Knowledge Base

Search Knowledge Base

KB #240101: Test the encryption state of a SQL database or backup




There are several methods of determining whether SQL Database files are encrypted. You can also determine whether backups and other files are encrypted.

Additional Information:

Testing Databases and files that are offline: The Encrypt/Decrypt Wizard (secncrpt.exe)which comes with your Encryptionizer for SQL product can be used to test any file. If testing database files, the database must be offline, or SQL must be stopped in order to test the file (online databases are locked by SQL Server and cannot be tested with this utility):

  • run the Encrypt/Decrypt Wizard (secncrpt.exe)
  • Choose the Validate option
  • select the database file(s) or other file(s) to be tested.
  • returning to the list, you will see a report of the encryption state of each file selected.
  • if you wish, can proceed to test the encryption key by clicking Next and proceed through the utility.

Testing Databases that are online: You can use one of the provided Encryptionizer for SQL API’s to list all the database files that are encrypted that are associated with attached databases. You will have needed to install the API’s – either at original installation time, or later. API’s installation is simple and instructions can be found in the NetLib installation guide provided with the software.

In a SQL Query window, you can run the following query from the master database:


This will return a list of encrypted database files associated with attached databases. This will not return the state of any backup files as those are not attached to the SQL instance.

If you installed the CLR version of Encryptionizer API’s, the you can run the following query:


This will return a list of database files associated with an instance along with its online status and encryption state.  2 or 6 = encrypted and matches a key with which the instance is secured, 0 or 4 = encrypted but no key match, 1 = not encrypted.  This will not return the state of any backup files as those are not attached to the SQL instance.


To further test that your database or backup is encrypted: An encrypted database or backup file cannot be restored to another SQL Server instance either on the same machine or another machine, unless if is configured with the same Encryption key profile information.

Related Topics:

240100: SQL Backup not encrypted

240038: SQL database backups to a Mapped Drive are not encrypted

240056: Encrypt/Decrypt Wizard: Error – could not access file

240046: Backup not encrypted even though “encrypt new” flag was set

240028: How to Install Encryptionizer SQL APIs Manually

Last modified: 5/17/2018