Symmetric Keys Wizard (SQL Server)

From DBArtisan
Jump to: navigation, search

Go Up to Microsoft SQL Server Object Wizards

This wizard lets you build and submit a CREATE SYMMETRIC KEY statement.

To create a new symmetric key using a wizard

  1. Open a creation wizard for a symmetric key. For details, see Opening an Object Wizard.
  2. Use the following topics as a guide to setting properties and performing tasks as you pass through the wizard panels:
  3. Finally, use the Execute button to create the object.

Symmetric Keys (SQL Server) - Properties

When creating or editing an asymmetric key, this tab/panel lets you work with the following settings:

Setting Description

Authorization Owner

The name of the user that will own the symmetric key.

Name

The name for the symmetric key

Provider Name

Lets you provide a FROM PROVIDER argument value, specifying an Extensible Key Management provider and name.

Key Algorithm

Lets you select a WITH ALGORITHM value of DES, AES_192, RC2, RC4_128, DESX, AES_128, TRIPLE_DES, or TRIPLE_DES_3KEY, specifying the encryption algorithm.

Pass Phrase

Lets you provide a KEY_SOURCE argument value, specifying a pass phrase from which to derive the key.

Identity Phrase

Lets you provide an IDENTITY_VALUE argument value, specifying an identity phrase from which to generate a GUID that tags data encrypted with a temporary key.

Key Name In Provider

Lets you provide a PROVIDER_KEY_NAME value, specifying the key name from the external provider.

Creation Disposition

Lets you select a CREATION_DISPOSITION value of OPEN_EXISTING or CREATE_NEW, specifying whether the symmetric key is mapped to an existing EKM key or a new key is created on the EKM device.

For context information such as opening the wizard or editor for this object type, see Synonyms Wizard (SQL Server).

Symmetric Keys (SQL Server) - Encryption Mechanisms

When creating or editing a symmetric key, this tab/panels lets you provide an ENCRYPTION BY... argument, and indicate the specific asymmetric key, symmetric keys, or certificate used to encrypt the key being created or the password from which to derive a TRIPLE_DES key.

The Used Encryption Mechanisms lists the symmetric key, asymmetric key, certificate, or password options currently included in the ENCRYPTION BY argument. Selecting ASYMMETRIC KEYS, CERTIFICATES, PASSWORD, or SYMMETRIC KEYS from the Encryption Type dropdown displays the list of available elements of that type in the Existing Encryption Mechanisms list.

To specify encrypting mechanisms for a symmetric key

  1. From the Encryption Type dropdown, select an option among ASYMMETRIC KEYS, CERTIFICATES, PASSWORD, or SYMMETRIC KEYS.
  2. Take one of the following actions:
    • Select CERTIFICATE or ASYMMETRIC KEY from the Encryption Type dropdown to display elements of that type in the Existing Encryption Mechanisms list. Select a specific certificate or asymmetric key and click Add to move that element to the Used Encryption Mechanisms list.
    • Select SYMMETRIC KEY from the Encryption Type dropdown to display elements of that type in the Existing Encryption Mechanisms list. Select a specific symmetric key and click Add to open the Open Key dialog. For more information on opening and decrypting the key, see Opening a Symmetric Key.
    • Select PASSWORD from the Encryption Type dropdown and click Add to open the Add Password dialog. That dialog lets you add an ENCRYPTION BY PASSWORD argument. Use the Password control to provide the ENCRYPTION BY PASSWORD value. Click OK to add the password to the Used Encryption Mechanisms list.
  3. Repeat step1 and step2 to add more encrypting mechanisms for this symmetric key.

To remove an encryption mechanism from an asymmetric key

  1. Select an item from the Used Encryption Mechanisms list.
  2. Click Remove.

For context information such as opening the wizard or editor for this object type, see Synonyms Wizard (SQL Server).

For information on creating asymmetric keys or certificates to be used with the encryption method for this key, see Asymmetric Keys Wizard (SQL Server) and Certificate Wizard (SQL Server).

Opening a Symmetric Key

When specifying a symmetric keys as the encryption mechanism, you must decrypt the symmetric key and make it available for use. The Open Key dialog lets you build an OPEN SYMMETRIC KEY that will precede the CREATE SYMMETRIC KEY statement submitted to create or edit a symmetric key.

Use the Certificate control to provide a DECRYPTION BY CERTIFICATE value and the Password control to provide a WITH PASSWORD value. Click Open Key to add the symmetric key to the Used Encryption Mechanisms list.

Note: This functionality is available for Microsoft SQL Server only.

To open a symmetric key

  1. Open a creation wizard or editor for a symmetric key. For details, see Opening an Object Wizard and Opening an Object Editor.
  2. Select the Encryption Mechanisms tab.
  3. Select Symmetric Keys from the Encryption Type dropdown, select a symmetric key from the Existing Encryptions Mechanisms list, and then click Add.
    The Open Key dialog opens.
  4. Use the following table as a guide to understanding and modifying settings in the dialog:
Step Settings and tasks

Action options

Lets you work with the following settings:

Decryption Mechanism and Certificate/ Symmetric Key/Asymmetric Key/Password

These controls let you build the DECRYPTION BY option, specifying the decryption mechanism and the specific certificate, asymmetric key, symmetric key or password to be used.

Password

Lets you provide the BY PASSWORD or WITH PASSWORD values for a Decryption Mechanism of CERTIFICATE, ASYMMETRIC KEY, or PASSWORD.

Preview

Displays the DDL that will execute the object action. For details, see Preview.

5. Click Open Key to dismiss the dialog and return to the Symmetric Key wizard or editor.