Creating Asymmetric Key with Key Version Enabled
To create an Asymmetric Key with Key Version enabled, you need to run the following command:
CREATE ASYMMETRIC KEY <sql_asym_key_name#>
FROM PROVIDER <crypto_provider_name>
WITH ALGORITHM = <algorithm_name>,
PROVIDER_KEY_NAME = <key_name_in_ks#>,
CREATION_DISPOSITION=CREATE_NEW;
For example:
CREATE ASYMMETRIC KEY cakm_key_thales#
FROM PROVIDER cakm_provider
WITH ALGORITHM = RSA_2048,
PROVIDER_KEY_NAME = 'cakm_key_thales#',
CREATION_DISPOSITION=CREATE_NEW;
To enable the key versioning while creating an asymetric key, you need to add a suffix '#' to the key name as shown in the above example.
To fetch a specific version of the Key from CipherTrust Manager, you need to run the following command:
CREATE ASYMMETRIC KEY <sql_asym_key_name#>
FROM PROVIDER <crypto_provider_name>
WITH PROVIDER_KEY_NAME = <key_name_in_ks#version>,
CREATION_DISPOSITION=OPEN_EXISTING;
Here, version
is the specific version no. of a Key to be fetched from the CipherTrust Manager.
For example:
CREATE ASYMMETRIC KEY cakm_key_thales#
FROM PROVIDER thales_provider
WITH PROVIDER_KEY_NAME = 'cakm_key_thales#5',
CREATION_DISPOSITION=OPEN_EXISTING;
If you increase the version of a versioned key on CipherTrust Manager, you must rotate the master key. To perform the steps to rotate the master key, click here.