The ddlgen utility supports both pre-15.0.2 and 15.0.2 encryption.
To generate DDL for an encryption key “ssn_key” in a database called “SampleKeysDB,” the syntax is:
ddlgen -Usa -P -Sserver -TEK -NSampleKeysDB.dbo.ssn_key
Where:
EK – is the encrypted key type
SampleKeysDB.dbo.ssn_key – is the fully qualified name for the encrypted key
ddlgen generates the following using this syntax:
-------------------------------------------------- -- DDL for EncryptedKey 'ssn_key' -------------------------------------------------- print 'ssn_key' create encryption key SampleKeysDB.dbo.ssn_key for AES with keylength 128 init_vector random go
To synchronize encryption keys across servers for data movement, use the ddlgen -XOD extended option to generate the create encryption key command that specifies the key’s encrypted value as represented in sysencryptkeys, such as in this sample:
ddlgen -Usa -P -Sserver -TEK -NSampleKeysDB.dbo.ssn_key -XOD
The output from this ddlgen command would be:
-------------------------------------------------------------------------- -- DDL for EncryptedKey 'ssn_key' -------------------------------------------------------------------------- print 'ssn_key' create encryption key SampleKeysDB.dbo.ssn_key for AES with keylength 128 passwd 0x00009EECD959E00095A401 init_vector random keyvalue 0x11D6B8AA6ACB0C0490A363791531DD6E6728C800FDD1A13BFF795FA22726C16101 keystatus 32 go
