Sql-Server

在另一台伺服器上恢復加密數據庫(使用備份加密)

  • April 5, 2019

我在同一台機器上有兩個 SQL Server 實例。我想在其中一個數據庫上創建一個加密備份,然後在第二個實例上恢復它。我正在執行以下步驟:

  1. master在將用於加密我們的證書的數據庫中創建和備份數據庫主密鑰
USE MASTER;
GO

CREATE MASTER KEY
ENCRYPTION BY PASSWORD = 'MasterKey_Password';
GO

BACKUP MASTER KEY
TO FILE = 'E:\GKKeys\MASTER_KEY.key'
ENCRYPTION BY PASSWORD = 'MasterKey_BACKUP_Password';
GO
  1. 創建並備份將用於加密的證書:
USE MASTER;
GO

-- създаваме сертификат, който ще използвам за криптиране на backup-a
CREATE CERTIFICATE BackupEncryptTestCert
WITH SUBJECT = 'smGK_BackupCertificate'
GO

BACKUP CERTIFICATE BackupEncryptTestCert
TO FILE = 'E:\GKKeys\SMGK_BACKUP_CERTIFICATE.cer'
WITH PRIVATE KEY
(
   FILE = 'E:\GKKeys\SMGK_BACKUP_CERTIFICATE_PRIVATE_KEY.key'
  ,ENCRYPTION BY PASSWORD = 'smGK_BackupCertificate_BACKUP_Password'
);
  1. 創建備份:
BACKUP DATABASE smGK
TO DISK = 'E:\GKKeys\smGKFULLEncrtypted.back'
WITH COMPRESSION, STATS = 10, ENCRYPTION (ALGORITHM = AES_256,SERVER CERTIFICATE = BackupEncryptTestCert)
  1. 現在在第二個實例上,我想恢復master key但不允許:
USE MASTER;
GO

RESTORE MASTER KEY
FROM FILE = 'E:\GKKeys\MASTER_KEY.key'
DECRYPTION BY PASSWORD = 'MasterKey_BACKUP_Password'
ENCRYPTION BY PASSWORD = 'smGK_MasterKeyPassword';

Msg 15317, Level 16, State 2, Line 4 主密鑰文件不存在或格式無效。

誰能告訴這是什麼原因造成的?

微軟 SQL Server 2014 - 12.0.4100.1 (X64)
2015 年 4 月 20 日 17:29:27
版權所有 (c) 微軟公司
企業版:基於核心的許可(64 位)
Windows NT 6.3(內部版本 9600:)(管理程序)

在您的第二個實例上創建一個全新的主密鑰。即不要從您從第一個實例中獲取的備份創建它。然後從備份中恢復證書,然後嘗試。我想您不需要主密鑰,並且只需要證書即可進行恢復。請按照以下步驟操作:

**第一步:**創建萬能鑰匙

CREATE MASTER KEY
ENCRYPTION BY PASSWORD = 'MasterKey_Password';

**Step2:**驗證 cert 和 pvt key 的權限

確保第二個實例的 SQL Server 服務帳戶對您創建的證書和 pvt 密鑰具有完全權限。

**Step3:**從備份創建證書

CREATE CERTIFICATE BackupEncryptTestCert
   FROM FILE = 'E:\GKKeys\SMGK_BACKUP_CERTIFICATE.cer'
    WITH PRIVATE KEY 
     ( 
       FILE = 'E:\GKKeys\SMGK_BACKUP_CERTIFICATE_PRIVATE_KEY.key' ,
       DECRYPTION BY PASSWORD = 'smGK_BackupCertificate_BACKUP_Password'
     ) 

**第四步:**恢復數據庫

引用自:https://dba.stackexchange.com/questions/149776