OK, so I'm testing EncryptByCert with some code like the following:
DECLARE @v varchar(8000);
SELECT @v = REPLICATE('A', 117);
SELECT @v;
DECLARE @e varbinary(8000);
SELECT @e = EncryptByCert(Cert_ID(N'TestCertificate'), @v);
SELECT @e;
The function encrypts fine and I'm able to use DecryptByCert to get the
result. Problem is if I change the line SELECT @v = REPLICATE('A', 117) to:
SELECT @v = REPLICATE('A', 118);
The EncryptByCert function returns NULL every time with 118 or higher. BOL
states that the result is returned as a varbinary with a max length of
8,000. I keep getting a varbinary with a max length of 128. Can anyone
else reproduce this, or am I doing something wrong?
Thanks
For example: 512 bit RSA key can encrypt up to 53 bytes, 1024 bit up to 117
bytes, and 2048 bit up to 245 bytes.
See http://blogs.msdn.com/yukondoit/archive/2005/11/24/496521.aspx for a
workaround, if you really want to encrypt more.
Certificates should only be used to protect other keys, not to encrypt data
directly, so this limit does not impact the intended use of certificates.
Thanks
--
Laurentiu Cristofor [MSFT]
Software Design Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/
This posting is provided "AS IS" with no warranties, and confers no rights.
"Mike C#" <x...@xyz.com> wrote in message
news:fuaHg.586$k%3....@newsfe12.lga...
"Laurentiu Cristofor [MSFT]" <la...@nospam.com> wrote in message
news:e2ASWY6x...@TK2MSFTNGP06.phx.gbl...
http://msdn2.microsoft.com/en-us/library/ms188061.aspx
http://msdn2.microsoft.com/en-us/library/ms186950.aspx
Thanks
--
Laurentiu Cristofor [MSFT]
Software Design Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/
This posting is provided "AS IS" with no warranties, and confers no rights.
"Mike C#" <x...@xyz.com> wrote in message
news:%23vuAcc6...@TK2MSFTNGP02.phx.gbl...
"Laurentiu Cristofor [MSFT]" <la...@nospam.com> wrote in message
news:Ovyex47x...@TK2MSFTNGP03.phx.gbl...
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/cryptencrypt.asp
The relevant paragraph extracted from above is:
The Microsoft Enhanced Cryptographic Provider supports direct encryption
with RSA public keys and decryption with RSA private keys. The encryption
uses PKCS #1 padding. On decryption, this padding is verified. The length of
plaintext data that can be encrypted with a call to CryptEncrypt with an RSA
key is the length of the key modulus minus eleven bytes. The eleven bytes is
the chosen minimum for PKCS #1 padding. The ciphertext is returned in
little-endian format.
Thanks
--
Laurentiu Cristofor [MSFT]
Software Design Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/
This posting is provided "AS IS" with no warranties, and confers no rights.
"Laurentiu Cristofor [MSFT]" <la...@nospam.com> wrote in message
news:Ovyex47x...@TK2MSFTNGP03.phx.gbl...