SqlColumnEncryptionCertificateStoreProvider Class

Reference

Definition

Namespace:: Microsoft.Data.SqlClient

Assembly:: Microsoft.Data.SqlClient.dll

Package:: Microsoft.Data.SqlClient v1.0.19269.1

Package:: Microsoft.Data.SqlClient v1.1.4

Package:: Microsoft.Data.SqlClient v2.0.1

Package:: Microsoft.Data.SqlClient v2.1.4

Package:: Microsoft.Data.SqlClient v3.0.1

Package:: Microsoft.Data.SqlClient v3.1.0

Package:: Microsoft.Data.SqlClient v4.0.1

Package:: Microsoft.Data.SqlClient v4.1.0

Package:: Microsoft.Data.SqlClient v5.0.0

Package:: Microsoft.Data.SqlClient v5.1.0

Package:: Microsoft.Data.SqlClient v5.2.0

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

The implementation of the key store provider for Windows Certificate Store. This class enables using certificates stored in the Windows Certificate Store as column master keys. For details, see Always Encrypted.

public ref class SqlColumnEncryptionCertificateStoreProvider : Microsoft::Data::SqlClient::SqlColumnEncryptionKeyStoreProvider

public class SqlColumnEncryptionCertificateStoreProvider : Microsoft.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider

type SqlColumnEncryptionCertificateStoreProvider = class
    inherit SqlColumnEncryptionKeyStoreProvider

Public Class SqlColumnEncryptionCertificateStoreProvider
Inherits SqlColumnEncryptionKeyStoreProvider

Inheritance: Object

SqlColumnEncryptionKeyStoreProvider
SqlColumnEncryptionCertificateStoreProvider

Constructors

SqlColumnEncryptionCertificateStoreProvider()

Fields

ProviderName

The provider name.

Properties

ColumnEncryptionKeyCacheTtl

Gets or sets the lifespan of the decrypted column encryption key in the cache. Once the timespan has elapsed, the decrypted column encryption key is discarded and must be revalidated.

(Inherited from SqlColumnEncryptionKeyStoreProvider)

Methods

DecryptColumnEncryptionKey(String, String, Byte[])	Decrypts the specified encrypted value of a column encryption key. The encrypted value is expected to be encrypted using the certificate with the specified key path and using the specified algorithm. The format of the key path should be "Local Machine/My/<certificate_thumbprint>" or "Current User/My/<certificate_thumbprint>".
EncryptColumnEncryptionKey(String, String, Byte[])	Encrypts a column encryption key using the certificate with the specified key path and using the specified algorithm. The format of the key path should be "Local Machine/My/<certificate_thumbprint>" or "Current User/My/<certificate_thumbprint>".
SignColumnMasterKeyMetadata(String, Boolean)	Digitally signs the column master key metadata with the column master key referenced by the `masterKeyPath` parameter.
VerifyColumnMasterKeyMetadata(String, Boolean, Byte[])	This function must be implemented by the corresponding Key Store providers. This function should use an asymmetric key identified by a key path and verify the masterkey metadata consisting of (masterKeyPath, allowEnclaveComputations, providerName).

Applies to