--- title: "Using Encryption | Microsoft Docs" ms.custom: "" ms.date: "08/06/2017" ms.prod: "sql-server-2016" ms.reviewer: "" ms.suite: "" ms.technology: - "docset-sql-devref" ms.tgt_pltfrm: "" ms.topic: "reference" helpviewer_keywords: - "database master key [SMO]" - "cryptography [SMO]" - "cryptography [SQL Server], SMO" - "encryption keys [SMO]" - "encryption [SQL Server], SMO" - "encryption [SMO]" - "certificates [SMO]" - "service master key [SMO]" ms.assetid: 405e0ed7-50a9-430e-a343-471f54b4af76 caps.latest.revision: 27 author: "JennieHubbard" ms.author: "jhubbard" manager: "jhubbard" --- # Using Encryption In SMO, the service master key is represented by the object. This is referenced by the property of the object. It can be regenerated by using the method. The database master key is represented by the object. The property indicates whether or not the database master key is encrypted by the service master key. The encrypted copy in the master database is automatically updated whenever the database master key is changed. It is possible to drop service key encryption using the method and encrypt the database master key with a password. In that situation, you will have to explicitly open the database master key before accessing private keys that it has secured. When a database is being attached to an instance of [!INCLUDE[ssNoVersion](../../../includes/ssnoversion-md.md)], you must either supply the password for the database master key or execute the method to make an unencrypted copy of the database master key available for encryption with the service master key. This step is recommended to avoid the need to explicitly open the database master key. The method regenerates the database master key. When the database master key is regenerated, all the keys that have been encrypted with the database master key are decrypted, and then encrypts them with the new database master key. The method removes the encryption of the database master key by the service master key. causes a copy of the master key to be encrypted using the service master key and stored in both the current database and in the master database. In SMO, certificates are represented by the object. The object has properties that specify the public key, the name of the subject, period of validity, and information about the issuer. Permission to access the certificate is controlled by using the **Grant**, **Revoke** and **Deny** methods. ## Example For the following code examples, you will have to select the programming environment, programming template and the programming language to create your application. For more information, see [Create a Visual C# SMO Project in Visual Studio .NET](../../../relational-databases/server-management-objects-smo/how-to-create-a-visual-csharp-smo-project-in-visual-studio-net.md). ## Adding a Certificate in Visual C# The code example creates a simple certificate with an encryption password. Unlike other objects, the method has several overloads. The overload used in the example creates a new certificate with an encryption password. ```csharp { //Connect to the local, default instance of SQL Server. { Server srv = new Server(); //Reference the AdventureWorks2012 database. Database db = srv.Databases["AdventureWorks2012"]; //Define a Certificate object variable by supplying the parent database and name in the constructor. Certificate c = new Certificate(db, "Test_Certificate"); //Set the start date, expiry date, and description. System.DateTime dt; DateTime.TryParse("January 01, 2010", out dt); c.StartDate = dt; DateTime.TryParse("January 01, 2015", out dt); c.ExpirationDate = dt; c.Subject = "This is a test certificate."; //Create the certificate on the instance of SQL Server by supplying the certificate password argument. c.Create("pGFD4bb925DGvbd2439587y"); } } ``` ## Adding a Certificate in PowerShell The code example creates a simple certificate with an encryption password. Unlike other objects, the method has several overloads. The overload used in the example creates a new certificate with an encryption password. ```powershell # Set the path context to the local, default instance of SQL Server and get a reference to AdventureWorks2012 CD \sql\localhost\default\databases $db = get-item AdventureWorks2012 #Create a certificate $c = New-Object -TypeName Microsoft.SqlServer.Management.Smo.Certificate -argumentlist $db, "Test_Certificate" $c.StartDate = "January 01, 2010" $c.Subject = "This is a test certificate." $c.ExpirationDate = "January 01, 2015" #Create the certificate on the instance of SQL Server by supplying the certificate password argument. $c.Create("pGFD4bb925DGvbd2439587y") ``` ## See Also [Using Encryption Keys](../../../relational-databases/server-management-objects-smo/tasks/using-encryption.md)