||SQL Server Tips by Gama and Naughter
MS CryptoAPI based Public Key Implementations
Unlike the symmetric encryption methods,
which work on a secret key, a public key must first exist to perform
encryption. In addition the public key pair we use should not
interfere with any other programs use of public keys. This is
achieved by using a so-called “Container” when we initially call the
MS CryptoAPI function “CryptAcquireContext”. The XP_CRYPTOAPI DLL
uses the name “XP_CRYPTOAPI” for the container. This logic is shared
between the asymmetric encryption and signing routines and is
contained in the function “CCryptoAPISignExtendedStoredProcedure::CryptAcquireContext”
in the module “XPSignatures.cpp”. This function is called instead of
the standard “CryptAcquireContext” function throughout the
asymmetric encryption and signing routines. Next the code acquires
the public key to perform the encryption using “CryptGetUserKey”.
Then the encryption is performed using the standard “CryptEncrypt”
function. The resulting encrypted data is then returned as an output
parameter in the XP.
For decryption, the public key is first imported into the CSP via a
parameter to the XP. This is achieved using the function “CryptImportKey”.
Once the key is imported we perform the decryption using the
function “CryptDecrypt”. The decrypted data is then returned in the
output parameter for the XP.
The above book excerpt is from:
Turbocharge Database Performance with C++ External Procedures
Joseph Gama, P. J. Naughter