ddlgen Support for Key Copies

The ddlgen utility also generates DDL for key copies along with the DDL for base key.

For example, this syntax would generate DDL for “ssn_key” and its key copies:

ddlgen -Usa -P -Sserver -TEK -NSampleKeysDB.dbo.ssn_key

The output from ddlgen would look like:
-----------------------------------------------------------------------------
-- DDL for EncryptedKey 'ssn_key'
-----------------------------------------------------------------------------
print 'ssn_key'

--The DDL is generated with a default password – 'password' as 
--a password was specified when this key was created.

create encryption key SampleKeysDB.dbo.ssn_key for AES
with keylength 128 
passwd 'password'
init_vector random 
go 

print 'Key Copies for ssn_key'

-- Generating DDL for Key Copies for 'ssn_key'

alter encryption key 'ssn_key'
with passwd 'password'
add encryption with passwd 'passwd'
for user 'dbo'.
If you include the -XOD flag, the DDL for key copy would look like:
alter encryption key SampleKeysDB.dbo.ssn_key add encryption 
with keyvalue
0x84A7360AA0B28801D6D4CBF2F8219F634EE641E1082F221A2C58C9BBEC9F49B501 
passwd 0x000062DF4B8DA5709E5E01 
keystatus 257 
for user 'user1' 
go
Parent topic: ddlgen and Encryption