain is mydomain.dom and I have an external domain name on the internet as a whole that has a domain name of externaldomain.com can I get a SSL cert that has the common name as db.externaldomain.com or do I have to set the common name to mydb.mydomain.dom. I just did not see a place where I can tell SQL server to use that cert like you would in IIS. I am also assuming that if I get this cert from a major vendor like thawte, verisign etc I won't have to setup any kind of trust on the client side since these are already trusted correct? I want to SSL secure an odbc connection that will be going over the general internet so I would prefer not to use a self-signed cert.
I would like to copy a function from one sql 2005 database to another, but the function is encrypted so cannot use the script to window commands etc... Is there a way of copying encrypted objects from one sql 2005 db to another? I don't really care to know the contents of the function.
I have a table which includes an encrypted field. In the following statement...
select cast(decryptBykey(Column2)as varchar(max)) as column2new, column1 from testtable where cast(decryptBykey(Column2) as varchar(max))=@p1
I retrieve the (now decrypted) secure column as well as another column and then filter the results by a parameter on the (now decrypted) secure field.
Furthermore, if I wanted to sort on the encrypted field, I would once again have to call the cast(decryptbykey... function. It seems to me that this kind of statement would perform poorly since I have to call the same function numerous times. Is there a way to call this function once and then reference the resultant field value throughout the rest of the statement?
I assume that this situation is the same if I call any SQL function to alter a field value..not just the decryptbykey function
I have a package that I have set the protection level to EncryptSensitiveWithPassword. How do I setup SQL Agent to run this package. I have checked books online and google and can't find a decent article that walks you through the steps of setting it up...specifically how to use the /DECRYPT switch with sql agent.
I created Encryption by passphrase . The data type of the encrypted field is varbinary(MAX). Now I want to make one Index on this filed. Name of the encrypted colum is ''Encrypted Account Number' " and the name of the table is "S3schema-Test". The value of ''Encrypted Account Number" is unique. I wrote the following T-sql code :-
CREATE CLUSTERED INDEX [IDX_Encrypted Account Number1]
on [S3schema-Test] ([Encrypted Account Number])
But I am getting following errors:- Column 'Encrypted Account Number' in table 'S3schema-Test' is of a type that is invalid for use as a key column in an index.
Hi all,As all of you are aware you can Encrypt your Triggers/Stored Procedures/Views And Functionsin Sql Server with "WITH ENCRYPTION" clause.recently i came across a Stored procedure on the Net that could reverse and decrypt all Encrypted objects.i personally tested it and it really works.That's fine (of course for some body)Now i want to know is it a Known Bug for Sql Server 2000 and is there a permanent solution for Encrypting mentioned objects.Thanks in advance.Best Regards.
Hi all, I am trying to join 2 tables in my database on an encrypted column. I am using a symmetric encryption, but because of the IV, a string encrypted at 2 different times produces 2 different encrypted strings. Therefore, I can not merely join the 2 tables on the encrypted columns. Has anyone any insight on techniques for solving this problem? The most naïve way, would be to decrypt both tables, join them, and re-encrypt them again. But, the tables are quite large, and this would be very processor (and time) intensive. Any help would be greatly appreciated. Thanks in advance for any suggestions.