Sql-Server
在另一台伺服器上恢復加密數據庫(使用備份加密)
我在同一台機器上有兩個 SQL Server 實例。我想在其中一個數據庫上創建一個加密備份,然後在第二個實例上恢復它。我正在執行以下步驟:
master在將用於加密我們的證書的數據庫中創建和備份數據庫主密鑰USE MASTER; GO CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'MasterKey_Password'; GO BACKUP MASTER KEY TO FILE = 'E:\GKKeys\MASTER_KEY.key' ENCRYPTION BY PASSWORD = 'MasterKey_BACKUP_Password'; GO
- 創建並備份將用於加密的證書:
USE MASTER; GO -- създаваме сертификат, който ще използвам за криптиране на backup-a CREATE CERTIFICATE BackupEncryptTestCert WITH SUBJECT = 'smGK_BackupCertificate' GO BACKUP CERTIFICATE BackupEncryptTestCert TO FILE = 'E:\GKKeys\SMGK_BACKUP_CERTIFICATE.cer' WITH PRIVATE KEY ( FILE = 'E:\GKKeys\SMGK_BACKUP_CERTIFICATE_PRIVATE_KEY.key' ,ENCRYPTION BY PASSWORD = 'smGK_BackupCertificate_BACKUP_Password' );
- 創建備份:
BACKUP DATABASE smGK TO DISK = 'E:\GKKeys\smGKFULLEncrtypted.back' WITH COMPRESSION, STATS = 10, ENCRYPTION (ALGORITHM = AES_256,SERVER CERTIFICATE = BackupEncryptTestCert)
- 現在在第二個實例上,我想恢復
master key但不允許:USE MASTER; GO RESTORE MASTER KEY FROM FILE = 'E:\GKKeys\MASTER_KEY.key' DECRYPTION BY PASSWORD = 'MasterKey_BACKUP_Password' ENCRYPTION BY PASSWORD = 'smGK_MasterKeyPassword';Msg 15317, Level 16, State 2, Line 4 主密鑰文件不存在或格式無效。
誰能告訴這是什麼原因造成的?
微軟 SQL Server 2014 - 12.0.4100.1 (X64) 2015 年 4 月 20 日 17:29:27 版權所有 (c) 微軟公司 企業版:基於核心的許可(64 位) Windows NT 6.3(內部版本 9600:)(管理程序)
在您的第二個實例上創建一個全新的主密鑰。即不要從您從第一個實例中獲取的備份創建它。然後從備份中恢復證書,然後嘗試。我想您不需要主密鑰,並且只需要證書即可進行恢復。請按照以下步驟操作:
**第一步:**創建萬能鑰匙
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'MasterKey_Password';**Step2:**驗證 cert 和 pvt key 的權限
確保第二個實例的 SQL Server 服務帳戶對您創建的證書和 pvt 密鑰具有完全權限。
**Step3:**從備份創建證書
CREATE CERTIFICATE BackupEncryptTestCert FROM FILE = 'E:\GKKeys\SMGK_BACKUP_CERTIFICATE.cer' WITH PRIVATE KEY ( FILE = 'E:\GKKeys\SMGK_BACKUP_CERTIFICATE_PRIVATE_KEY.key' , DECRYPTION BY PASSWORD = 'smGK_BackupCertificate_BACKUP_Password' )**第四步:**恢復數據庫