To implement TDE you should follow the following steps:
1. Create a master key
2. Create or obtain a certificate protected by the master key
3. Create a database encryption key and protect it by the certificate
4. Set the database to use encryption
"The database master key is a symmetric key used to protect the private keys of certificates and asymmetric keys that are present in the database. When it is created, the master key is encrypted by using the AES_256
algorithm and a user-supplied password. To enable the automatic decryption of the master key, a copy of the key is encrypted by using the service master key and stored in both the database and in master. "
To create a Master key you need to execute the followin Tsql comand.
create database test
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'masterkey1';
To validate if the master key has been created you can use the folllowing TSQL statement.
select * from sys.symmetric_keys;
Figure1. Query result showing Master data key has been created (click image to enlarge)
If you want to check if your database has certificate you can inspect it through Management studio
or query the sys.certificates system tables as shown below.
The final step is to run an alter database command to turn on the encryption. To do this you will need to run the following commands
ALTER DATABASE test
SET ENCRYPTION ON;
This article was highlighted in the Top Contributors Awards - blogs.technet.com/.../top-contributors-awards-project-server-2013-outlook-sql-server-sharepoint-powershell-and-much-more.aspx