SqlColumnEncryptionCngProvider SqlColumnEncryptionCngProvider SqlColumnEncryptionCngProvider SqlColumnEncryptionCngProvider Class

Definition

The CMK Store provider implementation for using the Microsoft Cryptography API: Next Generation (CNG) with Always Encrypted.

public ref class SqlColumnEncryptionCngProvider : System::Data::SqlClient::SqlColumnEncryptionKeyStoreProvider
public class SqlColumnEncryptionCngProvider : System.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider
type SqlColumnEncryptionCngProvider = class
    inherit SqlColumnEncryptionKeyStoreProvider
Public Class SqlColumnEncryptionCngProvider
Inherits SqlColumnEncryptionKeyStoreProvider
Inheritance
SqlColumnEncryptionCngProviderSqlColumnEncryptionCngProviderSqlColumnEncryptionCngProviderSqlColumnEncryptionCngProvider

Remarks

Enables storing Always Encrypted column master key keys in a store, such as a hardware security module (HSM), that supports the Microsoft Cryptography API: Next Generation (CNG).

Constructors

SqlColumnEncryptionCngProvider() SqlColumnEncryptionCngProvider() SqlColumnEncryptionCngProvider() SqlColumnEncryptionCngProvider()

Initializes a new instance of the SqlColumnEncryptionCngProvider class.

Fields

ProviderName ProviderName ProviderName ProviderName

A constant string for the provider name 'MSSQL_CNG_STORE'.

Methods

DecryptColumnEncryptionKey(String, String, Byte[]) DecryptColumnEncryptionKey(String, String, Byte[]) DecryptColumnEncryptionKey(String, String, Byte[]) DecryptColumnEncryptionKey(String, String, Byte[])

Decrypts the given encrypted value using an asymmetric key specified by the key path and the specified algorithm. The key path will be in the format of [ProviderName]/KeyIdentifier and should be an asymmetric key stored in the specified CNG key store provider. The valid algorithm used to encrypt/decrypt the CEK is 'RSA_OAEP'.

EncryptColumnEncryptionKey(String, String, Byte[]) EncryptColumnEncryptionKey(String, String, Byte[]) EncryptColumnEncryptionKey(String, String, Byte[]) EncryptColumnEncryptionKey(String, String, Byte[])

Encrypts the given plain text column encryption key using an asymmetric key specified by the key path and the specified algorithm. The key path will be in the format of [ProviderName]/KeyIdentifier and should be an asymmetric key stored in the specified CNG key store provider. The valid algorithm used to encrypt/decrypt the CEK is 'RSA_OAEP'.

Equals(Object) Equals(Object) Equals(Object) Equals(Object)

Determines whether the specified object is equal to the current object.

(Inherited from Object)
GetHashCode() GetHashCode() GetHashCode() GetHashCode()

Serves as the default hash function.

(Inherited from Object)
GetType() GetType() GetType() GetType()

Gets the Type of the current instance.

(Inherited from Object)
MemberwiseClone() MemberwiseClone() MemberwiseClone() MemberwiseClone()

Creates a shallow copy of the current Object.

(Inherited from Object)
SignColumnMasterKeyMetadata(String, Boolean) SignColumnMasterKeyMetadata(String, Boolean) SignColumnMasterKeyMetadata(String, Boolean) SignColumnMasterKeyMetadata(String, Boolean)

Throws a NotSupportedException exception in all cases.

ToString() ToString() ToString() ToString()

Returns a string that represents the current object.

(Inherited from Object)
VerifyColumnMasterKeyMetadata(String, Boolean, Byte[]) VerifyColumnMasterKeyMetadata(String, Boolean, Byte[]) VerifyColumnMasterKeyMetadata(String, Boolean, Byte[]) VerifyColumnMasterKeyMetadata(String, Boolean, Byte[])

This function must be implemented by the corresponding Key Store providers. This function should use an asymmetric key identified by a key path and verify the masterkey metadata consisting of (masterKeyPath, allowEnclaveComputations, providerName).

Applies to

See also