SqlColumnEncryptionCspProvider Class

Definition

The CMK Store provider implementation for using Microsoft CAPI based Cryptographic Service Providers (CSP) with Always Encrypted.

public ref class SqlColumnEncryptionCspProvider : Microsoft::Data::SqlClient::SqlColumnEncryptionKeyStoreProvider
public class SqlColumnEncryptionCspProvider : Microsoft.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider
type SqlColumnEncryptionCspProvider = class
    inherit SqlColumnEncryptionKeyStoreProvider
Public Class SqlColumnEncryptionCspProvider
Inherits SqlColumnEncryptionKeyStoreProvider
Inheritance
SqlColumnEncryptionCspProvider

Remarks

Enables storing Always Encrypted column master key keys in a store, such as a hardware security module (HSM), that supports the Microsoft CAPI based Cryptographic Service Providers (CSP).

Constructors

SqlColumnEncryptionCspProvider()

Fields

ProviderName

A constant string for the provider name 'MSSQL_CSP_PROVIDER'.

Properties

ColumnEncryptionKeyCacheTtl

Gets or sets the lifespan of the decrypted column encryption key in the cache. Once the timespan has elapsed, the decrypted column encryption key is discarded and must be revalidated.

(Inherited from SqlColumnEncryptionKeyStoreProvider)

Methods

DecryptColumnEncryptionKey(String, String, Byte[])

Decrypts the given encrypted value using an asymmetric key specified by the key path and algorithm. The key path will be in the format of [ProviderName]/KeyIdentifier and should be an asymmetric key stored in the specified CSP provider. The valid algorithm used to encrypt/decrypt the CEK is 'RSA_OAEP'.

EncryptColumnEncryptionKey(String, String, Byte[])

Encrypts the given plain text column encryption key using an asymmetric key specified by the key path and the specified algorithm. The key path will be in the format of [ProviderName]/KeyIdentifier and should be an asymmetric key stored in the specified CSP provider. The valid algorithm used to encrypt/decrypt the CEK is 'RSA_OAEP'.

SignColumnMasterKeyMetadata(String, Boolean)

Throws a NotSupportedException exception in all cases.

VerifyColumnMasterKeyMetadata(String, Boolean, Byte[])

This function must be implemented by the corresponding Key Store providers. This function should use an asymmetric key identified by a key path and sign the masterkey metadata consisting of (masterKeyPath, allowEnclaveComputations, providerName).

Applies to