ENCRYPTBYCERT (Transact-SQL)
 

THIS TOPIC APPLIES TO: yesSQL Server (starting with 2008) yesAzure SQL Database noAzure SQL Data Warehouse noParallel Data Warehouse

Encrypts data with the public key of a certificate.

Topic link icon  Transact-SQL Syntax Conventions

  
EncryptByCert ( certificate_ID , { 'cleartext' | @cleartext } )  

certificate_ID
The ID of a certificate in the database. int.

cleartext
A string of data that will be encrypted with the certificate.

@cleartext
A variable of type nvarchar, char, varchar, binary, varbinary, or nchar containing data that will be encrypted with the public key of the certificate.

varbinary with a maximum size of 8,000 bytes.

This function encrypts data with the public key of a certificate. The ciphertext can only be decrypted with the corresponding private key. Such asymmetric transformations are very costly compared to encryption and decryption using a symmetric key. Asymmetric encryption is therefore not recommended when working with large datasets such as user data in tables.

This example encrypts the plaintext stored in @cleartext with the certificate called JanainaCert02. The encrypted data is inserted into table ProtectedData04.

INSERT INTO [AdventureWorks2012].[ProtectedData04]   
    VALUES ( N'Data encrypted by certificate ''Shipping04''',  
    EncryptByCert(Cert_ID('JanainaCert02'), @cleartext) );  
GO  

DECRYPTBYCERT (Transact-SQL)
CREATE CERTIFICATE (Transact-SQL)
ALTER CERTIFICATE (Transact-SQL)
DROP CERTIFICATE (Transact-SQL)
BACKUP CERTIFICATE (Transact-SQL)
Encryption Hierarchy