2.2.5.7 Encryption Key Rule Definition

The EK_INFO rule applies to messages that have encrypted values and describes the encryption key information. The encryption key information includes the various encryption key values that are obtained by securing an encryption key by using different master keys. This rule applies only if the column encryption feature is negotiated by the client and the server and is turned ON.

 Count                 =   BYTE
  
 EncryptedKey          =   US_VARBYTE
  
 KeyStoreName          =   B_VARCHAR
  
 KeyPath               =   US_VARCHAR
  
 AsymmetricAlgo        =   B_VARCHAR
  
 EncryptionKeyValue    =   EncryptedKey
                           KeyStoreName
                           KeyPath
                           AsymmetricAlgo
  
 DatabaseId            =   ULONG
  
 CekId                 =   ULONG
  
 CekVersion            =   ULONG
  
 CekMDVersion          =   ULONGLONG
  
  
 EK_INFO               =   DatabaseId
                           CekId
                           CekVersion
                           CekMDVersion
                           Count
                           *EncryptionKeyValue

Parameter

Description

Count

The count of EncryptionKeyValue elements that are present in the message.

EncryptedKey

The ciphertext containing the encryption key that is secured with the master.

KeyStoreName

The key store name component of the location where the master key is saved.

KeyPath

The key path component of the location where the master key is saved.

AsymmetricAlgo

The name of the algorithm that is used for encrypting the encryption key.

EncryptionKeyValue

The metadata and encrypted value that describe an encryption key. This is enough information to allow retrieval of plaintext encryption keys.

DatabaseId

A 4-byte integer value that represents the database ID where the column encryption key is stored.

CekId

An identifier for the column encryption key.

CekVersion

The key version of the column encryption key.

CekMDVersion

The metadata version for the column encryption key.