Share via


CREATE CRYPTOGRAPHIC PROVIDER (Transact-SQL)

Creates a cryptographic provider within SQL Server from an Extensible Key Management (EKM) provider.

Topic link iconTransact-SQL Syntax Conventions

Syntax

CREATE CRYPTOGRAPHIC PROVIDER provider_name 
    FROM FILE =path_of_DLL

Arguments

  • provider_name
    Is the name of the Extensible Key Management provider.

  • path_of_DLL
    Is the path of the .dll file that implements the SQL Server Extensible Key Management interface.

Remarks

All keys created by a provider will reference the provider by its GUID. The GUID is retained across all versions of the DLL.

The DLL that implements SQLEKM interface must be digitally signed using any certificate. SQL Server will verify the signature. This includes its certificate chain, which must have its root installed at the Trusted Root Cert Authorities location on a Windows system. If the signature is not verified correctly, the CREATE CRYPTOGRAPHIC PROVIDER statement will fail. For more information about certificates and certificate chains, see SQL Server Certificates and Asymmetric Keys.

Permissions

Requires CONTROL permission on the symmetric key.

Examples

The following example creates a cryptographic provider called SecurityProvider in SQL Server from a .dll file. The .dll file is named c:\SecurityProvider\SecurityProvider_v1.dll and it is installed on the server. The provider's certificate must first be installed on the server.

-- Install the provider
CREATE CRYPTOGRAPHIC PROVIDER SecurityProvider
    FROM FILE = 'c:\SecurityProvider\SecurityProvider_v1.dll'