Re: EncryptByCert Problem
- From: "Laurentiu Cristofor [MSFT]" <laur@xxxxxxxxxx>
- Date: Thu, 24 Aug 2006 13:45:10 -0700
I'll ask for an update of these BOL topics to mention the restrictions
related to the key lenghts. If you access BOL online, you can also rate the
articles and submit feedback directly. Here are the links for the topics we
discussed:
http://msdn2.microsoft.com/en-us/library/ms188061.aspx
http://msdn2.microsoft.com/en-us/library/ms186950.aspx
Thanks
--
Laurentiu Cristofor [MSFT]
Software Design Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/
This posting is provided "AS IS" with no warranties, and confers no rights.
"Mike C#" <xyz@xxxxxxx> wrote in message
news:%23vuAcc6xGHA.3500@xxxxxxxxxxxxxxxxxxxxxxx
Someone needs to tell the BOL writers to update the page on this then. It
currently indicates that EncryptByCert can return a varbinary up to 8,000
bytes in length, which is ludicrous if the input is really limited to 421
bytes and the output is limited to 432 bytes. I'm not advocating using
certificates and asymmetric keys to encrypt all data. I am advocating
accurate documentation of system limitations.
"Laurentiu Cristofor [MSFT]" <laur@xxxxxxxxxx> wrote in message
news:e2ASWY6xGHA.4336@xxxxxxxxxxxxxxxxxxxxxxx
Yes, this is a restriction of asymmetric key encryption - the actual data
that you can encrypt with one call will depend on the size of the private
key that is used.
For example: 512 bit RSA key can encrypt up to 53 bytes, 1024 bit up to
117 bytes, and 2048 bit up to 245 bytes.
See http://blogs.msdn.com/yukondoit/archive/2005/11/24/496521.aspx for a
workaround, if you really want to encrypt more.
Certificates should only be used to protect other keys, not to encrypt
data directly, so this limit does not impact the intended use of
certificates.
Thanks
--
Laurentiu Cristofor [MSFT]
Software Design Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Mike C#" <xyz@xxxxxxx> wrote in message
news:fuaHg.586$k%3.406@xxxxxxxxxxxxxxx
I posted this message to the wrong group (sqlserver.programming), so I'm
reposting here. Sorry for the repost... it's late... so here goes:
OK, so I'm testing EncryptByCert with some code like the following:
DECLARE @v varchar(8000);
SELECT @v = REPLICATE('A', 117);
SELECT @v;
DECLARE @e varbinary(8000);
SELECT @e = EncryptByCert(Cert_ID(N'TestCertificate'), @v);
SELECT @e;
The function encrypts fine and I'm able to use DecryptByCert to get the
result. Problem is if I change the line SELECT @v = REPLICATE('A', 117)
to:
SELECT @v = REPLICATE('A', 118);
The EncryptByCert function returns NULL every time with 118 or higher.
BOL states that the result is returned as a varbinary with a max length
of
8,000. I keep getting a varbinary with a max length of 128. Can anyone
else reproduce this, or am I doing something wrong?
Thanks
.
- Follow-Ups:
- Re: EncryptByCert Problem
- From: Laurentiu Cristofor [MSFT]
- Re: EncryptByCert Problem
- From: Mike C#
- Re: EncryptByCert Problem
- References:
- EncryptByCert Problem
- From: Mike C#
- Re: EncryptByCert Problem
- From: Laurentiu Cristofor [MSFT]
- Re: EncryptByCert Problem
- From: Mike C#
- EncryptByCert Problem
- Prev by Date: Re: how to decrypt an encrypted stored proc in 2005
- Next by Date: Re: EncryptByCert Problem
- Previous by thread: Re: EncryptByCert Problem
- Next by thread: Re: EncryptByCert Problem
- Index(es):
Relevant Pages
|
