Error message when you use a symmetric key to decrypt data in a SQL Server 2005 database: "The decryption key is incorrect"

Article translations Article translations
Article ID: 948209 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

A server is running an instance of Microsoft SQL Server 2005. When you use a symmetric key to decrypt data in a database of the instance of SQL Server, you receive the following error message:
Msg 15273, Level 16, State 1,
The decryption key is incorrect.
This problem occurs when the symmetric key is generated by using the data encryption standard (DES) algorithm in Microsoft Windows 2000.

Typically, you experience this problem in the following scenario:
  • In an instance of SQL Server 2005 that is running on a Windows 2000-based computer, you use a symmetric key to encrypt data in a database. Additionally, the symmetric key is generated by using the DES algorithm.
  • You migrate the database to an instance of SQL Server 2005 that is running on another Windows operating system. For example, you migrate the database to Windows Server 2003.
  • You try to use the symmetric key to decrypt the data.
This problem does not occur if the symmetric key is generated by using the Triple DES (3DES) algorithm in Windows 2000.

CAUSE

The cause of this issue is documented in the following Microsoft Knowledge Base article:
331367 Cannot decrypt data using data encryption standard (DES) key across Windows platforms

WORKAROUND

To work around this problem, use a different algorithm to generate a new symmetric key. Then, use this new key to reencrypt the data. You should use this method before you migrate the database. For example, use the 3DES algorithm to generate a symmetric key.

MORE INFORMATION

SQL Server 2005 uses the Cryptography API (CAPI) in Windows to decrypt data. Therefore, this is a limitation in the Windows operating system.

REFERENCES

For more information about how to create a symmetric key, visit the following Microsoft Developer Network (MSDN) Web site:
http://msdn2.microsoft.com/en-us/library/ms188357.aspx
For more information about how to encrypt data by using a symmetric key, visit the following MSDN Web site:
http://msdn2.microsoft.com/en-us/library/ms174361.aspx
For more information about how to decrypt data by using a symmetric key, visit the following MSDN Web site:
http://msdn2.microsoft.com/en-us/library/ms181860.aspx

Properties

Article ID: 948209 - Last Review: February 14, 2008 - Revision: 1.1
APPLIES TO
  • Microsoft SQL Server 2005 Standard Edition
  • Microsoft SQL Server 2005 Workgroup Edition
  • Microsoft SQL Server 2005 Developer Edition
  • Microsoft SQL Server 2005 Enterprise Edition
Keywords: 
kberrmsg kbexpertiseadvanced kbtshoot kbprb KB948209

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com