DBDefence use AES-128 encryption to encrypt database and log files completely. It uses highly optimized AES encryption routines and get benefits of multiprocessing. Currently there are two tools:

DBDefence Encryptor GUI
Command line based

Additionally there is simple decryption tool which removes encryption and protection completely.

Free Version can be used in commercial projects freely. However, the Free Version has a limited database size of up to 77Mb. Read more about obtaining the full version.

Encryption requirements for both tools:

Both tools encrypt only non system databases of local instances supported SQL Servers. GUI exclude inaccessible database from the list of databases. However those limitations can be removed if you have such requirements. Please contact us at support@dbdefence.com

Before encrypting the database we would like to recommend to make complete backup to avoid any unexpected problems.

DBDefence encrypt all files in the database. Typical database file contains one .mdf file and one .ldf file. However bigger databases can have several database and log files. DBDefence encrypts each file and each file have associated encryption key file. Currently they are all the same within the database. Do not delete and copy those files if you transfer database to new location or new server!

If you have UAC enabled operating system (Vista and above) you will get warnings about escalating permissions. Higher access level for those tools is necessary to modify database file. During the encryption process, the database will be detached from server. So it is important to close all connections to that database. After the detach, files will be encrypted and attached to SQL Server.

After encryption the GUI runs simple test to ensure database and protection integrity. If you have that test is failed please contact us. We will surely help you!

If your database is a part of complicated infrastructure you may want to use exceptions to provide unconditional access to the objects. Read more about that in exceptions section.

Here is the successful encryption screenshot. As you see small databases in several megabytes encrypted in less than a second.

Encrypted database contains special key called dbdx which needs to be opened to unlock access to the database. Read more about here.

DBDefence Command line Encryptor

The tool is called dbencrypt.exe and located in DBDefence installation directory and encrypts database in the same way like the GUI but without tests.

Usage: dbencrypt.exe -s <INSTANCE NAME ON THE LOCAL COMPUTER> -d <database> -p <encryption password> [-e exceptions_file]

Please note that you specify ONLY instance name instead of complete connection name. For example SQL Server installed with default settings has instance name MSSQLSERVER , default SQL Server Express instance called SQLEXPRESS. In spite of that both can be accessed by using "(local)" name.

Database must be running, accessible and not used. Exception file is the list of security exceptions

During encryption process database will be detached and encrypted without any backup.

Returned error codes:

0 - Success.
-777 - Encryption finished. (used only in API)
-21 - Error messages from SQL Server.
-20 - Can't connect to server.
-19 - DbDefence not installed or not started.
-18 - Database already encrypted.
-17 - No password specified.
-16 - Can't switch to select db.
-15 - Can't create dbdefence tables in database or created incorrectly.
-14 - Unexpected error.
-13 - Can't detach database.
-12 - Can't open database files for RW access.
-11 - Can't attach database after encryption.
-10 - File with exceptions specified but its not accessible.
-4 - Can't access all files of the database.
-3 - Database too big for demo version.
-2 - Unknown command line option.

In the same way like the GUI, command like can work only with local instances of SQL Server. You can't encrypt databases on remote SQL Server.