Understanding the TDE Key Hierarchy
TDE works by establishing a hierarchy of keys. It is critical to understand what these keys are and how they are used to encrypt each other. Figure 17.9 illustrates the key hierarchy used by TDE.
Figure 17.9. Understanding the TDE key hierarchy.
At the root, the Windows Data Protection API (DPAPI) is used to create and protect the service master key (SMK). The SMK is unique to each server and does not need to be backed up or recovered on any other systems. The SMK is then used to create and protect the database master key (DMK). The DMK is then subsequently used to create and protect the TDE Certificate, which ...
Get Microsoft SharePoint 2010 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
