sys.asymmetric_keys (Transact-SQL)
Applies to: 
SQL Server
Azure SQL Database
Azure SQL Managed Instance
Returns a row for each asymmetric key.
| Column name | Data type | Description |
|---|---|---|
| name | sysname | Name of the key. Is unique within the database. |
| principal_id | int | ID of the database principal that owns the key. |
| asymmetric_key_id | int | ID of the key. Is unique within the database. |
| pvt_key_encryption_type | char(2) | How the key is encrypted. NA = Not encrypted MK = Key is encrypted by the master key PW = Key is encrypted by a user-defined password SK = Key is encrypted by service master key. |
| pvt_key_encryption_type_desc | nvarchar(60) | Description of how the private key is encrypted. NO_PRIVATE_KEY ENCRYPTED_BY_MASTER_KEY ENCRYPTED_BY_PASSWORD ENCRYPTED_BY_SERVICE_MASTER_KEY |
| thumbprint | varbinary(32) | SHA-1 hash of the key. The hash is globally unique. |
| algorithm | char(2) | Algorithm used with the key. 1R = 512-bit RSA 2R = 1024-bit RSA 3R = 2048-bit RSA |
| algorithm_desc | nvarchar(60) | Description of the algorithm used with the key. RSA_512 RSA_1024 RSA_2048 |
| key_length | int | Bit length of the key. |
| sid | varbinary(85) | Login SID for this key. For Extensible Key Management keys this value will be NULL. |
| string_sid | nvarchar(128) | String representation of the login SID of the key. For Extensible Key Management keys this value will be NULL. |
| public_key | varbinary(max) | Public key. |
| attested_by | nvarchar(260) | System use only. |
| provider_type | nvarchar(120) | Type of cryptographic provider: CRYPTOGRAPHIC PROVIDER = Extensible Key Management keys NULL = Non-Extensible Key Management keys |
| cryptographic_provider_guid | uniqueidentifier | GUID for the cryptographic provider. For non-Extensible Key Management keys this value will be NULL. |
| cryptographic_provider_algid | sql_variant | Algorithm ID for the cryptographic provider. For non-Extensible Key Management keys this value will be NULL. |
Permissions
The visibility of the metadata in catalog views is limited to securables that a user either owns, or on which the user was granted some permission. For more information, see Metadata Visibility Configuration.
See Also
Security Catalog Views (Transact-SQL)
Extensible Key Management (EKM)
Catalog Views (Transact-SQL)
Encryption Hierarchy
CREATE ASYMMETRIC KEY (Transact-SQL)