A server is running an instance of Microsoft SQL Server 2005. When you use a symmetric key to decrypt data in a database of the instance of SQL Server, you receive the following error message:
Msg 15273, Level 16, State 1, The decryption key is incorrect.
This problem occurs when the symmetric key is generated by using the data encryption standard (DES) algorithm in Microsoft Windows 2000.
Typically, you experience this problem in the following scenario:
In an instance of SQL Server 2005 that is running on a Windows 2000-based computer, you use a symmetric key to encrypt data in a database. Additionally, the symmetric key is generated by using the DES algorithm.
You migrate the database to an instance of SQL Server 2005 that is running on another Windows operating system. For example, you migrate the database to Windows Server 2003.
You try to use the symmetric key to decrypt the data.
This problem does not occur if the symmetric key is generated by using the Triple DES (3DES) algorithm in Windows 2000.
The cause of this issue is documented in the following Microsoft Knowledge Base article:
331367 Cannot decrypt data using data encryption standard (DES) key across Windows platforms
To work around this problem, use a different algorithm to generate a new symmetric key. Then, use this new key to reencrypt the data. You should use this method before you migrate the database. For example, use the 3DES algorithm to generate a symmetric key.
SQL Server 2005 uses the Cryptography API (CAPI) in Windows to decrypt data. Therefore, this is a limitation in the Windows operating system.
For more information about how to create a symmetric key, visit the following Microsoft Developer Network (MSDN) Web site: