THIS TOPIC APPLIES TO:yesSQL Server (starting with 2008)yesAzure SQL DatabasenoAzure SQL Data Warehouse noParallel Data Warehouse

Encrypts data with an asymmetric key.

Topic link icon Transact-SQL Syntax Conventions


EncryptByAsymKey ( Asym_Key_ID , { 'plaintext' | @plaintext } )  


Is the ID of an asymmetric key in the database. int.

Is a string of data that will be encrypted with the asymmetric key.

Is a variable of type nvarchar, char, varchar, binary, varbinary, or nchar that contains data to be encrypted with the asymmetric key.

Return Types

varbinary with a maximum size of 8,000 bytes.


Encryption and decryption with an asymmetric key is very costly compared with encryption and decryption with a symmetric key. We recommend that you not encrypt large datasets, such as user data in tables, using an asymmetric key. Instead, you should encrypt the data using a strong symmetric key and encrypt the symmetric key using an asymmetric key.

EncryptByAsymKey return NULL if the input exceeds a certain number of bytes, depending on the algorithm. The limits are: a 512 bit RSA key can encrypt up to 53 bytes, a 1024 bit key can encrypt up to 117 bytes, and a 2048 bit key can encrypt up to 245 bytes. (Note that in SQL Server, both certificates and asymmetric keys are wrappers over RSA keys.)


The following example encrypts the text stored in @cleartext with the asymmetric key JanainaAsymKey02. The encrypted data is inserted into the ProtectedData04 table.

INSERT INTO AdventureWorks2012.Sales.ProtectedData04   
    VALUES( N'Data encrypted by asymmetric key ''JanainaAsymKey02''',  
    EncryptByAsymKey(AsymKey_ID('JanainaAsymKey02'), @cleartext) );  

See Also

Encryption Hierarchy