I've been following the How-to topics from the books online

Creating a Database Master Key protected by a password ( not SMK)
Creating a Certificate protected by the Database Master key ( not specifying password)
Creating a symmetric key protected by the Certificate

Using the symmetric key to encrypt the data

At last I use the following query to read the result

OPEN SYMMETRIC KEY SSN_Key_01

DECRYPTION BY CERTIFICATE HumanResources001

SELECT EncryptedNationalIDNumber AS ‘Encrypted ID Number�

CONVERT (nvarchar, DecryptByKey(EncryptedNationalIDNumber))

AS ‘Decrypted ID Number�/span>

FROM HumanResources.Employee

Of coz, I got the correct result.

What I keep thinking is, During the query, I use the Certificate which is protected by the Database Master key

Why shouldn't I use OPEN MASTER KEY DECRYPTION BY PASSWORD = 'password' before using the certificate to decrypt the symmetric key?

And at the end, when should I use the OPEN MASTER KEY ?

"新手é™Â³Ã¥…ˆÃ§”Ÿ" wrote in message news:eea71c3b-2e28-46d 3-9682-9c05f215d2ee...

um sorry maybe my post isn't clear enough

the symmetric key is protected by the certificate
and the certificate is protected by the DMK

When I OPEN SYMMETRIC KEY, decryption by certificate

Should I use OPEN MASTER KEY too?

is the DMK automatically opened? (I only encrypt it by password, but not dropping the SMK encrypt)

Exactly!

Cheers,
Bob

"新手é™Â³Ã¥…ˆÃ§”Ÿ" wrote in message news:467d37cb-ca36-487 8-bab2-19db159e8bf2...

I've been following the How-to topics from the books online

Creating a Database Master Key protected by a password ( not SMK)
Creating a Certificate protected by the Database Master key ( not specifying password)
Creating a symmetric key protected by the Certificate

Using the symmetric key to encrypt the data

At last I use the following query to read the result

OPEN SYMMETRIC KEY SSN_Key_01

DECRYPTION BY CERTIFICATE HumanResources001

SELECT EncryptedNationalIDNumber AS ‘Encrypted ID Number’,

CONVERT (nvarchar, DecryptByKey(EncryptedNationalIDNumber))

AS ‘Decrypted ID Number’

FROM HumanResources.Employee

Of coz, I got the correct result.

What I keep thinking is, During the query, I use the Certificate which is protected by the Database Master key

Why shouldn't I use OPEN MASTER KEY DECRYPTION BY PASSWORD = 'password' before using the certificate to decrypt the symmetric key?

And at the end, when should I use the OPEN MASTER KEY ?

um sorry maybe my post isn't clear enough

the symmetric key is protected by the certificate
and the certificate is protected by the DMK

When I OPEN SYMMETRIC KEY, decryption by certificate

Should I use OPEN MASTER KEY too?

is the DMK automatically opened? (I only encrypt it by password, but not dropping the SMK encrypt)

"新手é™Â³Ã¥…ˆÃ§”Ÿ" wrote in message news:eea71c3b-2e28-46d 3-9682-9c05f215d2ee...

um sorry maybe my post isn't clear enough

the symmetric key is protected by the certificate
and the certificate is protected by the DMK

When I OPEN SYMMETRIC KEY, decryption by certificate

Should I use OPEN MASTER KEY too?

is the DMK automatically opened? (I only encrypt it by password, but not dropping the SMK encrypt)

Thank you

so at the end, when I use the certificate, it is automatically decrypted by the DMK which is also automatically decrypted by SMK

Exactly!

Cheers,
Bob