1) Encryption is non-deterministic. Additional information is used to
randomize the result..
2) SQL Server certificates store real certificates, which are RSA
public+private keys. You don't need to have a master key in the database to
create a certificate, you can just encrypt the certificate using a password.
3) Knowing the name of a key object is not sufficient to allow you access to
that object. Look at Books Online to find out more about the permissions
required to encrypt/decrypt. If you protect keys using passwords, then in
addition to permissions you also need to know the password that protects the
Laurentiu Cristofor [MSFT]
Software Development Engineer
SQL Server Engine
This posting is provided "AS IS" with no warranties, and confers no rights.