Export (0) Print
Expand All

sys.fn_check_object_signatures (Transact-SQL)

Returns a list of all signable objects and indicates whether an object is signed by a specified certificate or asymmetric key. If the object is signed by the specified certificate or asymmetric key signed, it also returns whether the object's signature is valid.

Applies to: SQL Server (SQL Server 2008 through current version).

Topic link icon Transact-SQL Syntax Conventions

fn_ check_object_signatures ( 
    { '@class' } , { @thumbprint } 
  ) 

{ '@class' }

Identifies the type of thumbprint being provided:

  • 'certificate'

  • 'asymmetric key'

@class is sysname.

{ @thumbprint }

SHA-1 hash of the certificate with which the key is encrypted, or the GUID of the asymmetric key with which the key is encrypted. @thumbprint is varbinary(20).

The following table lists the columns that fn_check_object_signatures returns.

Column

Type

Description

type

nvarchar(120)

Returns type description or assembly.

entity_id

int

Returns the object id of the object being evaluated.

is_signed

int

Returns 0 when the object is not signed by the provided thumbprint. Returns 1 when the object is signed by the provided thumbprint.

is_signature_valid

int

When the is_signed value is 1, returns 0 when the signature is not valid. Returns 1 when the signature is valid.

When the is_signed value is 0, always returns 0.

Use fn_check_object_signatures to confirm that malicious users have not tampered with objects.

Requires VIEW DEFINITION on the certificate or asymmetric key.

The following example finds the schema signing certificate for the master database, and returns the is_signed value of 1 and the is_signature_valid value of 1 for those objects that are signed by the schema signing certificate and which have valid signatures.

USE master;
-- Declare a variable to hold the thumbprint.
DECLARE @thumbprint varbinary(20) ;
-- Populate the thumbprint variable with the master database schema signing certificate.
SELECT @thumbprint = thumbprint 
FROM sys.certificates 
WHERE name LIKE '%SchemaSigningCertificate%' ;
-- Evaluates the objects signed by the schema signing certificate
SELECT type, entity_id, OBJECT_NAME(entity_id) AS [object name], is_signed, is_signature_valid
FROM sys.fn_check_object_signatures ('certificate', @thumbprint) ;
GO

Community Additions

ADD
Show:
© 2014 Microsoft