Hi!

Our problem domain focuses around confidential development time/test data
from the clients. This data potentially includes very critical business value
data, so thorough protection of it is required.

This problem requires protection also in case of physical theft of the
server hardware. In other words, the encryption keys/secrets shouldn't have
to be in any unencrypted form on the server drives.

Our current solution is based on 3rd party virtual private disk product,
that allows mounting the drives using Smart Card certificates. This way we
can plug in the card during manual startup phases after the boot, mount the
drives and start the respective services (such as database servers) after
that on those encrypted drives.

Now after the introduction of encryption features of SQL Server 2005, we
want to evaluate their possibilities properly. We are going to evaluate the
feature set for our client's possible needs, regardless whether the features
help us to solve our own security requirements or not.

Possible and acceptable solutions would also be, if encrypted databases
could be "manually mounted" in a way that the encryption key(s) are provided
in the time of mounting and are only valid during the current runtime
environment; thus not stored anywhere on the server.

I wasn't yet able to find proper source of information about SQL Server 2005
encryption features, so figured to ask here. If there was some advanced
specification of the encryption support in SQL Server 2005, I'd be very glad
to simply find the source and read it all up myself from there.

I hope I cleared up the problem domain enough.

Best regards,

Kalle