SQL Server Tips by Gama and Naughter

MS CryptoAPI based Public Key Implementations

Unlike the symmetric encryption methods, which work on a secret key, a public key must first exist to perform encryption. In addition the public key pair we use should not interfere with any other programs use of public keys. This is achieved by using a so-called “Container” when we initially call the MS CryptoAPI function “CryptAcquireContext”. The XP_CRYPTOAPI DLL uses the name “XP_CRYPTOAPI” for the container. This logic is shared between the asymmetric encryption and signing routines and is contained in the function “CCryptoAPISignExtendedStoredProcedure::CryptAcquireContext” in the module “XPSignatures.cpp”. This function is called instead of the standard “CryptAcquireContext” function throughout the asymmetric encryption and signing routines. Next the code acquires the public key to perform the encryption using “CryptGetUserKey”. Then the encryption is performed using the standard “CryptEncrypt” function. The resulting encrypted data is then returned as an output parameter in the XP.

For decryption, the public key is first imported into the CSP via a parameter to the XP. This is achieved using the function “CryptImportKey”. Once the key is imported we perform the decryption using the function “CryptDecrypt”. The decrypted data is then returned in the output parameter for the XP.

The above book excerpt is from:

Super SQL Server Systems
Turbocharge Database Performance with C++ External Procedures

ISBN: 0-9761573-2-2
Joseph Gama, P. J. Naughter

 http://www.rampant-books.com/book_2005_2_sql_server_external_procedures.htm