ENCRYPTBYCERT (Transact-SQL)
Applies to: 
SQL Server
Azure SQL Database
Azure SQL Managed Instance
Encrypts data with the public key of a certificate.
Transact-SQL syntax conventions
Syntax
EncryptByCert ( certificate_ID , { 'cleartext' | @cleartext } )
Note
To view Transact-SQL syntax for SQL Server 2014 (12.x) and earlier versions, see Previous versions documentation.
Arguments
certificate_ID
The ID of a certificate in the database. int.
cleartext
A string of data that will be encrypted with the certificate.
@cleartext
A variable of one of the following types that contains data that will be encrypted with the public key of the certificate:
- nvarchar
- char
- varchar
- binary
- varbinary
- nchar
Return Types
varbinary with a maximum size of 8,000 bytes.
Remarks
This function encrypts data with the certificate's public key. The ciphertext can only be decrypted with the corresponding private key. These asymmetric transformations are costly when compared to encryption and decryption using a symmetric key. As such, asymmetric encryption isn't recommended when working with large datasets.
Examples
This example encrypts the plaintext stored in @cleartext with the certificate called JanainaCert02. The encrypted data is inserted into table ProtectedData04.
INSERT INTO [AdventureWorks2022].[ProtectedData04]
VALUES ( N'Data encrypted by certificate ''Shipping04''',
EncryptByCert(Cert_ID('JanainaCert02'), @cleartext) );
GO
See Also
DECRYPTBYCERT (Transact-SQL)
CREATE CERTIFICATE (Transact-SQL)
ALTER CERTIFICATE (Transact-SQL)
DROP CERTIFICATE (Transact-SQL)
BACKUP CERTIFICATE (Transact-SQL)
Encryption Hierarchy
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for