ALTER DATABASE ENCRYPTION KEY (Transact-SQL)ALTER DATABASE ENCRYPTION KEY (Transact-SQL)

适用对象:是SQL Server 否Azure SQL 数据库 否Azure Synapse Analytics (SQL DW) 是并行数据仓库 APPLIES TO: yesSQL Server noAzure SQL Database noAzure Synapse Analytics (SQL DW) yesParallel Data Warehouse

改变用于以透明方式加密数据库的加密密钥和证书。Alters an encryption key and certificate that is used for transparently encrypting a database. 有关透明数据库加密的详细信息,请参阅透明数据加密 (TDE)For more information about transparent database encryption, see Transparent Data Encryption (TDE).

主题链接图标 TRANSACT-SQL 语法约定Topic link icon Transact-SQL Syntax Conventions

语法Syntax

-- Syntax for SQL Server  
  
ALTER DATABASE ENCRYPTION KEY  
      REGENERATE WITH ALGORITHM = { AES_128 | AES_192 | AES_256 | TRIPLE_DES_3KEY }  
   |  
   ENCRYPTION BY SERVER   
    {  
        CERTIFICATE Encryptor_Name |  
        ASYMMETRIC KEY Encryptor_Name  
    }  
[ ; ]  
-- Syntax for Parallel Data Warehouse  
  
ALTER DATABASE ENCRYPTION KEY  
    {  
      {  
        REGENERATE WITH ALGORITHM = { AES_128 | AES_192 | AES_256 | TRIPLE_DES_3KEY }  
        [ ENCRYPTION BY SERVER CERTIFICATE Encryptor_Name ]  
      }  
      |  
      ENCRYPTION BY SERVER   CERTIFICATE Encryptor_Name    
    }  
[ ; ]  

参数Arguments

REGENERATE WITH ALGORITHM = { AES_128 | AES_192 | AES_256 | TRIPLE_DES_3KEY }REGENERATE WITH ALGORITHM = { AES_128 | AES_192 | AES_256 | TRIPLE_DES_3KEY }
指定用于加密密钥的加密算法。Specifies the encryption algorithm that is used for the encryption key.

ENCRYPTION BY SERVER CERTIFICATE Encryptor_Name ENCRYPTION BY SERVER CERTIFICATE Encryptor_Name
指定用于加密数据库加密密钥的证书的名称。Specifies the name of the certificate used to encrypt the database encryption key.

ENCRYPTION BY SERVER ASYMMETRIC KEY Encryptor_NameENCRYPTION BY SERVER ASYMMETRIC KEY Encryptor_Name
指定用于加密数据库加密密钥的非对称密钥的名称。Specifies the name of the asymmetric key used to encrypt the database encryption key.

RemarksRemarks

用于加密数据库加密密钥的证书或非对称密钥必须位于 master 系统数据库中。The certificate or asymmetric key that is used to encrypt the database encryption key must be located in the master system database.

数据库所有者 (dbo) 发生更改时,不必重新生成数据库加密密钥。When the database owner (dbo) is changed, the database encryption key does not have to be regenerated.

在数据库加密密钥修改过两次后,必须执行日志备份才能再次对数据库加密密钥进行修改。After a database encryption key has been modified twice, a log backup must be performed before the database encryption key can be modified again.

权限Permissions

需要数据库的 CONTROL 权限和用于加密数据库加密密钥的证书或非对称密钥的 VIEW DEFINITION 权限。Requires CONTROL permission on the database and VIEW DEFINITION permission on the certificate or asymmetric key that is used to encrypt the database encryption key.

示例Examples

下面的示例将数据库加密密钥更改为使用 AES_256 算法。The following example alters the database encryption key to use the AES_256 algorithm.

-- Uses AdventureWorks  
  
ALTER DATABASE ENCRYPTION KEY  
REGENERATE WITH ALGORITHM = AES_256;  
GO  

另请参阅See Also

透明数据加密 (TDE) Transparent Data Encryption (TDE)
SQL Server 加密 SQL Server Encryption
SQL Server 和数据库加密密钥(数据库引擎) SQL Server and Database Encryption Keys (Database Engine)
加密层次结构 Encryption Hierarchy
ALTER DATABASE SET 选项 (Transact-SQL) ALTER DATABASE SET Options (Transact-SQL)
CREATE DATABASE ENCRYPTION KEY (Transact-SQL) CREATE DATABASE ENCRYPTION KEY (Transact-SQL)
DROP DATABASE ENCRYPTION KEY (Transact-SQL) DROP DATABASE ENCRYPTION KEY (Transact-SQL)
sys.dm_database_encryption_keys (Transact-SQL)sys.dm_database_encryption_keys (Transact-SQL)