Share via


SqlColumnEncryptionCertificateStoreProvider Class

Definition

The implementation of the key store provider for Windows Certificate Store. This class enables using certificates stored in the Windows Certificate Store as column master keys. For details, see Always Encrypted.

public ref class SqlColumnEncryptionCertificateStoreProvider : Microsoft::Data::SqlClient::SqlColumnEncryptionKeyStoreProvider
public class SqlColumnEncryptionCertificateStoreProvider : Microsoft.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider
type SqlColumnEncryptionCertificateStoreProvider = class
    inherit SqlColumnEncryptionKeyStoreProvider
Public Class SqlColumnEncryptionCertificateStoreProvider
Inherits SqlColumnEncryptionKeyStoreProvider
Inheritance
SqlColumnEncryptionCertificateStoreProvider

Constructors

SqlColumnEncryptionCertificateStoreProvider()

Fields

ProviderName

The provider name.

Properties

ColumnEncryptionKeyCacheTtl

Gets or sets the lifespan of the decrypted column encryption key in the cache. Once the timespan has elapsed, the decrypted column encryption key is discarded and must be revalidated.

(Inherited from SqlColumnEncryptionKeyStoreProvider)

Methods

DecryptColumnEncryptionKey(String, String, Byte[])

Decrypts the specified encrypted value of a column encryption key. The encrypted value is expected to be encrypted using the certificate with the specified key path and using the specified algorithm. The format of the key path should be "Local Machine/My/<certificate_thumbprint>" or "Current User/My/<certificate_thumbprint>".

EncryptColumnEncryptionKey(String, String, Byte[])

Encrypts a column encryption key using the certificate with the specified key path and using the specified algorithm. The format of the key path should be "Local Machine/My/<certificate_thumbprint>" or "Current User/My/<certificate_thumbprint>".

SignColumnMasterKeyMetadata(String, Boolean)

Digitally signs the column master key metadata with the column master key referenced by the masterKeyPath parameter.

VerifyColumnMasterKeyMetadata(String, Boolean, Byte[])

This function must be implemented by the corresponding Key Store providers. This function should use an asymmetric key identified by a key path and verify the masterkey metadata consisting of (masterKeyPath, allowEnclaveComputations, providerName).

Applies to