To create a new symmetric AES 256 key EKM_AES_256 and store it in the CryptoServer SQLEKM provider, use the following statement:
SQL Statement
|
Note that the key name EKM_AES_256 appears twice here: first as key name for the SQL Server and second as the CryptoServer key name. However, it is not necessary that both names are identical. In fact, in SQL Server commands a key is referred to by its SQL Server name. The CREATE … KEY statement creates a binding to the CryptoServer key, which can be different, using a common identifier.
Key mapping
An SQL Server key can also be created from an existing CryptoServer SQLEKM provider key:
SQL Statement
|
Here, a lookup for the given provider key name is performed. For the CryptoServer SQLEKM provider, the CXI_GROUP is also taken into account if one is specified in the credential’s identity (see 2021-0004 Setting up Credentials). This statement
creates the aforementioned binding.
To create asymmetric keys proceed in the same manner. Here is the statement to create an asymmetric RSA 2048 key:
SQL Statement
|