Returns the private key of a certificate in binary format. This function takes three arguments.
- A certificate ID.
- An encryption password which is used to encrypt the private key bits when they are returned by the function, so that the keys are not exposed clear text to users.
- A decryption password which is optional. If a decryption password is specified, then it is used to decrypt the private key of the certificate otherwise database master key is used.
Only users that have access to certificate’s private key will be able to use this function. This function returns the private key in PVK format.
CERTPRIVATEKEY ( cert_ID , ' encryption_password ' [ , ' decryption_password ' ] )
Is the certificate_id of the certificate. This is available from sys.certificates or by using the CERT_ID (Transact-SQL) function. cert_id is type int
The password used to encrypt the returned binary value.
The password used to decrypt the returned binary value.
CERTENCODED and CERTPRIVATEKEY are used together to return different portions of a certificate in binary form.
CERTPRIVATEKEY is available to public.
CREATE DATABASE TEST1; GO USE TEST1 CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'Use 5tr0ng P^55Words' GO CREATE CERTIFICATE Shipping04 WITH SUBJECT = 'Sammamish Shipping Records', EXPIRY_DATE = '20141031'; GO SELECT CERTPRIVATEKEY(CERT_ID('Shipping04'), 'jklalkaa/; uia3dd');
For a more complex example that uses CERTPRIVATEKEY and CERTENCODED to copy a certificate to another database, see example B in the topic CERTENCODED (Transact-SQL).