Breadcrumbs

Database Mirroring with Utimaco HSM

Once the Database Mirroring is configured, one or more Utimaco HSMs can be used along with internal/external keystore. For the illustration purpose one HSM is configured in this SQL Server Database Mirroring configuration.

To configure EKM Provider on the cluster nodes, refer section Enable Extensible Key Management

The Keys can be used from internal keystore or the external keystore, for creating keys refer section Creating Keys

RSA algorithm is not supported in FIPS mode.

  1. On Principal Server Instance use the Mirrored Database for creating keys using Utimaco HSMs.

  2. Create an asymmetric key in the TestDB1 database.

SQL Statement
SQL
USE TestDB1;

CREATE ASYMMETRIC KEY tdekey

FROM PROVIDER utimaco

WITH ALGORITHM = RSA_2048, PROVIDER_KEY_NAME = 'tdekey',

CREATION_DISPOSITION=CREATE_NEW;

  1. Insert the data into the table

SQL Statement
SQL
USE TestDB1 GO

CREATE TABLE Customers (FirstName varchar (MAX), SecondName varchar(MAX), CardNumber varbinary(MAX));

GO

INSERT INTO Customers (FirstName, SecondName, CardNumber)

VALUES ('Iain', 'Hood', ENCRYPTBYASYMKEY (ASYMKEY_ID('RSA2048Key'), '2048204820482048'));

  1. The Key and the Database is created in the Principal Server using Utimaco HSM. This data gets synchronized automatically in Mirror Server.