Does SQL 2019 support 4096 key length for TDE?

Sarbjit Singh Gill 1 Reputation point
2021-10-01T06:42:34.863+00:00

Greetings

Doing a project where customer requirements for 4096 key length.
So does SQL 2019 support 4096 key length for TDE.

SS

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,285 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Seeya Xi-MSFT 16,461 Reputation points
    2021-10-01T09:11:08.967+00:00

    Hi @Sarbjit Singh Gill ,

    Do you mean RSA?
    SQL Server supports RSA algorithms of these lengths.
    RSA_512
    RSA_1024
    RSA_2048
    RSA_3072
    RSA_4096

    Over the past few years we have seen a number of attacks where certificates containing 512-bit length keys may have been broken up. Therefore, avoid using the 512-bit key length option.
    Initially the 1024-bit key length was predicted to be appropriate until 2010. Some cryptographers believe that 1024 bit key length will be broken soon (in the next few years) therefore, 1024 is also obsolete in the near future.
    The 512 and 1024 encryption algorithms have been deprecated in SQL Server 2016.
    The latest research from Google in 2019, quantum computers crack 2048-bit RSA encryption in 8 hours, which is 11 years ahead of the expected usage year of 2030.
    Now the only ones we can expect to be secure within are RSA_3072 and RSA_4096.
    Please feel free to let me know if I misunderstood you.

    Best regards,
    Seeya


    If the response is helpful, please click "Accept Answer" and upvote it, as this could help other community members looking for similar queries.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Ben Miller (DBAduck) 956 Reputation points
    2021-10-01T12:23:02.403+00:00

    As per the documentation for SQL Server, the Algorithms for SQL TDE are as follows:

    CREATE DATABASE ENCRYPTION KEY
    WITH ALGORITHM = { AES_128 | AES_192 | AES_256 | TRIPLE_DES_3KEY }

    0 comments No comments

  3. Ankur Shrivastava 1 Reputation point
    2021-12-22T10:23:47.91+00:00

    I am facing some challenges in SQL Server 2019 while creating the TDE using RSA_4096 key.

    Steps to reproduced

    1) created asymmetric key with RSA_4096
    2) Encrypting database with this key using below query

    CREATE DATABASE ENCRYPTION KEY
    WITH ALGORITHM = AES_256
    ENCRYPTION BY SERVER ASYMMETRIC KEY RSA_4096_TEST ;

    Below Error Comes when trying to encrypt DB :-

    Msg 33178, Level 16, State 2, Line 257
    Encryption key length is over the currently supported maximum length of 3456.

    Do we supports this RSA_4096 Algo in SQL Server 2019 ?