data-konzept

'There is a fundamental problem with any software that encrypts its own data: it also needs to decrypt the data if it wants to use it itself. For example, if SQL Server wants to write data to an encrypted database and then later return it to a user, it needs the decryption key available to itself to be able to do that. If the system also has to boot without manual intervention and the sensitive functionality can’t be embedded in separate protected hardware, then that key must be stored on the system somewhere so that the server has access to it when it starts up. However if the key is stored on the system it is accessible to anybody that has gained elevated privileges and if the entire system is backed up, the key is also stored on the backups, making all data easily readable.

“Obviously” the solution is to encrypt the key before storing it on the system, and that is what Microsoft does with TDE. Unfortunately that doesn’t really solve anything because in order to decrypt the encrypted key, you need to store that key instead. All this achieves is deferring the storage of the key with a little smoke and mirrors. Clearly the solution is to encrypt the encrypting key as well… And that is what Microsoft does with TDE. And so it continues. It’s turtles all the way down. Eventually though you have to stop adding layers and store the bottommost key somewhere unencrypted, defeating all of the layers of encryption immediately – and the whole world comes tumbling down, turtles and all.'...

https://simonmcauliffe.com/technology/tde/