New-SqlColumnEncryptionKeyEncryptedValue
Creates the encrypted value of a column encryption key.
Syntax
New-SqlColumnEncryptionKeyEncryptedValue
[-TargetColumnMasterKeySettings] <SqlColumnMasterKeySettings>
[[-ColumnMasterKeySettings] <SqlColumnMasterKeySettings>]
[[-EncryptedValue] <String>]
[<CommonParameters>] Description
The New-SqlColumnEncryptionKeyEncryptedValue cmdlet creates the encrypted value of a column encryption key. The returned encrypted value is a hexadecimal string. The cmdlet supports two modes of operation:
- If a no encrypted value is specified, the cmdlet generates a new plaintext symmetric key and encrypts the key with the specified column master key.
- If an encrypted value is specified, the cmdlet first decrypts the specified encrypted value and then re-encrypts the obtained plaintext key with the specified column master key.
Note: This cmdlet is only available in PowerShell 5.
Examples
Example 1: Generate a key and encrypt it using a certificate
PS C:\> $TargetCmkSettings = New-SqlCertificateStoreColumnMasterKeySettings -CertificateStoreLocation "CurrentUser" -CertificateThumbprint "f2260f28d909d21c642a3d8e0b45a830e79a1420"
PS C:\> New-SqlColumnEncryptionKeyEncryptedValue -TargetColumnMasterKeySettings $TargetCmkSettingsThe first command generates a key and encrypts the key with a certificate in Windows Certificate Store and stores it in the variable named $TargetCmkSettings. The result is a hexadecimal string that is an encrypted key value.
Example 2: Generate a key and encrypt it with a certificate and an encryption key
PS C:\> $CmkSettings = New-SqlCertificateStoreColumnMasterKeySettings -CertificateStoreLocation "CurrentUser" -CertificateThumbprint "f2260f28d909d21c642a3d8e0b45a830e79a1420"
PS C:\> $TargetCmkSettings = New-SqlAzureKeyVaultColumnMasterKeySettings -KeyUrl "https://myvault.vault.contoso.net:443/keys/CMK/4c05f1a41b12488f9cba2ea964b6a700"
PS C:\> New-SqlColumnEncryptionKeyEncryptedValue -TargetColumnMasterKeySettings $TargetCmkSettings -ColumnMasterKeySettings $CmkSettings -EncryptedValue "0x016E000001630075007200720065006E00740075007300650072002F006D0079002F006200330039003900340035006200370031003100330037003700350032006400380061003100310033003900660035006200640036006400380066003700330038006600320033006200360032003000307925663D2C3E275DD272E15E606927DA4326F5735C2C8E84F91B9EFE44F503ED01C130984E83AF4513F8A4A8D0878D42364E958291AE25111A868D25B69FC5143EEC04131DA27D05F3442CB665ACB4BB3F6A7A9F07DBD5D212A772414A2CCA03BEBEB7BF0E22C644C715D739B983872AFB2D390229A0B5311BCA07E3C1D857EE8982320BBBE9382C960B9674E3CC3D618AD623D6A362BEAEF68B1B1BB49660DD643A4375A9285CD9EAA5B13BFE2792DA92025351E7B6067BA07B6178D03041F40F00D84326627094C9D6944DD912497B080058A529D2DA11C8D609604449714420B4E44ECD1EB26DEE18BF712146A51DD99A02E3D4EE692A503CF02F874497010772DE743DDFB2A74801AC9A94C876D1F93554B70CE0ECC437E7FC28BC11A08222977CDA807E256ED536C41700C631878226E513AFE1199A1DB4732F975AA09A1E75B8A19802AE018871A7A0AD5B1E29B942F30490EDABD310A4170B991EBCFDA2AFE43285D5406476204B381D8A33EEB0B967073B4C0127B1C7F0281AB310EE4B9A3C2D3EAB44A1F5D15D4739FFAEF6110ED4808446F6A05DBF4121B2B33A0AF5A457CD38F895B8F7ABDF792E3ADBC3AF55B1442625F88F80127D08DE9E4AC1BB2AAA46843A477135053CEEFA4327D8C999C16D8B49C225F34AD7588A5F9E93FB5532B1F1DC5AFB3CE23DDC8DC12327DD6B5985104D14F4A1BC0F61F0AACD"The first command gets the certificate store column master key settings that uses the current user settings for the location and stores the result in the variable named $CmkSettings.
Parameters
-ColumnMasterKeySettings
Specifies the SqlColumnMasterKeySettings object that this cmdlet uses to find where the column master key is stored.
| Type: | SqlColumnMasterKeySettings |
| Position: | 1 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EncryptedValue
Specifies the existing encrypted value. If you specify a value for this parameter, the cmdlet will first decrypt this value using the column master key referenced by the ColumnMasterKeySettings parameter and then re-encrypt it using the column master key referenced by the TargetColumnMasterKeySettings parameter.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-TargetColumnMasterKeySettings
Specifies the SqlColumnMasterKeySettings object that this cmdlet uses to determine where the column master key, to be used to encrypt the new encrypted value, is stored. The SqlColumnMasterKeySettings object has two properties: KeyStoreProviderName and KeyPath. KeyStoreProviderName specifies the name of a column master key store provider. An Always Encrypted-enabled client driver needs to access the key store containing the column master key. KeyPath specifies the location of the column master key within the key store. The format for KeyPath is specific to the key store.
| Type: | SqlColumnMasterKeySettings |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Outputs
String