USE master;
GO

        CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'VeryStr0ngP@ssw0rdmasterkey!'

        --Verify existence of a master key
      

        SELECT 
   b.name, a.crypt_type_desc

        FROM  sys.key_encryptions a INNER JOIN sys.symmetric_keys b ON a.key_id = b.symmetric_key_id

        WHERE b.name = '##MS_DatabaseMasterKey##';

--Create master certificate in every user database

        CREATE CERTIFICATE MasterCert

        WITH SUBJECT = 'WFO TDE Certificate';

        --Back up the master certificate in every user database
BACKUP CERTIFICATE MasterCert TO FILE = 'E:\saveddoc\MyServerCert.bak'

        WITH PRIVATE KEY

  (

  FILE = 'E:\ saveddoc\MyServerCert.pvk',

  ENCRYPTION BY PASSWORD = 'MyStr0ngP@ssw0rdF0rbackup'    );

        GO
USE database_name

        --Create a database certificate
      

        CREATE CERTIFICATE wfocert

ENCRYPTION BY PASSWORD = 'StrongPa$$WordForEncryption!'

        WITH SUBJECT = 'protecting our database data',   EXPIRY_DATE = '20801231';

        GO
      

        --Backup the database certificate
BACKUP CERTIFICATE wfocert TO FILE = 'E:\saveddoc \wfoccCert.bak'

        WITH PRIVATE KEY ( DECRYPTION BY PASSWORD = 'StrongPa$$WordForDB1!' ,  
FILE ='E:\saveddoc\wfoccCert',   
ENCRYPTION BY PASSWORD = 'BackupStrongPa$$Word'StrongPa$$WordForDB1!' )
 
--Create a Database Encryption Key (DEK)

        --Replace database with each user database to encrypt
      

        CREATE DATABASE ENCRYPTION KEY

        WITH ALGORITHM = AES_256 ENCRYPTION BY SERVER CERTIFICATE MasterCert;

        GO