Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Tasks

Creating Asymmetric Key with Key Version Enabled

search

Creating Asymmetric Key with Key Version Enabled

To create an Asymmetric Key with Key Version enabled, you need to run the following command:

CREATE ASYMMETRIC KEY <sql_asym_key_name#>
FROM PROVIDER <crypto_provider_name>
WITH ALGORITHM = <algorithm_name>,
PROVIDER_KEY_NAME = <key_name_in_ks#>,
CREATION_DISPOSITION=CREATE_NEW;

For example:

CREATE ASYMMETRIC KEY cakm_key_thales#
FROM PROVIDER cakm_provider
WITH ALGORITHM = RSA_2048,
PROVIDER_KEY_NAME = 'cakm_key_thales#',
CREATION_DISPOSITION=CREATE_NEW;

Note

To enable the key versioning while creating an asymetric key, you need to add a suffix '#' to the key name as shown in the above example.

Warning

It is recommended not to delete the intermediate keys. If the intermediate keys are deleted, the DB will go into recovery mode and you will not be able to restore the backup of the database.

To fetch a specific version of the Key from CipherTrust Manager, you need to run the following command:

CREATE ASYMMETRIC KEY <sql_asym_key_name#>
FROM PROVIDER <crypto_provider_name>
WITH PROVIDER_KEY_NAME = <key_name_in_ks#version>,
CREATION_DISPOSITION=OPEN_EXISTING;

Note

Here, version is the specific version no. of a Key to be fetched from the CipherTrust Manager.

For example:

CREATE ASYMMETRIC KEY cakm_key_thales#
FROM PROVIDER thales_provider
WITH PROVIDER_KEY_NAME = 'cakm_key_thales#5',
CREATION_DISPOSITION=OPEN_EXISTING;

If you increase the version of a versioned key on CipherTrust Manager, you must reboot the sql server instance to encrypt the DB with latest version of key.

On this page