||SQL Server Tips by Gama and Naughter
MS CryptoAPI based Public Key Implementations
Unlike the symmetric encryption methods, which work on a secret key,
a public key must first exist to perform encryption. In addition the
public key pair we use should not interfere with any other programs
use of public keys. This is achieved by using a so-called
“Container” when we initially call the MS CryptoAPI function “CryptAcquireContext”.
The XP_CRYPTOAPI DLL uses the name “XP_CRYPTOAPI” for the container.
This logic is shared between the asymmetric encryption and signing
routines and is contained in the function “CCryptoAPISignExtendedStoredProcedure::CryptAcquireContext”
in the module “XPSignatures.cpp”. This function is called instead of
the standard “CryptAcquireContext” function throughout the
asymmetric encryption and signing routines. Next the code acquires
the public key to perform the encryption using “CryptGetUserKey”.
Then the encryption is performed using the standard “CryptEncrypt”
function. The resulting encrypted data is then returned as an output
parameter in the XP.
For decryption, the public key is first imported into the CSP via a
parameter to the XP. This is achieved using the function “CryptImportKey”.
Once the key is imported we perform the decryption using the
function “CryptDecrypt”. The decrypted data is then returned in the
output parameter for the XP.
The above book excerpt is from:
Turbocharge Database Performance with C++ External Procedures
Joseph Gama, P. J. Naughter