Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
191 lines (187 sloc) 14.9 KB
<Type Name="SqlColumnEncryptionCngProvider" FullName="System.Data.SqlClient.SqlColumnEncryptionCngProvider">
<TypeSignature Language="C#" Value="public class SqlColumnEncryptionCngProvider : System.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider" />
<TypeSignature Language="ILAsm" Value=".class public auto ansi beforefieldinit SqlColumnEncryptionCngProvider extends System.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider" />
<TypeSignature Language="DocId" Value="T:System.Data.SqlClient.SqlColumnEncryptionCngProvider" />
<TypeSignature Language="VB.NET" Value="Public Class SqlColumnEncryptionCngProvider&#xA;Inherits SqlColumnEncryptionKeyStoreProvider" />
<TypeSignature Language="C++ CLI" Value="public ref class SqlColumnEncryptionCngProvider : System::Data::SqlClient::SqlColumnEncryptionKeyStoreProvider" />
<TypeSignature Language="F#" Value="type SqlColumnEncryptionCngProvider = class&#xA; inherit SqlColumnEncryptionKeyStoreProvider" />
<AssemblyInfo>
<AssemblyName>System.Data</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Base>
<BaseTypeName>System.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider</BaseTypeName>
</Base>
<Interfaces />
<Docs>
<summary>The CMK Store provider implementation for using the Microsoft Cryptography API: Next Generation (CNG) with <see href="https://docs.microsoft.com/sql/relational-databases/security/encryption/always-encrypted-database-engine">Always Encrypted</see>.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
Enables storing Always Encrypted column master key keys in a store, such as a hardware security module (HSM), that supports the Microsoft Cryptography API: Next Generation (CNG).
]]></format>
</remarks>
<related type="ExternalDocumentation" href="https://blogs.msdn.com/b/sqlsecurity/archive/tags/always+encrypted/">Getting Started with Always Encrypted</related>
<related type="ExternalDocumentation" href="https://msdn.microsoft.com/library/mt147923.aspx">Always Encrypted (client development)</related>
</Docs>
<Members>
<Member MemberName=".ctor">
<MemberSignature Language="C#" Value="public SqlColumnEncryptionCngProvider ();" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor() cil managed" />
<MemberSignature Language="DocId" Value="M:System.Data.SqlClient.SqlColumnEncryptionCngProvider.#ctor" />
<MemberSignature Language="VB.NET" Value="Public Sub New ()" />
<MemberSignature Language="C++ CLI" Value="public:&#xA; SqlColumnEncryptionCngProvider();" />
<MemberType>Constructor</MemberType>
<AssemblyInfo>
<AssemblyName>System.Data</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Parameters />
<Docs>
<summary>Initializes a new instance of the <see cref="T:System.Data.SqlClient.SqlColumnEncryptionCngProvider" /> class.</summary>
<remarks>To be added.</remarks>
</Docs>
</Member>
<Member MemberName="DecryptColumnEncryptionKey">
<MemberSignature Language="C#" Value="public override byte[] DecryptColumnEncryptionKey (string masterKeyPath, string encryptionAlgorithm, byte[] encryptedColumnEncryptionKey);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig virtual instance unsigned int8[] DecryptColumnEncryptionKey(string masterKeyPath, string encryptionAlgorithm, unsigned int8[] encryptedColumnEncryptionKey) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Data.SqlClient.SqlColumnEncryptionCngProvider.DecryptColumnEncryptionKey(System.String,System.String,System.Byte[])" />
<MemberSignature Language="VB.NET" Value="Public Overrides Function DecryptColumnEncryptionKey (masterKeyPath As String, encryptionAlgorithm As String, encryptedColumnEncryptionKey As Byte()) As Byte()" />
<MemberSignature Language="C++ CLI" Value="public:&#xA; override cli::array &lt;System::Byte&gt; ^ DecryptColumnEncryptionKey(System::String ^ masterKeyPath, System::String ^ encryptionAlgorithm, cli::array &lt;System::Byte&gt; ^ encryptedColumnEncryptionKey);" />
<MemberSignature Language="F#" Value="override this.DecryptColumnEncryptionKey : string * string * byte[] -&gt; byte[]" Usage="sqlColumnEncryptionCngProvider.DecryptColumnEncryptionKey (masterKeyPath, encryptionAlgorithm, encryptedColumnEncryptionKey)" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyName>System.Data</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Byte[]</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="masterKeyPath" Type="System.String" />
<Parameter Name="encryptionAlgorithm" Type="System.String" />
<Parameter Name="encryptedColumnEncryptionKey" Type="System.Byte[]" />
</Parameters>
<Docs>
<param name="masterKeyPath">The master key path.</param>
<param name="encryptionAlgorithm">The encryption algorithm.</param>
<param name="encryptedColumnEncryptionKey">The encrypted column encryption key.</param>
<summary>Decrypts the given encrypted value using an asymmetric key specified by the key path and the specified algorithm. The key path will be in the format of [ProviderName]/KeyIdentifier and should be an asymmetric key stored in the specified CNG key store provider. The valid algorithm used to encrypt/decrypt the CEK is 'RSA_OAEP'.</summary>
<returns>The decrypted column encryption key.</returns>
<remarks>To be added.</remarks>
</Docs>
</Member>
<Member MemberName="EncryptColumnEncryptionKey">
<MemberSignature Language="C#" Value="public override byte[] EncryptColumnEncryptionKey (string masterKeyPath, string encryptionAlgorithm, byte[] columnEncryptionKey);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig virtual instance unsigned int8[] EncryptColumnEncryptionKey(string masterKeyPath, string encryptionAlgorithm, unsigned int8[] columnEncryptionKey) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Data.SqlClient.SqlColumnEncryptionCngProvider.EncryptColumnEncryptionKey(System.String,System.String,System.Byte[])" />
<MemberSignature Language="VB.NET" Value="Public Overrides Function EncryptColumnEncryptionKey (masterKeyPath As String, encryptionAlgorithm As String, columnEncryptionKey As Byte()) As Byte()" />
<MemberSignature Language="C++ CLI" Value="public:&#xA; override cli::array &lt;System::Byte&gt; ^ EncryptColumnEncryptionKey(System::String ^ masterKeyPath, System::String ^ encryptionAlgorithm, cli::array &lt;System::Byte&gt; ^ columnEncryptionKey);" />
<MemberSignature Language="F#" Value="override this.EncryptColumnEncryptionKey : string * string * byte[] -&gt; byte[]" Usage="sqlColumnEncryptionCngProvider.EncryptColumnEncryptionKey (masterKeyPath, encryptionAlgorithm, columnEncryptionKey)" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyName>System.Data</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Byte[]</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="masterKeyPath" Type="System.String" />
<Parameter Name="encryptionAlgorithm" Type="System.String" />
<Parameter Name="columnEncryptionKey" Type="System.Byte[]" />
</Parameters>
<Docs>
<param name="masterKeyPath">The master key path.</param>
<param name="encryptionAlgorithm">The encryption algorithm.</param>
<param name="columnEncryptionKey">The encrypted column encryption key.</param>
<summary>Encrypts the given plain text column encryption key using an asymmetric key specified by the key path and the specified algorithm. The key path will be in the format of [ProviderName]/KeyIdentifier and should be an asymmetric key stored in the specified CNG key store provider. The valid algorithm used to encrypt/decrypt the CEK is 'RSA_OAEP'.</summary>
<returns>The encrypted column encryption key.</returns>
<remarks>To be added.</remarks>
</Docs>
</Member>
<Member MemberName="ProviderName">
<MemberSignature Language="C#" Value="public const string ProviderName;" />
<MemberSignature Language="ILAsm" Value=".field public static literal string ProviderName" />
<MemberSignature Language="DocId" Value="F:System.Data.SqlClient.SqlColumnEncryptionCngProvider.ProviderName" />
<MemberSignature Language="VB.NET" Value="Public Const ProviderName As String " />
<MemberSignature Language="C++ CLI" Value="public: System::String ^ ProviderName;" />
<MemberSignature Language="F#" Value="val mutable ProviderName : string" Usage="System.Data.SqlClient.SqlColumnEncryptionCngProvider.ProviderName" />
<MemberType>Field</MemberType>
<AssemblyInfo>
<AssemblyName>System.Data</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.String</ReturnType>
</ReturnValue>
<Docs>
<summary>A constant string for the provider name 'MSSQL_CNG_STORE'.</summary>
<remarks>To be added.</remarks>
</Docs>
</Member>
<Member MemberName="SignColumnMasterKeyMetadata">
<MemberSignature Language="C#" Value="public override byte[] SignColumnMasterKeyMetadata (string masterKeyPath, bool allowEnclaveComputations);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig virtual instance unsigned int8[] SignColumnMasterKeyMetadata(string masterKeyPath, bool allowEnclaveComputations) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Data.SqlClient.SqlColumnEncryptionCngProvider.SignColumnMasterKeyMetadata(System.String,System.Boolean)" />
<MemberSignature Language="VB.NET" Value="Public Overrides Function SignColumnMasterKeyMetadata (masterKeyPath As String, allowEnclaveComputations As Boolean) As Byte()" />
<MemberSignature Language="C++ CLI" Value="public:&#xA; override cli::array &lt;System::Byte&gt; ^ SignColumnMasterKeyMetadata(System::String ^ masterKeyPath, bool allowEnclaveComputations);" />
<MemberSignature Language="F#" Value="override this.SignColumnMasterKeyMetadata : string * bool -&gt; byte[]" Usage="sqlColumnEncryptionCngProvider.SignColumnMasterKeyMetadata (masterKeyPath, allowEnclaveComputations)" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyName>System.Data</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Byte[]</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="masterKeyPath" Type="System.String" Index="0" FrameworkAlternate="netframework-4.7.2;netframework-4.8" />
<Parameter Name="allowEnclaveComputations" Type="System.Boolean" Index="1" FrameworkAlternate="netframework-4.7.2;netframework-4.8" />
</Parameters>
<Docs>
<param name="masterKeyPath">The column master key path. The path format is specific to a key store provider.</param>
<param name="allowEnclaveComputations">
<see langword="true" /> to indicate that the column master key supports enclave computations; otherwise, <see langword="false" />.</param>
<summary>Throws a <see cref="T:System.NotSupportedException" /> exception in all cases.</summary>
<returns>The signature of the column master key metadata.</returns>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
The <xref:System.Data.SqlClient.SqlColumnEncryptionCngProvider.SignColumnMasterKeyMetadata%2A> method must be implemented by the corresponding key store providers. <xref:System.Data.SqlClient.SqlColumnEncryptionCngProvider.SignColumnMasterKeyMetadata%2A> should use an asymmetric key identified by a key path and sign the masterkey metadata consisting of `masterKeyPath`, `allowEnclaveComputations`, and providerName.
]]></format>
</remarks>
<exception cref="T:System.NotSupportedException">In all cases.</exception>
</Docs>
</Member>
<Member MemberName="VerifyColumnMasterKeyMetadata">
<MemberSignature Language="C#" Value="public override bool VerifyColumnMasterKeyMetadata (string masterKeyPath, bool allowEnclaveComputations, byte[] signature);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig virtual instance bool VerifyColumnMasterKeyMetadata(string masterKeyPath, bool allowEnclaveComputations, unsigned int8[] signature) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Data.SqlClient.SqlColumnEncryptionCngProvider.VerifyColumnMasterKeyMetadata(System.String,System.Boolean,System.Byte[])" />
<MemberSignature Language="VB.NET" Value="Public Overrides Function VerifyColumnMasterKeyMetadata (masterKeyPath As String, allowEnclaveComputations As Boolean, signature As Byte()) As Boolean" />
<MemberSignature Language="C++ CLI" Value="public:&#xA; override bool VerifyColumnMasterKeyMetadata(System::String ^ masterKeyPath, bool allowEnclaveComputations, cli::array &lt;System::Byte&gt; ^ signature);" />
<MemberSignature Language="F#" Value="override this.VerifyColumnMasterKeyMetadata : string * bool * byte[] -&gt; bool" Usage="sqlColumnEncryptionCngProvider.VerifyColumnMasterKeyMetadata (masterKeyPath, allowEnclaveComputations, signature)" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyName>System.Data</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Boolean</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="masterKeyPath" Type="System.String" Index="0" FrameworkAlternate="netframework-4.7.2;netframework-4.8" />
<Parameter Name="allowEnclaveComputations" Type="System.Boolean" Index="1" FrameworkAlternate="netframework-4.7.2;netframework-4.8" />
<Parameter Name="signature" Type="System.Byte[]" Index="2" FrameworkAlternate="netframework-4.7.2;netframework-4.8" />
</Parameters>
<Docs>
<param name="masterKeyPath">The complete path of an asymmetric key. The path format is specific to a key store provider.</param>
<param name="allowEnclaveComputations">A Boolean that indicates if this key can be sent to the trusted enclave.</param>
<param name="signature">The master key metadata signature.</param>
<summary>This function must be implemented by the corresponding Key Store providers. This function should use an asymmetric key identified by a key path and verify the masterkey metadata consisting of (masterKeyPath, allowEnclaveComputations, providerName).</summary>
<returns>A Boolean that indicates if the master key metadata can be verified based on the provided signature.</returns>
<remarks>To be added.</remarks>
</Docs>
</Member>
</Members>
</Type>
You can’t perform that action at this time.