Encryption, Keys and certificates etc. are complicated and confusing judging by the number of support calls coming in from DBA’s.
As I said in my last post, Transparent Data Encryption is there to stop someone walling off with your data. A database can be encrypted using a key which is stored in a certificate, again protected by a key in the master database. So what’s to protect your master database?
Well that’s not the top of the hierarchy for keys as this diagram shows from the security section of SQL Server Books On-Line :
So the Service Master key can be encrypted as well and this is done using the Windows Data Protection API. My good friend Steve Lamb will be posting about this shortly.
Finally MSDN has the complete up to date books on-line for SQL Server 2008 here, just so you know