The key is currently open, because it's a default behaviour, and no differences are detected. The old and new master keys are identical. SSMS outputs the following message (not an error, mind you): If I try to restore the DMK from its first backup: restore master key from file = 'D:\Tests\Key1.dmk'ĭecryption by password = 'asdfdgkjh98hvio'Įncryption by password = 'nmbneknfownoih' This means that the certificate private key will be encrypted using the DMK, so now we have some encrypted data. With subject = 'DMK Restore Test certificate' In addition, in order to make things a bit more realistic, I created a certificate without specifying the encryption password: create certificate authorization I have created the test environment and two DMK backups just as you did. Now about the errors you receive during the restore which, for some reason, cannot be made known. Salt doesn't need to be hidden it only needs to be random. This is a header where the salt, among other things, is located. If you will look at your DMK backup files' contents side by side, you will see that the first 40-60 bytes have almost identical structure (same amounts of spaces in the same places, for instance) only some data differ. (The signature, however, will always be the same.) I believe this is intentional "randomisation" of the output in order not to make password guessing easier. It is normal for cipher text to be different on each encryption, all other things being equal.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |