SQL Server Backup Encryption Details

justin 1 Reputation point


The Backup Encryption page mentions AES 256 can be used for encrypting backups. However, it does not go into IV generation, Cipher block mode, or Authentication of backups. https://learn.microsoft.com/en-us/sql/relational-databases/backup-restore/backup-encryption?view=sql-server-ver15

If AES 256 is selected, is the algorithm AEAD_AES_256_CBC_HMAC_SHA_256 used?


SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
8,560 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. CathyJi-MSFT 20,666 Reputation points Microsoft Employee

    Hi @ justin-7809,

    > If AES 256 select, is the algorithm AEAD_AES_256_CBC_HMAC_SHA_256 used?

    No. AES 256 is one Encryption Algorithm for backup encryption. Always Encrypted uses the AEAD_AES_256_CBC_HMAC_SHA_256 algorithm to encrypt data in the database. Refer to Data Encryption Algorithm.

    Best regards,