paraprase Master Encryption Key $($MEK$)$:

The Master Encryption Key is the root key used to encrypt and decrypt the Database Encryption Key $($DEK$).$

It's typically stored outside the database, often in a secure keystore or hardware security module $($HSM$).$

The MEK itself is not used directly to encrypt or decrypt data but is used to protect the DEK.

Database Encryption Key $($DEK$)$:

The Database Encryption Key is the primary key used to encrypt and decrypt the data in the database.

Each database protected by TDE has its own unique DEK.

The DEK is encrypted with the Master Encryption Key and stored in the database header or in the database itself.

Data Encryption Key $($DEK$,$ per encrypted data page$)$:

For efficiency, databases often use a separate Data Encryption Key for each encrypted data page or block.

These keys are derived from the Database Encryption Key and are used to encrypt and decrypt individual data pages.

Page Level Encryption Keys $($Optional$)$:

In some systems, especially those with granular control over encryption, there may be additional keys used at the page level.

These keys may encrypt specific types of data or subsets of data within the database.