SQL Server Backup Encryption Details

justin 1 Reputation point
2020-08-25T17:16:34.307+00:00

Hello,

The Backup Encryption page mentions AES 256 can be used for encrypting backups. However, it does not go into IV generation, Cipher block mode, or Authentication of backups. https://learn.microsoft.com/en-us/sql/relational-databases/backup-restore/backup-encryption?view=sql-server-ver15

If AES 256 is selected, is the algorithm AEAD_AES_256_CBC_HMAC_SHA_256 used?

Thanks

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
8,560 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. CathyJi-MSFT 20,666 Reputation points Microsoft Employee
    2020-08-26T06:57:59.007+00:00

    Hi @ justin-7809,

    > If AES 256 select, is the algorithm AEAD_AES_256_CBC_HMAC_SHA_256 used?

    No. AES 256 is one Encryption Algorithm for backup encryption. Always Encrypted uses the AEAD_AES_256_CBC_HMAC_SHA_256 algorithm to encrypt data in the database. Refer to Data Encryption Algorithm.

    Best regards,
    Cathy