CREATE ASYMMETRIC KEY (Transact-SQL)
Creates an asymmetric key in the database.
Transact-SQL Syntax Conventions
Syntax
CREATE ASYMMETRIC KEY Asym_Key_Name
[ AUTHORIZATION database_principal_name ]
{
FROM <Asym_Key_Source>
|
WITH ALGORITHM = { RSA_512 | RSA_1024 | RSA_2048 }
}
[ ENCRYPTION BY PASSWORD = 'password' ]
<Asym_Key_Source>::=
FILE = 'path_to_strong-name_file'
|
EXECUTABLE FILE = 'path_to_executable_file'
|
ASSEMBLY Assembly_Name
Arguments
- FROM Asym_Key_Source
Specifies the source from which to load the asymmetric key pair.
- AUTHORIZATION database_principal_name
Specifies the owner of the asymmetric key. The owner cannot be a role or a group. If this option is omitted, the owner will be the current user.
- FILE ='path_to_strong-name_file'
Specifies the path of a strong-name file from which to load the key pair.
- EXECUTABLE FILE ='path_to_executable_file'
Specifies an assembly file from which to load the public key.
- ASSEMBLY Assembly_Name
Specifies the name of an assembly from which to load the public key.
- ENCRYPTION BY PASSWORD ='password'
Specifies the password with which to encrypt the private key. If this clause is not present, the private key will be encrypted with the database master key. password is a maximum of 128 characters.
Remarks
An asymmetric key is a securable entity at the database level. In its default form, this entity contains both a public key and a private key. When executed without the FROM clause, CREATE ASYMMETRIC KEY generates a new key pair. When executed with the FROM clause, CREATE ASYMMETRIC KEY imports a key pair from a file or imports a public key from an assembly.
By default, the private key is protected by the database master key. If no database master key has been created, a password is required to protect the private key. If a database master key does exist, the password is optional.
The private key can be 512, 1024, or 2048 bits long.
Permissions
Requires CREATE ASYMMETRIC KEY permission on the database. If the AUTHORIZATION clause is specified, requires IMPERSONATE permission on the database principal, or ALTER permission on the application role.
Examples
A. Creating an asymmetric key
The following example creates an asymmetric key named PacificSales09
by using the RSA_2048
algorithm, and protects the private key with a password.
CREATE ASYMMETRIC KEY PacificSales09
WITH ALGORITHM = RSA_2048
ENCRYPTION BY PASSWORD = 'bmsA$dk7i82bv55foajsd9764';
GO
B. Creating an asymmetric key from a file, giving authorization to a user
The following example creates the asymmetric key PacificSales19
from a key pair stored in a file, and then authorizes user SyedAbbas
to use the asymmetric key.
CREATE ASYMMETRIC KEY PacificSales19 AUTHORIZATION SyedAbbas
FROM FILE = ' c:\PacSales\Managers\SyedAbbasCerts.tmp'
ENCRYPTION BY PASSWORD = '35698ofg0sjlkfLKJ4548872$$$2';
GO
See Also
Reference
ALTER ASYMMETRIC KEY (Transact-SQL)
DROP ASYMMETRIC KEY (Transact-SQL)
Other Resources
Choosing an Encryption Algorithm
Encryption Hierarchy