HiveBrain v1.2.0
Get Started
← Back to all entries
snippetsqlMajor

How to find if SQL server backup is encrypted with TDE without restoring the backup

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
withoutthehowsqlwithtdeencryptedrestoringfindserver

Problem

Is there a way to find from the SQL Server Backup file or MSDB tables if the backup is encrypted with TDE without trying to restore the backup file?

Thanks

Solution

I up-voted Brent's answer, as his scenario could definitely muddy the water on whether the backup contained TDE data.

However, if you've had TDE enabled for a while, it seems that RESTORE FILELISTONLY (Transact-SQL) might provide the information you're after. There is a column on the result set called TDEThumbprint which "Shows the thumbprint of the Database Encryption Key. The encryptor thumbprint is a SHA-1 hash of the certificate with which the key is encrypted."

I looked at some of my backups which were both TDE encrypted and not TDE encrypted.

The backups of my TDE databases had the certificate thumbprint in that column and the backups that did not have TDE databases had null.

Context

StackExchange Database Administrators Q#233674, answer score: 31

Revisions (0)

No revisions yet.