2.2.5.7 Encryption Key Rule Definition
The EK_INFO rule applies to messages that have encrypted values and describes the encryption key information. The encryption key information includes the various encryption key values that are obtained by securing an encryption key by using different master keys. This rule applies only if the column encryption feature is negotiated by the client and the server and is turned ON.
-
Count = BYTE EncryptedKey = US_VARBYTE KeyStoreName = B_VARCHAR KeyPath = US_VARCHAR AsymmetricAlgo = B_VARCHAR EncryptionKeyValue = EncryptedKey KeyStoreName KeyPath AsymmetricAlgo DatabaseId = ULONG CekId = ULONG CekVersion = ULONG CekMDVersion = ULONGLONG EK_INFO = DatabaseId CekId CekVersion CekMDVersion Count *EncryptionKeyValue
|
Parameter |
Description |
|---|---|
|
Count |
The count of EncryptionKeyValue elements that are present in the message. |
|
EncryptedKey |
The ciphertext containing the encryption key that is secured with the master. |
|
KeyStoreName |
The key store name component of the location where the master key is saved. |
|
KeyPath |
The key path component of the location where the master key is saved. |
|
AsymmetricAlgo |
The name of the algorithm that is used for encrypting the encryption key. |
|
EncryptionKeyValue |
The metadata and encrypted value that describe an encryption key. This is enough information to allow retrieval of plaintext encryption keys. |
|
DatabaseId |
A 4-byte integer value that represents the database ID where the column encryption key is stored. |
|
CekId |
An identifier for the column encryption key. |
|
CekVersion |
The key version of the column encryption key. |
|
CekMDVersion |
The metadata version for the column encryption key. |