Applies To: SQL Server 2014, SQL Server 2016 Preview

Encrypts data with the public key of a certificate.

Applies to: SQL Server (SQL Server 2008 through current version), SQL Database V12 ( Preview in some regions).

Topic link icon  Transact-SQL Syntax Conventions


EncryptByCert ( certificate_ID , { 'cleartext' | @cleartext } )

The ID of a certificate in the database. int.


A string of data that will be encrypted with the certificate.


A variable of type nvarchar, char, varchar, binary, varbinary, or nchar containing data that will be encrypted with the public key of the certificate.

Return Types

varbinary with a maximum size of 8,000 bytes.


This function encrypts data with the public key of a certificate. The ciphertext can only be decrypted with the corresponding private key. Such asymmetric transformations are very costly compared to encryption and decryption using a symmetric key. Asymmetric encryption is therefore not recommended when working with large datasets such as user data in tables.


This example encrypts the plaintext stored in @cleartext with the certificate called JanainaCert02. The encrypted data is inserted into table ProtectedData04.

INSERT INTO [AdventureWorks2012].[ProtectedData04] 
    VALUES ( N'Data encrypted by certificate ''Shipping04''',
    EncryptByCert(Cert_ID('JanainaCert02'), @cleartext) );