Quick Introduction to Transparent Encryption with DbDefence

This quick demo offers a brief explanation of how DbDefence works, while highlighting some of the useful features the software has to offer. Let's start by encrypting a demo database entitled "GoldMine" from GoldMine CRM. Both the name and level of complexity of a database are irrelevant to DbDefence. The program's encryption algorithms function the same way no matter how complex the structure of the database.

In the example below, we use SQL Server 2012. However, server versions also no role in the functionality of DbDefence. All modern versions of SQL Server are compatible with DbDefence. The screenshot below shows a basic overlay of what to expect when you log into DbDefence as a super user. The problem is that other users typically have access to the database schema (table structures), as highlighted.

1 640x452

The first step to properly encrypting a database using DbDefence is to log off the SSMS so it does not have access to the SQL database. An encryption attempt will fail if there are any connections to the database during the process.

The second step is to start the Encryptor and select the SQL Server instance. Only local available instances are listed. It is not possible to encrypt a database remotely.

Once that is done, enter a password. It is very important that you remember the password! You will use it to get access to the database later or to decrypt (revert) the database.


Please note, that with the free version of DbDefence you can only encrypt databases up to 200 MB. Assuming there are no errors in the above entry fields, the software will then encrypt your database to the requested specifications. The process is very quick. We use highly optimized AES encryption routines that utilize all the advantages of modern day computer processors.

Important: If you only want to encrypt database files without restricting access to an existing applications please scroll down to the end


Once the encryption process is complete, the software then runs diagnostic tests to make sure the data is healthy and functional. You should see a success message in the dialog box.

Now, take a look at the difference between an encrypted database and an unencrypted database. Even if an attacker somehow got unauthorized access to this data, they would be completely unable to read it!

5 488x284

Now that you have successfully encrypted your database, go back to SQL Server Management Studio and try to access your database as the most privileged account. See! The database structure is now completely hidden! Trying to select any data from the protected table now returns an error, but the data is still there, completely intact! And the best part is, this level of database protection works for ALL network applications, not just SSMS.

6 638x451

Now lets briefly go through the steps to decrypt a database. The first thing you need to do is type in the following SQL statement:


7 640x452

After supplying your database key password you are able to work with the database. Note that by default, access is granted only to connections running an open symmetric key statement. SSMS uses another connection to retrieve the database structure. That is why logged in administrators accessing SSMS do not have access to the database.

If you would like to modify these settings for the whole SSMS process, there are several ways to do so. One such solution is to run:

exec dbd_unlock_for_host @proc=1
Now, refresh table view.

8 641x453

For more information regarding specific settings, please read the included documentation.

If you need to contact our support desk, we can be reached at: This email address is being protected from spambots. You need JavaScript enabled to view it.

That's all for DbDefence basics!

If you only want to encrypt database files.

Some customers need to encrypt data and not restrict access for any applications. In this case, just let everything run as before but with encrypted files on the disk. Then, set an extra option before encrypting the database:

4 413x440

Then proceed with encryption. You do not need to apply a password in any way to select data.