Asymmetric Keys (SQL Server)

An asymmetric key is made up of a private key and the corresponding public key. Each key can decrypt data encrypted by the other. Asymmetric encryption and decryption are relatively resource-intensive, but they provide a higher level of security than symmetric encryption. An asymmetric key can be used to encrypt a symmetric key for storage in a database. PowerDesigner models asymmetric keys as extended objects with a stereotype of <<AsymmetricKey>>.

Creating an Asymmetric Key

You can create an asymmetric key in any of the following ways:

  • Select Model > Asymmetric Keys to access the List of Asymmetric Keys, and click the Add a Row tool.

  • Right-click the model (or a package) in the Browser, and select New > Asymmetric Key.

Asymmetric Key Properties

You can modify an object's properties from its property sheet. To open an asymmetric key property sheet, double-click its diagram symbol or its Browser entry in the Asymmetric Keys folder.

The following extended attributes are available on the Microsoft tab:

Name

Description

Authorization

Specifies the name of a user as the owner of the asymmetric key.

Scripting name: Authorization

Source type

[v2008 and higher] Specifies the type of source (File, Executable file, Assembly or Provider)

Scripting name: Source

Assembly

Specifies the name of an assembly from which to load the public key.

Scripting name: Assembly

Assembly file

Specifies the path of a file from which to load the key.

Scripting name: AssemblyFile

Provider

[v2008 and higher] Specifies the name of the EKM (Extensible Key Management) provider.

Scripting name: Provider

Executable

[v2005] If the EXECUTABLE option is used, the file attribute specifies an assembly file from which to load the public key, otherwise the file attribute specifies the path of a strong name file from which to load the key pair.

Scripting name: Executable

Algorithm

Specifies the algorithm used to encrypt the key.

Scripting name: Algorithm

Create disposition

[v2008 and higher] Creates a new key or use an existing one.

Scripting name: CreateDisposition

Provider key name

[v2008 and higher] Specifies the key name from the external provider.

Scripting name: ProviderKeyName

Encryption password

Specifies the password with which to encrypt the private key. If this clause is not present, the private key will be encrypted with the database master key.

Scripting name: EncryptionPassword