Encrypting data across replication

We are looking at setting up peer-to-peer transactional replication between two databases. We have a customer requirement to encrypt the SSN in this database. I have configured replication successfully. I have also successfully encrypted the SSN using a symmetric key (with encryption by certificate). What I haven't done yet is set up encryption to work across a replication topology.

What steps would I have to follow in order to be able to encrypt the SSN on one server, replicate it to the subscriber, and then decrypt the SSN on the subscriber? For this scenario, is there a better way to handle encryption other than a symmetric key encrypted by a certificate?

The most important thing is to set up your encryption key so that you can manually recreate it on the subscriber. The setup must be manual, because replication will only work for the content of the tables, not for the keys used to encrypt that content. Have a look at this post for additional information: http://blogs.msdn.com/lcris/archive/2006/07/06/658364.aspx.

Thanks
Laurentiu

|||As a followup question, I have one field -- SSN -- that appears in several tables. I also have another field that needs to be encrypted. Is there any "rule of thumb" to use when deciding whether to create separate certificates/symmetric keys for each of these fields?