To create the master and dual master keys use:
create encryption key [dual] master [for AES] with passwd char_literal
where:
master and dual master refer to database-level keys used to encrypt other keys within the database in which they are defined. These keys are not used to encrypt data. The master key is named internally as sybencrmasterkey in sysobjects, and the dual master key is named internally as sybencrdualmasterkey in sysobjects.
with passwd must be followed by a character string password that adheres to sp_passwordpolicy.
See the Reference Manual: Commands.
Example 1 – creates master key in database tdb1:
use database tdb1 create encryption key master with passwd 'unforgetablethatswhatyouare'
Example 2 – creates a dual master key in database tdb1:
use database tb1 create encryption key dual master with passwd 'dualunforgettable'
Example 3 – generates an error because you cannot use a master key as a column encryption key:
create table t2 (c1 int encrypt with master)
To change the password of a master key or dual master key, use:
alter encryption key [dual] master with passwd <char_literal> modify encryption with passwd <char_literal>
