Edit

Share via

ENCRYPTBYCERT (Transact-SQL)

  • Article

Applies to: SQL Server Azure SQL Database Azure SQL Managed Instance

Encrypts data with the public key of a certificate.

Transact-SQL syntax conventions

Syntax

EncryptByCert ( certificate_ID , { 'cleartext' | @cleartext } )

Arguments

certificate_ID
The ID of a certificate in the database. int.

cleartext
A string of data that will be encrypted with the certificate.

@cleartext
A variable of one of the following types that contains data that will be encrypted with the public key of the certificate:

  • nvarchar
  • char
  • varchar
  • binary
  • varbinary
  • nchar

Return Types

varbinary with a maximum size of 8,000 bytes.

Remarks

This function encrypts data with the certificate's public key. The ciphertext can only be decrypted with the corresponding private key. These asymmetric transformations are costly when compared to encryption and decryption using a symmetric key. As such, asymmetric encryption isn't recommended when working with large datasets.

Examples

This example encrypts the plaintext stored in @cleartext with the certificate called JanainaCert02. The encrypted data is inserted into table ProtectedData04.

INSERT INTO [AdventureWorks2022].[ProtectedData04]   
    VALUES ( N'Data encrypted by certificate ''Shipping04''',  
    EncryptByCert(Cert_ID('JanainaCert02'), @cleartext) );  
GO

See Also

DECRYPTBYCERT (Transact-SQL)
CREATE CERTIFICATE (Transact-SQL)
ALTER CERTIFICATE (Transact-SQL)
DROP CERTIFICATE (Transact-SQL)
BACKUP CERTIFICATE (Transact-SQL)
Encryption Hierarchy