{"id":2488,"date":"2014-07-18T18:00:39","date_gmt":"2014-07-18T22:00:39","guid":{"rendered":"http:\/\/sqlity.net\/en\/?p=2488"},"modified":"2014-11-13T12:19:51","modified_gmt":"2014-11-13T17:19:51","slug":"symmetric-key-recreation-myth","status":"publish","type":"post","link":"https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/","title":{"rendered":"Debunking Symmetric Key Recreate-Ability"},"content":{"rendered":"
\n

\n\"You do not need to back up your symmetric key if it was created from a certificate, because you can just recreate it.\"\n<\/p>\n

\nThis advice I keep seeing and hearing around the internet and at conferences. Even many SQL Server experts believe this to be true. However, this is incorrect and dangerous advice.\n<\/p>\n

Debunking the Certificate Derived Symmetric Key Myth<\/h3>\n

\nThis misconception is based on the assumption that two symmetric keys that are created with the ENCRYPTION BY CERTIFICATE<\/span> clause using the same certificate will be identical. Because you can back up a certificate, the assumption then is that you do not need an additional backup of your \"derived\" symmetric keys.\n<\/p>\n

\nThe first hint that this myth might lack some truth comes along when you look at the key_guid<\/span>. While the key guid is not derived from the key (other than e.g. a thumbprint), it is used by SQL Server to identify the symmetric key to use when decrypting a value. As you might know, the DECRYPTBYKEY<\/span> function does not have a parameter that allows you to specify the key to use.\n<\/p>\n

\nTo show you what I am referring to, when pointing out the key_guid<\/span> value, let us start out by creating a few keys:\n<\/p>\n

\n[sql]\nCREATE CERTIFICATE KeyProtection WITH SUBJECT = 'A Key Protecting Certificate';<\/p>\n

CREATE SYMMETRIC KEY CertificateProtectedKey1 WITH ALGORITHM = AES_256 ENCRYPTION BY CERTIFICATE KeyProtection;
\nCREATE SYMMETRIC KEY CertificateProtectedKey2 WITH ALGORITHM = AES_256 ENCRYPTION BY CERTIFICATE KeyProtection;
\nCREATE SYMMETRIC KEY CertificateProtectedKey3 WITH ALGORITHM = AES_256 ENCRYPTION BY CERTIFICATE KeyProtection;
\nCREATE SYMMETRIC KEY CertificateProtectedKey4 WITH ALGORITHM = AES_256 ENCRYPTION BY CERTIFICATE KeyProtection;
\n[\/sql]\n<\/p><\/div>\n

\nThe above T-SQL snippet creates a certificate and then four symmetric keys that are protected by that same certificate. Now we can run the following query to look at the key_guid<\/span> for each of the four new keys:\n<\/p>\n

\n[sql]\nSELECT SK.name,
\n SK.symmetric_key_id,
\n SK.algorithm_desc,
\n SK.key_guid
\n FROM sys.symmetric_keys AS SK
\n WHERE SK.name LIKE 'CertificateProtectedKey_';
\n[\/sql]\n<\/div>\n

\nThe result of that query on my system looks like this:\n<\/p>\n

\n\"Symmetric<\/a>\n<\/p>\n

\nYou can immediately see that the Key GUIDs are different. While that does not give us any information on the keys themselves, it certainly would present a significant hurdle if you were to try to decrypt a value with a different key than the one that was used to encrypt it.\n<\/p>\n

The Proof<\/h3>\n

\nTo proof that the keys are indeed different we are going to have to decrypt the keys themselves. Luckily, that is not hard at all as you can assure yourself of here<\/a>. The following query is a simplified form of the query you can find in that article:\n<\/p>\n

\n[sql]\nSELECT SK.name,
\n DECRYPTBYCERT(C.certificate_id,KE.crypt_property) AS decrypted_key,
\n C.name AS protecting_certificate, KE.crypt_type_desc, SK.symmetric_key_id
\n FROM sys.key_encryptions AS KE
\n JOIN sys.symmetric_keys AS SK
\n ON KE.key_id = SK.symmetric_key_id
\n JOIN sys.certificates AS C
\n ON KE.thumbprint = C.thumbprint
\n WHERE SK.name LIKE 'CertificateProtectedKey_';
\n[\/sql]\n<\/div>\n

\nIt uses the sys.key_encryptions<\/span> catalog view<\/a> to identify the certificate that protects the given symmetric key and then uses that certificate to decrypt the key.\n<\/p>\n

\nThe output of this query on my system is shown below:\n<\/p>\n

\n\"Four<\/a>\n<\/p>\n

\nAs you can clearly see, the four keys are not even similar to each other. Clearly one does not help decrypting a value that was decrypted with another one.\n<\/p>\n

But What About Symmetric Keys Protected by Asymmetric Keys?<\/h3>\n

\nGlad you asked. The first point to make here is that you cannot really backup an asymmetric key either, so even if they would behave differently from certificates it would be of limited use. However, let us quickly confirm anyway. First, we need a few symmetric keys protected by the same asymmetric key:\n<\/p>\n

\n[sql]\nCREATE ASYMMETRIC KEY KeyProtection WITH ALGORITHM = RSA_2048;<\/p>\n

CREATE SYMMETRIC KEY AsymmetricKeyProtectedKey1 WITH ALGORITHM = AES_256 ENCRYPTION BY ASYMMETRIC KEY KeyProtection;
\nCREATE SYMMETRIC KEY AsymmetricKeyProtectedKey2 WITH ALGORITHM = AES_256 ENCRYPTION BY ASYMMETRIC KEY KeyProtection;
\nCREATE SYMMETRIC KEY AsymmetricKeyProtectedKey3 WITH ALGORITHM = AES_256 ENCRYPTION BY ASYMMETRIC KEY KeyProtection;
\nCREATE SYMMETRIC KEY AsymmetricKeyProtectedKey4 WITH ALGORITHM = AES_256 ENCRYPTION BY ASYMMETRIC KEY KeyProtection;
\n[\/sql]\n<\/p><\/div>\n

\nThen we can run a very similar query to the one above to decrypt these symmetric keys:\n<\/p>\n

\n[sql]\nSELECT SK.name,
\n DECRYPTBYASYMKEY(AK.asymmetric_key_id,KE.crypt_property) AS decrypted_key,
\n AK.name AS protecting_asymmetric_key, KE.crypt_type_desc, SK.symmetric_key_id
\n FROM sys.key_encryptions AS KE
\n JOIN sys.symmetric_keys AS SK
\n ON KE.key_id = SK.symmetric_key_id
\n JOIN sys.asymmetric_keys AS AK
\n ON KE.thumbprint = AK.thumbprint
\n WHERE SK.name LIKE 'AsymmetricKeyProtectedKey_';
\n[\/sql]\n<\/div>\n

\nThe result of that query does not look a lot different from the one of the certificate query:\n<\/p>\n

\n\"Four<\/a>\n<\/p>\n

\nAgain, all four symmetric keys are significantly different from each other.\n<\/p>\n

Your Take-Away<\/h3>\n

\nYou clearly cannot rely on certificates (or asymmetric keys) to recreate symmetric keys in your database. That means you need to find another way to back up your symmetric keys. Sadly, SQL Server does not provide a way to create a backup of such a key. The only two reliable ways of creating a recreate-able symmetric key are by using either an external key management solution (an EKM module), or by deriving the key from a passphrase. However, both have their own set of disadvantages.\n<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Do you think you can recreate a symmetric key that is protected by a certificate, by just using that same certificate? You might be in for a big surprise…<\/p>\n

[more…]<\/a><\/p>\n","protected":false},"author":3,"featured_media":2491,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[32,5,34,96],"tags":[49,273,31,38,15,140,141],"class_list":["post-2488","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptography","category-general","category-security","category-security-misconceptions","tag-certificates","tag-cryptography","tag-encryption","tag-security-2","tag-sql-server","tag-symmetric-key","tag-symmetric-key-encryption"],"acf":[],"yoast_head":"\nDebunking Symmetric Key Recreate-Ability - sqlity.net<\/title>\n<meta name=\"description\" content=\"Do you think you can recreate a symmetric key that is protected by a certificate, by just using that same certificate? You might be in for a big surprise...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Debunking Symmetric Key Recreate-Ability - sqlity.net\" \/>\n<meta property=\"og:description\" content=\"Do you think you can recreate a symmetric key that is protected by a certificate, by just using that same certificate? You might be in for a big surprise...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/\" \/>\n<meta property=\"og:site_name\" content=\"sqlity.net\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/sqlity.net\" \/>\n<meta property=\"article:published_time\" content=\"2014-07-18T22:00:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2014-11-13T17:19:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sqlity.net\/wp-content\/uploads\/2014\/07\/Four_really_different_certificate_protected_symmetric_keys.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"768\" \/>\n\t<meta property=\"og:image:height\" content=\"468\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Sebastian Meine\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sqlity\" \/>\n<meta name=\"twitter:site\" content=\"@sqlity\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sebastian Meine\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/2488\\\/symmetric-key-recreation-myth\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/2488\\\/symmetric-key-recreation-myth\\\/\"},\"author\":{\"name\":\"Sebastian Meine\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/#\\\/schema\\\/person\\\/bcffd8c572bc2f1bd10fdba80135e53c\"},\"headline\":\"Debunking Symmetric Key Recreate-Ability\",\"datePublished\":\"2014-07-18T22:00:39+00:00\",\"dateModified\":\"2014-11-13T17:19:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/2488\\\/symmetric-key-recreation-myth\\\/\"},\"wordCount\":907,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/2488\\\/symmetric-key-recreation-myth\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sqlity.net\\\/wp-content\\\/uploads\\\/2014\\\/07\\\/Four_really_different_certificate_protected_symmetric_keys.jpg\",\"keywords\":[\"Certificates\",\"Cryptography\",\"Encryption\",\"security\",\"SQL Server\",\"symmetric key\",\"symmetric key encryption\"],\"articleSection\":[\"Cryptography\",\"General\",\"Security\",\"Security Misconceptions\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/sqlity.net\\\/en\\\/2488\\\/symmetric-key-recreation-myth\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/2488\\\/symmetric-key-recreation-myth\\\/\",\"url\":\"https:\\\/\\\/sqlity.net\\\/en\\\/2488\\\/symmetric-key-recreation-myth\\\/\",\"name\":\"Debunking Symmetric Key Recreate-Ability - sqlity.net\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/2488\\\/symmetric-key-recreation-myth\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/2488\\\/symmetric-key-recreation-myth\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sqlity.net\\\/wp-content\\\/uploads\\\/2014\\\/07\\\/Four_really_different_certificate_protected_symmetric_keys.jpg\",\"datePublished\":\"2014-07-18T22:00:39+00:00\",\"dateModified\":\"2014-11-13T17:19:51+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/#\\\/schema\\\/person\\\/bcffd8c572bc2f1bd10fdba80135e53c\"},\"description\":\"Do you think you can recreate a symmetric key that is protected by a certificate, by just using that same certificate? You might be in for a big surprise...\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/2488\\\/symmetric-key-recreation-myth\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sqlity.net\\\/en\\\/2488\\\/symmetric-key-recreation-myth\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/2488\\\/symmetric-key-recreation-myth\\\/#primaryimage\",\"url\":\"https:\\\/\\\/sqlity.net\\\/wp-content\\\/uploads\\\/2014\\\/07\\\/Four_really_different_certificate_protected_symmetric_keys.jpg\",\"contentUrl\":\"https:\\\/\\\/sqlity.net\\\/wp-content\\\/uploads\\\/2014\\\/07\\\/Four_really_different_certificate_protected_symmetric_keys.jpg\",\"width\":768,\"height\":468,\"caption\":\"Four Symmetric Keys that are Protected by the same Certificate and Still are Really Different\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/2488\\\/symmetric-key-recreation-myth\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sqlity.net\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Debunking Symmetric Key Recreate-Ability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/sqlity.net\\\/en\\\/\",\"name\":\"sqlity.net\",\"description\":\"Quality for SQL\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sqlity.net\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sqlity.net\\\/en\\\/#\\\/schema\\\/person\\\/bcffd8c572bc2f1bd10fdba80135e53c\",\"name\":\"Sebastian Meine\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4ab0a6d02dd494849a584a2c3c8bc3bdcef1d0aa5f87e98bf905dbdb9ad2ce3a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4ab0a6d02dd494849a584a2c3c8bc3bdcef1d0aa5f87e98bf905dbdb9ad2ce3a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4ab0a6d02dd494849a584a2c3c8bc3bdcef1d0aa5f87e98bf905dbdb9ad2ce3a?s=96&d=mm&r=g\",\"caption\":\"Sebastian Meine\"},\"sameAs\":[\"http:\\\/\\\/sqlity.net\",\"https:\\\/\\\/x.com\\\/sqlity\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Debunking Symmetric Key Recreate-Ability - sqlity.net","description":"Do you think you can recreate a symmetric key that is protected by a certificate, by just using that same certificate? You might be in for a big surprise...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/","og_locale":"en_US","og_type":"article","og_title":"Debunking Symmetric Key Recreate-Ability - sqlity.net","og_description":"Do you think you can recreate a symmetric key that is protected by a certificate, by just using that same certificate? You might be in for a big surprise...","og_url":"https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/","og_site_name":"sqlity.net","article_publisher":"https:\/\/www.facebook.com\/sqlity.net","article_published_time":"2014-07-18T22:00:39+00:00","article_modified_time":"2014-11-13T17:19:51+00:00","og_image":[{"width":768,"height":468,"url":"https:\/\/sqlity.net\/wp-content\/uploads\/2014\/07\/Four_really_different_certificate_protected_symmetric_keys.jpg","type":"image\/jpeg"}],"author":"Sebastian Meine","twitter_card":"summary_large_image","twitter_creator":"@sqlity","twitter_site":"@sqlity","twitter_misc":{"Written by":"Sebastian Meine","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/#article","isPartOf":{"@id":"https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/"},"author":{"name":"Sebastian Meine","@id":"https:\/\/sqlity.net\/en\/#\/schema\/person\/bcffd8c572bc2f1bd10fdba80135e53c"},"headline":"Debunking Symmetric Key Recreate-Ability","datePublished":"2014-07-18T22:00:39+00:00","dateModified":"2014-11-13T17:19:51+00:00","mainEntityOfPage":{"@id":"https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/"},"wordCount":907,"commentCount":0,"image":{"@id":"https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/#primaryimage"},"thumbnailUrl":"https:\/\/sqlity.net\/wp-content\/uploads\/2014\/07\/Four_really_different_certificate_protected_symmetric_keys.jpg","keywords":["Certificates","Cryptography","Encryption","security","SQL Server","symmetric key","symmetric key encryption"],"articleSection":["Cryptography","General","Security","Security Misconceptions"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/","url":"https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/","name":"Debunking Symmetric Key Recreate-Ability - sqlity.net","isPartOf":{"@id":"https:\/\/sqlity.net\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/#primaryimage"},"image":{"@id":"https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/#primaryimage"},"thumbnailUrl":"https:\/\/sqlity.net\/wp-content\/uploads\/2014\/07\/Four_really_different_certificate_protected_symmetric_keys.jpg","datePublished":"2014-07-18T22:00:39+00:00","dateModified":"2014-11-13T17:19:51+00:00","author":{"@id":"https:\/\/sqlity.net\/en\/#\/schema\/person\/bcffd8c572bc2f1bd10fdba80135e53c"},"description":"Do you think you can recreate a symmetric key that is protected by a certificate, by just using that same certificate? You might be in for a big surprise...","breadcrumb":{"@id":"https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/#primaryimage","url":"https:\/\/sqlity.net\/wp-content\/uploads\/2014\/07\/Four_really_different_certificate_protected_symmetric_keys.jpg","contentUrl":"https:\/\/sqlity.net\/wp-content\/uploads\/2014\/07\/Four_really_different_certificate_protected_symmetric_keys.jpg","width":768,"height":468,"caption":"Four Symmetric Keys that are Protected by the same Certificate and Still are Really Different"},{"@type":"BreadcrumbList","@id":"https:\/\/sqlity.net\/en\/2488\/symmetric-key-recreation-myth\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sqlity.net\/en\/"},{"@type":"ListItem","position":2,"name":"Debunking Symmetric Key Recreate-Ability"}]},{"@type":"WebSite","@id":"https:\/\/sqlity.net\/en\/#website","url":"https:\/\/sqlity.net\/en\/","name":"sqlity.net","description":"Quality for SQL","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sqlity.net\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/sqlity.net\/en\/#\/schema\/person\/bcffd8c572bc2f1bd10fdba80135e53c","name":"Sebastian Meine","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4ab0a6d02dd494849a584a2c3c8bc3bdcef1d0aa5f87e98bf905dbdb9ad2ce3a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4ab0a6d02dd494849a584a2c3c8bc3bdcef1d0aa5f87e98bf905dbdb9ad2ce3a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4ab0a6d02dd494849a584a2c3c8bc3bdcef1d0aa5f87e98bf905dbdb9ad2ce3a?s=96&d=mm&r=g","caption":"Sebastian Meine"},"sameAs":["http:\/\/sqlity.net","https:\/\/x.com\/sqlity"]}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/sqlity.net\/wp-content\/uploads\/2014\/07\/Four_really_different_certificate_protected_symmetric_keys.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p2wXuw-E8","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/posts\/2488","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/comments?post=2488"}],"version-history":[{"count":0,"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/posts\/2488\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/media\/2491"}],"wp:attachment":[{"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/media?parent=2488"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/categories?post=2488"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sqlity.net\/en\/wp-json\/wp\/v2\/tags?post=2488"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}