Search Knowledge Base
KB #240101: Test the encryption state of a SQL database or backup
There are several methods of determining whether SQL Database files are encrypted. You can also determine whether backups and other files are encrypted.
Testing Databases and files that are offline: The Encrypt/Decrypt Wizard (secncrpt.exe)which comes with your Encryptionizer for SQL product can be used to test any file. If testing database files, the database must be offline, or SQL must be stopped in order to test the file (online databases are locked by SQL Server and cannot be tested with this utility):
- run the Encrypt/Decrypt Wizard (secncrpt.exe)
- Choose the Validate option
- select the database file(s) or other file(s) to be tested.
- returning to the list, you will see a report of the encryption state of each file selected.
- if you wish, can proceed to test the encryption key by clicking Next and proceed through the utility.
Testing Databases that are online: You can use one of the provided Encryptionizer for SQL API’s to list all the database files that are encrypted that are associated with attached databases. You will have needed to install the API’s – either at original installation time, or later. API’s installation is simple and instructions can be found in the NetLib installation guide provided with the software.
In a SQL Query window, you can run the following query from the master database:
This will return a list of encrypted database files associated with attached databases. This will not return the state of any backup files as those are not attached to the SQL instance.
If you installed the CLR version of Encryptionizer API’s, the you can run the following query:
This will return a list of database files associated with an instance along with its online status and encryption state. 2 or 6 = encrypted and matches a key with which the instance is secured, 0 or 4 = encrypted but no key match, 1 = not encrypted. This will not return the state of any backup files as those are not attached to the SQL instance.
To further test that your database or backup is encrypted: An encrypted database or backup file cannot be restored to another SQL Server instance either on the same machine or another machine, unless if is configured with the same Encryption key profile information.
240100: SQL Backup not encrypted
240038: SQL database backups to a Mapped Drive are not encrypted
240056: Encrypt/Decrypt Wizard: Error – could not access file
240046: Backup not encrypted even though “encrypt new” flag was set
240028: How to Install Encryptionizer SQL APIs Manually
Last modified: 5/17/2018