SqlColumnEncryptionCngProvider Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The CMK Store provider implementation for using the Microsoft Cryptography API: Next Generation (CNG) with Always Encrypted.
public ref class SqlColumnEncryptionCngProvider : Microsoft::Data::SqlClient::SqlColumnEncryptionKeyStoreProvider
public class SqlColumnEncryptionCngProvider : Microsoft.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider
type SqlColumnEncryptionCngProvider = class
inherit SqlColumnEncryptionKeyStoreProvider
Public Class SqlColumnEncryptionCngProvider
Inherits SqlColumnEncryptionKeyStoreProvider
- Inheritance
Remarks
Enables storing Always Encrypted column master key keys in a store, such as a hardware security module (HSM), that supports the Microsoft Cryptography API: Next Generation (CNG).
Constructors
SqlColumnEncryptionCngProvider() |
Fields
ProviderName |
A constant string for the provider name 'MSSQL_CNG_STORE'. |
Properties
ColumnEncryptionKeyCacheTtl |
Gets or sets the lifespan of the decrypted column encryption key in the cache. Once the timespan has elapsed, the decrypted column encryption key is discarded and must be revalidated. (Inherited from SqlColumnEncryptionKeyStoreProvider) |
Methods
DecryptColumnEncryptionKey(String, String, Byte[]) |
Decrypts the given encrypted value using an asymmetric key specified by the key path and the specified algorithm. The key path will be in the format of [ProviderName]/KeyIdentifier and should be an asymmetric key stored in the specified CNG key store provider. The valid algorithm used to encrypt/decrypt the CEK is 'RSA_OAEP'. |
EncryptColumnEncryptionKey(String, String, Byte[]) |
Encrypts the given plain text column encryption key using an asymmetric key specified by the key path and the specified algorithm. The key path will be in the format of [ProviderName]/KeyIdentifier and should be an asymmetric key stored in the specified CNG key store provider. The valid algorithm used to encrypt/decrypt the CEK is 'RSA_OAEP'. |
SignColumnMasterKeyMetadata(String, Boolean) |
Throws a NotSupportedException exception in all cases. |
VerifyColumnMasterKeyMetadata(String, Boolean, Byte[]) |
This function must be implemented by the corresponding Key Store providers. This function should use an asymmetric key identified by a key path and verify the masterkey metadata consisting of (masterKeyPath, allowEnclaveComputations, providerName). |