In this paper a new scheme of key management is provided，two—level key transformation，which is considerably secure and easy to be implemented．Based on this scheme，a DBEMT(database encryption management tool)is achieved．The overall de-signs and functions of DBEMT are presented in detail．according to various ways for secu-rity class division，the designs of cipher databases using field classification,record classifi-cation and attribute classification methods are discussed respectively．Compared with conventional schemes，it has properties of good operability and high running speed．This scheme offers good prospect for utilization．