sys.symmetric_keys (Transact-SQL)

sys.symmetric_keys (Transact-SQL)

 

THIS TOPIC APPLIES TO: yesSQL Server (starting with 2008)yesAzure SQL DatabaseyesAzure SQL Data Warehouse yesParallel Data Warehouse

Returns one row for every symmetric key created with the CREATE SYMMETRIC KEY statement.

Column nameData typeDescription
namesysnameName of the key. Unique within the c4database.
principal_idintID of the database principal who owns the key.
symmetric_key_idintID of the key. Unique within the database.
key_lengthintLength of the key in bits.
key_algorithmchar(2)Algorithm used with the key:

R2 = RC2

R4 = RC4

D = DES

D3 = Triple DES

DT = TRIPLE_DES_3KEY

DX = DESX

A1 = AES 128

A2 = AES 192

A3 = AES 256

NA = EKM Key
algorithm_descnvarchar(60)Description of the algorithm used with the key:

RC2

RC4

DES

Triple_DES

TRIPLE_DES_3KEY

DESX

AES_128

AES_192

AES_256

NULL (Extensible Key Management algorithms only)
create_datedatetimeDate the key was created.
modify_datedatetimeDate the key was modified.
key_guiduniqueidentifierGlobally unique identifier (GUID) associated with the key. It is auto-generated for persisted keys. GUIDs for temporary keys are derived from the user-supplied pass phrase.
key_thumbprintsql_variantSHA-1 hash of the key. The hash is globally unique. For non-Extensible Key Management keys this value will be NULL.
provider_typenvarchar(120)Type of cryptographic provider:

CRYPTOGRAPHIC PROVIDER = Extensible Key Management keys

NULL = Non-Extensible Key Management keys
cryptographic_provider_guiduniqueidentifierGUID for the cryptographic provider. For non-Extensible Key Management keys this value will be NULL.
cryptographic_provider_algidsql_variantAlgorithm ID for the cryptographic provider. For non-Extensible Key Management keys this value will be NULL.

The visibility of the metadata in catalog views is limited to securables that a user either owns or on which the user has been granted some permission. For more information, see Metadata Visibility Configuration.

The RC4 algorithm is deprecated. This feature will be removed in a future version of Microsoft SQL Server. Do not use this feature in new development work, and modify applications that currently use this feature as soon as possible.

System_CAPS_ICON_note.jpg Note


The RC4 algorithm is only supported for backward compatibility. New material can only be encrypted using RC4 or RC4_128 when the database is in compatibility level 90 or 100. (Not recommended.) Use a newer algorithm such as one of the AES algorithms instead. In SQL Server 2012 material encrypted using RC4 or RC4_128 can be decrypted in any compatibility level.

Clarification regarding DES algorithms:

  • DESX was incorrectly named. Symmetric keys created with ALGORITHM = DESX actually use the TRIPLE DES cipher with a 192-bit key. The DESX algorithm is not provided. This feature will be removed in a future version of Microsoft SQL Server. Avoid using this feature in new development work, and plan to modify applications that currently use this feature.

  • Symmetric keys created with ALGORITHM = TRIPLE_DES_3KEY use TRIPLE DES with a 192-bit key.

  • Symmetric keys created with ALGORITHM = TRIPLE_DES use TRIPLE DES with a 128-bit key.

Catalog Views (Transact-SQL)
Extensible Key Management (EKM)
Security Catalog Views (Transact-SQL)
Encryption Hierarchy
CREATE SYMMETRIC KEY (Transact-SQL)

Community Additions

ADD
Show:
© 2016 Microsoft